./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1442888582 <...> Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts. execve("./syz-executor1442888582", ["./syz-executor1442888582"], 0x7ffd00c2d670 /* 10 vars */) = 0 brk(NULL) = 0x5555573f6000 brk(0x5555573f6d00) = 0x5555573f6d00 arch_prctl(ARCH_SET_FS, 0x5555573f6380) = 0 set_tid_address(0x5555573f6650) = 5019 set_robust_list(0x5555573f6660, 24) = 0 rseq(0x5555573f6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1442888582", 4096) = 28 getrandom("\x63\x43\xaa\xb7\x84\x9d\x79\x36", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555573f6d00 brk(0x555557417d00) = 0x555557417d00 brk(0x555557418000) = 0x555557418000 mprotect(0x7fbbf6f9a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.YrRx8R", 0700) = 0 chmod("./syzkaller.YrRx8R", 0777) = 0 chdir("./syzkaller.YrRx8R") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5020 ./strace-static-x86_64: Process 5020 attached [pid 5020] set_robust_list(0x5555573f6660, 24) = 0 [pid 5020] chdir("./0") = 0 [pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5020] setpgid(0, 0) = 0 [pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5020] write(3, "1000", 4) = 4 [pid 5020] close(3) = 0 [pid 5020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5020] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5020] memfd_create("syzkaller", 0) = 3 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [ 45.641041][ T5020] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5020 'syz-executor144' [pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5020] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5020] close(3) = 0 [pid 5020] mkdir("./file0", 0777) = 0 [ 45.771974][ T5020] loop0: detected capacity change from 0 to 32768 [ 45.783491][ T5020] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5020) [ 45.801171][ T5020] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.810007][ T5020] BTRFS info (device loop0): setting nodatacow, compression disabled [ 45.818242][ T5020] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 45.828864][ T5020] BTRFS info (device loop0): trying to use backup root at mount time [ 45.836968][ T5020] BTRFS info (device loop0): disabling tree log [ 45.843227][ T5020] BTRFS info (device loop0): enabling auto defrag [ 45.849764][ T5020] BTRFS info (device loop0): using free space tree [pid 5020] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5020] chdir("./file0") = 0 [pid 5020] ioctl(4, LOOP_CLR_FD) = 0 [pid 5020] close(4) = 0 [pid 5020] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5020] getpid() = 5020 [pid 5020] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5020] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [ 45.869471][ T5020] BTRFS info (device loop0): enabling ssd optimizations [ 45.876516][ T5020] BTRFS info (device loop0): auto enabling async discard [pid 5020] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5020] exit_group(0) = ? [pid 5020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5046 ./strace-static-x86_64: Process 5046 attached [pid 5046] set_robust_list(0x5555573f6660, 24) = 0 [pid 5046] chdir("./1") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5046] memfd_create("syzkaller", 0) = 3 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5046] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5046] close(3) = 0 [pid 5046] mkdir("./file0", 0777) = 0 [ 46.205060][ T5046] loop0: detected capacity change from 0 to 32768 [ 46.215406][ T5046] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5046) [ 46.231195][ T5046] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 46.239977][ T5046] BTRFS info (device loop0): setting nodatacow, compression disabled [ 46.248168][ T5046] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 46.258861][ T5046] BTRFS info (device loop0): trying to use backup root at mount time [ 46.267004][ T5046] BTRFS info (device loop0): disabling tree log [ 46.273264][ T5046] BTRFS info (device loop0): enabling auto defrag [ 46.279724][ T5046] BTRFS info (device loop0): using free space tree [ 46.295925][ T5046] BTRFS info (device loop0): enabling ssd optimizations [pid 5046] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5046] chdir("./file0") = 0 [pid 5046] ioctl(4, LOOP_CLR_FD) = 0 [pid 5046] close(4) = 0 [pid 5046] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5046] getpid() = 5046 [pid 5046] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5046] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5046] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5046] exit_group(0) = ? [ 46.303190][ T5046] BTRFS info (device loop0): auto enabling async discard [pid 5046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5046, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x5555573f6660, 24) = 0 [pid 5064] chdir("./2") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5064] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file0", 0777) = 0 [ 46.591869][ T5064] loop0: detected capacity change from 0 to 32768 [ 46.601652][ T5064] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5064) [ 46.618445][ T5064] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 46.627292][ T5064] BTRFS info (device loop0): setting nodatacow, compression disabled [ 46.635430][ T5064] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 46.646288][ T5064] BTRFS info (device loop0): trying to use backup root at mount time [ 46.654423][ T5064] BTRFS info (device loop0): disabling tree log [ 46.660740][ T5064] BTRFS info (device loop0): enabling auto defrag [ 46.667233][ T5064] BTRFS info (device loop0): using free space tree [ 46.683096][ T5064] BTRFS info (device loop0): enabling ssd optimizations [pid 5064] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file0") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [pid 5064] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5064] getpid() = 5064 [pid 5064] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5064] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [ 46.690144][ T5064] BTRFS info (device loop0): auto enabling async discard [pid 5064] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5064] exit_group(0) = ? [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x5555573f6660, 24) = 0 [pid 5081] chdir("./3") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5081] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [ 46.966711][ T5081] loop0: detected capacity change from 0 to 32768 [ 46.977292][ T5081] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5081) [ 46.993866][ T5081] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 47.002761][ T5081] BTRFS info (device loop0): setting nodatacow, compression disabled [ 47.010938][ T5081] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 47.021608][ T5081] BTRFS info (device loop0): trying to use backup root at mount time [ 47.029754][ T5081] BTRFS info (device loop0): disabling tree log [ 47.036008][ T5081] BTRFS info (device loop0): enabling auto defrag [ 47.042458][ T5081] BTRFS info (device loop0): using free space tree [ 47.058144][ T5081] BTRFS info (device loop0): enabling ssd optimizations [pid 5081] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5081] getpid() = 5081 [pid 5081] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5081] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5081] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 47.065172][ T5081] BTRFS info (device loop0): auto enabling async discard umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x5555573f6660, 24) = 0 [pid 5098] chdir("./4") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5098] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] mkdir("./file0", 0777) = 0 [ 47.341664][ T5098] loop0: detected capacity change from 0 to 32768 [ 47.351959][ T5098] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5098) [ 47.368016][ T5098] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 47.376823][ T5098] BTRFS info (device loop0): setting nodatacow, compression disabled [ 47.384919][ T5098] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 47.395585][ T5098] BTRFS info (device loop0): trying to use backup root at mount time [ 47.403694][ T5098] BTRFS info (device loop0): disabling tree log [ 47.410000][ T5098] BTRFS info (device loop0): enabling auto defrag [ 47.416464][ T5098] BTRFS info (device loop0): using free space tree [ 47.431955][ T5098] BTRFS info (device loop0): enabling ssd optimizations [pid 5098] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./file0") = 0 [pid 5098] ioctl(4, LOOP_CLR_FD) = 0 [pid 5098] close(4) = 0 [pid 5098] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5098] getpid() = 5098 [pid 5098] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5098] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5098] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 47.438994][ T5098] BTRFS info (device loop0): auto enabling async discard umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5115 ./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x5555573f6660, 24) = 0 [pid 5115] chdir("./5") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5115] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./file0", 0777) = 0 [ 47.708801][ T5115] loop0: detected capacity change from 0 to 32768 [ 47.719013][ T5115] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5115) [ 47.734396][ T5115] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 47.743192][ T5115] BTRFS info (device loop0): setting nodatacow, compression disabled [ 47.751351][ T5115] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 47.761970][ T5115] BTRFS info (device loop0): trying to use backup root at mount time [ 47.770079][ T5115] BTRFS info (device loop0): disabling tree log [ 47.776323][ T5115] BTRFS info (device loop0): enabling auto defrag [ 47.782839][ T5115] BTRFS info (device loop0): using free space tree [ 47.799005][ T5115] BTRFS info (device loop0): enabling ssd optimizations [pid 5115] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file0") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5115] getpid() = 5115 [pid 5115] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5115] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5115] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5115] exit_group(0) = ? [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 47.806006][ T5115] BTRFS info (device loop0): auto enabling async discard umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x5555573f6660, 24) = 0 [pid 5134] chdir("./6") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5134] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] mkdir("./file0", 0777) = 0 [ 48.090061][ T5134] loop0: detected capacity change from 0 to 32768 [ 48.100047][ T5134] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5134) [ 48.115788][ T5134] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 48.124603][ T5134] BTRFS info (device loop0): setting nodatacow, compression disabled [ 48.132747][ T5134] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 48.143429][ T5134] BTRFS info (device loop0): trying to use backup root at mount time [ 48.151579][ T5134] BTRFS info (device loop0): disabling tree log [ 48.157867][ T5134] BTRFS info (device loop0): enabling auto defrag [ 48.164309][ T5134] BTRFS info (device loop0): using free space tree [ 48.180735][ T5134] BTRFS info (device loop0): enabling ssd optimizations [pid 5134] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./file0") = 0 [pid 5134] ioctl(4, LOOP_CLR_FD) = 0 [pid 5134] close(4) = 0 [pid 5134] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5134] getpid() = 5134 [pid 5134] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5134] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5134] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5134] exit_group(0) = ? [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 48.187780][ T5134] BTRFS info (device loop0): auto enabling async discard umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5155 ./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x5555573f6660, 24) = 0 [pid 5155] chdir("./7") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5155] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./file0", 0777) = 0 [ 48.456409][ T5155] loop0: detected capacity change from 0 to 32768 [ 48.465194][ T5155] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5155) [ 48.481941][ T5155] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 48.490697][ T5155] BTRFS info (device loop0): setting nodatacow, compression disabled [ 48.498841][ T5155] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 48.509505][ T5155] BTRFS info (device loop0): trying to use backup root at mount time [ 48.517625][ T5155] BTRFS info (device loop0): disabling tree log [ 48.523889][ T5155] BTRFS info (device loop0): enabling auto defrag [ 48.530553][ T5155] BTRFS info (device loop0): using free space tree [ 48.546603][ T5155] BTRFS info (device loop0): enabling ssd optimizations [pid 5155] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file0") = 0 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5155] getpid() = 5155 [pid 5155] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5155] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5155] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5155] exit_group(0) = ? [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 48.553563][ T5155] BTRFS info (device loop0): auto enabling async discard umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5172 ./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x5555573f6660, 24) = 0 [pid 5172] chdir("./8") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5172] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./file0", 0777) = 0 [ 48.830784][ T5172] loop0: detected capacity change from 0 to 32768 [ 48.840599][ T5172] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5172) [ 48.856231][ T5172] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 48.865004][ T5172] BTRFS info (device loop0): setting nodatacow, compression disabled [ 48.873113][ T5172] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 48.883759][ T5172] BTRFS info (device loop0): trying to use backup root at mount time [ 48.892056][ T5172] BTRFS info (device loop0): disabling tree log [ 48.898373][ T5172] BTRFS info (device loop0): enabling auto defrag [ 48.904829][ T5172] BTRFS info (device loop0): using free space tree [ 48.921043][ T5172] BTRFS info (device loop0): enabling ssd optimizations [pid 5172] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file0") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5172] getpid() = 5172 [pid 5172] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5172] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5172] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5172] exit_group(0) = ? [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 48.928125][ T5172] BTRFS info (device loop0): auto enabling async discard umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5189 ./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x5555573f6660, 24) = 0 [pid 5189] chdir("./9") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5189] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file0", 0777) = 0 [ 49.212011][ T5189] loop0: detected capacity change from 0 to 32768 [ 49.221967][ T5189] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5189) [ 49.237909][ T5189] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 49.246738][ T5189] BTRFS info (device loop0): setting nodatacow, compression disabled [ 49.254815][ T5189] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 49.265500][ T5189] BTRFS info (device loop0): trying to use backup root at mount time [ 49.273609][ T5189] BTRFS info (device loop0): disabling tree log [ 49.279927][ T5189] BTRFS info (device loop0): enabling auto defrag [ 49.286350][ T5189] BTRFS info (device loop0): using free space tree [ 49.303058][ T5189] BTRFS info (device loop0): enabling ssd optimizations [pid 5189] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file0") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5189] getpid() = 5189 [pid 5189] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5189] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5189] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5189] exit_group(0) = ? [pid 5189] +++ exited with 0 +++ [ 49.310184][ T5189] BTRFS info (device loop0): auto enabling async discard --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5207 ./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x5555573f6660, 24) = 0 [pid 5207] chdir("./10") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5207] memfd_create("syzkaller", 0) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5207] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] mkdir("./file0", 0777) = 0 [ 49.603650][ T5207] loop0: detected capacity change from 0 to 32768 [ 49.612460][ T5207] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5207) [ 49.628118][ T5207] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 49.636910][ T5207] BTRFS info (device loop0): setting nodatacow, compression disabled [ 49.645014][ T5207] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 49.656425][ T5207] BTRFS info (device loop0): trying to use backup root at mount time [ 49.664501][ T5207] BTRFS info (device loop0): disabling tree log [ 49.670803][ T5207] BTRFS info (device loop0): enabling auto defrag [ 49.677278][ T5207] BTRFS info (device loop0): using free space tree [ 49.693945][ T5207] BTRFS info (device loop0): enabling ssd optimizations [pid 5207] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file0") = 0 [pid 5207] ioctl(4, LOOP_CLR_FD) = 0 [pid 5207] close(4) = 0 [pid 5207] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5207] getpid() = 5207 [pid 5207] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5207] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5207] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5207] exit_group(0) = ? [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 49.701102][ T5207] BTRFS info (device loop0): auto enabling async discard unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x5555573f6660, 24) = 0 [pid 5224] chdir("./11") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5224] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file0", 0777) = 0 [ 49.982576][ T5224] loop0: detected capacity change from 0 to 32768 [ 49.992403][ T5224] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5224) [ 50.007724][ T5224] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 50.016494][ T5224] BTRFS info (device loop0): setting nodatacow, compression disabled [ 50.024566][ T5224] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 50.035171][ T5224] BTRFS info (device loop0): trying to use backup root at mount time [ 50.043271][ T5224] BTRFS info (device loop0): disabling tree log [ 50.049535][ T5224] BTRFS info (device loop0): enabling auto defrag [ 50.055952][ T5224] BTRFS info (device loop0): using free space tree [ 50.071912][ T5224] BTRFS info (device loop0): enabling ssd optimizations [pid 5224] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file0") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5224] getpid() = 5224 [pid 5224] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5224] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5224] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [ 50.078980][ T5224] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x5555573f6660, 24) = 0 [pid 5241] chdir("./12") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5241] memfd_create("syzkaller", 0) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5241] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] mkdir("./file0", 0777) = 0 [ 50.354396][ T5241] loop0: detected capacity change from 0 to 32768 [ 50.364599][ T5241] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5241) [ 50.379568][ T5241] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 50.388633][ T5241] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 5241] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] chdir("./file0") = 0 [pid 5241] ioctl(4, LOOP_CLR_FD) = 0 [pid 5241] close(4) = 0 [pid 5241] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5241] getpid() = 5241 [pid 5241] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5241] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5241] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5241] exit_group(0) = ? [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 50.396814][ T5241] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 50.407557][ T5241] BTRFS info (device loop0): trying to use backup root at mount time [ 50.415624][ T5241] BTRFS info (device loop0): disabling tree log umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5258 ./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x5555573f6660, 24) = 0 [pid 5258] chdir("./13") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5258] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] mkdir("./file0", 0777) = 0 [pid 5258] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./file0") = 0 [pid 5258] ioctl(4, LOOP_CLR_FD) = 0 [pid 5258] close(4) = 0 [pid 5258] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5258] getpid() = 5258 [pid 5258] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5258] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5258] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5258] exit_group(0) = ? [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 50.696175][ T5258] loop0: detected capacity change from 0 to 32768 [ 50.707630][ T5258] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5258) [ 50.723650][ T5258] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x5555573f6660, 24) = 0 [pid 5275] chdir("./14") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5275] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./file0", 0777) = 0 [ 51.018128][ T5275] loop0: detected capacity change from 0 to 32768 [ 51.028877][ T5275] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5275) [ 51.044469][ T5275] _btrfs_printk: 12 callbacks suppressed [ 51.044482][ T5275] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 51.059152][ T5275] BTRFS info (device loop0): setting nodatacow, compression disabled [ 51.067307][ T5275] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 51.077956][ T5275] BTRFS info (device loop0): trying to use backup root at mount time [ 51.086029][ T5275] BTRFS info (device loop0): disabling tree log [ 51.092347][ T5275] BTRFS info (device loop0): enabling auto defrag [ 51.098931][ T5275] BTRFS info (device loop0): using free space tree [pid 5275] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file0") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5275] getpid() = 5275 [pid 5275] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5275] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5275] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5275] exit_group(0) = ? [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 51.114519][ T5275] BTRFS info (device loop0): enabling ssd optimizations [ 51.121594][ T5275] BTRFS info (device loop0): auto enabling async discard umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5292 ./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x5555573f6660, 24) = 0 [pid 5292] chdir("./15") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5292] memfd_create("syzkaller", 0) = 3 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5292] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5292] close(3) = 0 [pid 5292] mkdir("./file0", 0777) = 0 [ 51.406009][ T5292] loop0: detected capacity change from 0 to 32768 [ 51.416216][ T5292] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5292) [ 51.432130][ T5292] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 51.440936][ T5292] BTRFS info (device loop0): setting nodatacow, compression disabled [ 51.449228][ T5292] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 51.460039][ T5292] BTRFS info (device loop0): trying to use backup root at mount time [ 51.468297][ T5292] BTRFS info (device loop0): disabling tree log [ 51.474586][ T5292] BTRFS info (device loop0): enabling auto defrag [ 51.481067][ T5292] BTRFS info (device loop0): using free space tree [ 51.497471][ T5292] BTRFS info (device loop0): enabling ssd optimizations [pid 5292] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5292] chdir("./file0") = 0 [pid 5292] ioctl(4, LOOP_CLR_FD) = 0 [pid 5292] close(4) = 0 [pid 5292] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5292] getpid() = 5292 [pid 5292] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5292] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5292] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5292] exit_group(0) = ? [pid 5292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [ 51.504546][ T5292] BTRFS info (device loop0): auto enabling async discard umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5309 ./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x5555573f6660, 24) = 0 [pid 5309] chdir("./16") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5309] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] mkdir("./file0", 0777) = 0 [ 51.786368][ T5309] loop0: detected capacity change from 0 to 32768 [ 51.796740][ T5309] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5309) [ 51.812053][ T5309] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 51.820897][ T5309] BTRFS info (device loop0): setting nodatacow, compression disabled [ 51.829033][ T5309] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 51.839715][ T5309] BTRFS info (device loop0): trying to use backup root at mount time [ 51.847868][ T5309] BTRFS info (device loop0): disabling tree log [ 51.854151][ T5309] BTRFS info (device loop0): enabling auto defrag [ 51.860652][ T5309] BTRFS info (device loop0): using free space tree [ 51.876566][ T5309] BTRFS info (device loop0): enabling ssd optimizations [pid 5309] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file0") = 0 [pid 5309] ioctl(4, LOOP_CLR_FD) = 0 [pid 5309] close(4) = 0 [pid 5309] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5309] getpid() = 5309 [pid 5309] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5309] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5309] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5309] exit_group(0) = ? [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 51.883584][ T5309] BTRFS info (device loop0): auto enabling async discard unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5326 ./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x5555573f6660, 24) = 0 [pid 5326] chdir("./17") = 0 [pid 5326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5326] setpgid(0, 0) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5326] write(3, "1000", 4) = 4 [pid 5326] close(3) = 0 [pid 5326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5326] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5326] memfd_create("syzkaller", 0) = 3 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5326] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5326] close(3) = 0 [pid 5326] mkdir("./file0", 0777) = 0 [ 52.169118][ T5326] loop0: detected capacity change from 0 to 32768 [ 52.179204][ T5326] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5326) [ 52.194363][ T5326] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.203146][ T5326] BTRFS info (device loop0): setting nodatacow, compression disabled [ 52.211547][ T5326] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 52.222202][ T5326] BTRFS info (device loop0): trying to use backup root at mount time [ 52.230408][ T5326] BTRFS info (device loop0): disabling tree log [ 52.236707][ T5326] BTRFS info (device loop0): enabling auto defrag [ 52.243143][ T5326] BTRFS info (device loop0): using free space tree [ 52.259633][ T5326] BTRFS info (device loop0): enabling ssd optimizations [pid 5326] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5326] chdir("./file0") = 0 [pid 5326] ioctl(4, LOOP_CLR_FD) = 0 [pid 5326] close(4) = 0 [pid 5326] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5326] getpid() = 5326 [pid 5326] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5326] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5326] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5326] exit_group(0) = ? [pid 5326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5326, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 52.266684][ T5326] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5343 ./strace-static-x86_64: Process 5343 attached [pid 5343] set_robust_list(0x5555573f6660, 24) = 0 [pid 5343] chdir("./18") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5343] memfd_create("syzkaller", 0) = 3 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5343] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5343] close(3) = 0 [pid 5343] mkdir("./file0", 0777) = 0 [ 52.551197][ T5343] loop0: detected capacity change from 0 to 32768 [ 52.561715][ T5343] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5343) [ 52.576272][ T5343] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.585089][ T5343] BTRFS info (device loop0): setting nodatacow, compression disabled [ 52.593259][ T5343] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 52.603923][ T5343] BTRFS info (device loop0): trying to use backup root at mount time [ 52.612044][ T5343] BTRFS info (device loop0): disabling tree log [ 52.618357][ T5343] BTRFS info (device loop0): enabling auto defrag [ 52.624783][ T5343] BTRFS info (device loop0): using free space tree [ 52.641804][ T5343] BTRFS info (device loop0): enabling ssd optimizations [pid 5343] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5343] chdir("./file0") = 0 [pid 5343] ioctl(4, LOOP_CLR_FD) = 0 [pid 5343] close(4) = 0 [pid 5343] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5343] getpid() = 5343 [pid 5343] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5343] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5343] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5343] exit_group(0) = ? [ 52.648870][ T5343] BTRFS info (device loop0): auto enabling async discard [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5360 ./strace-static-x86_64: Process 5360 attached [pid 5360] set_robust_list(0x5555573f6660, 24) = 0 [pid 5360] chdir("./19") = 0 [pid 5360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5360] setpgid(0, 0) = 0 [pid 5360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5360] write(3, "1000", 4) = 4 [pid 5360] close(3) = 0 [pid 5360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5360] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5360] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file0", 0777) = 0 [ 52.933123][ T5360] loop0: detected capacity change from 0 to 32768 [ 52.942999][ T5360] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5360) [ 52.958953][ T5360] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.967733][ T5360] BTRFS info (device loop0): setting nodatacow, compression disabled [ 52.975824][ T5360] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 52.986523][ T5360] BTRFS info (device loop0): trying to use backup root at mount time [ 52.994592][ T5360] BTRFS info (device loop0): disabling tree log [ 53.000885][ T5360] BTRFS info (device loop0): enabling auto defrag [ 53.007404][ T5360] BTRFS info (device loop0): using free space tree [ 53.023114][ T5360] BTRFS info (device loop0): enabling ssd optimizations [pid 5360] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file0") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5360] getpid() = 5360 [pid 5360] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5360] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5360] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5360] exit_group(0) = ? [pid 5360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5360, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 53.030193][ T5360] BTRFS info (device loop0): auto enabling async discard umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5377 ./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x5555573f6660, 24) = 0 [pid 5377] chdir("./20") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5377] memfd_create("syzkaller", 0) = 3 [pid 5377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5377] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5377] close(3) = 0 [pid 5377] mkdir("./file0", 0777) = 0 [ 53.304065][ T5377] loop0: detected capacity change from 0 to 32768 [ 53.312881][ T5377] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5377) [ 53.328414][ T5377] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.337146][ T5377] BTRFS info (device loop0): setting nodatacow, compression disabled [ 53.345213][ T5377] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.355873][ T5377] BTRFS info (device loop0): trying to use backup root at mount time [ 53.363987][ T5377] BTRFS info (device loop0): disabling tree log [ 53.370526][ T5377] BTRFS info (device loop0): enabling auto defrag [ 53.377043][ T5377] BTRFS info (device loop0): using free space tree [ 53.392987][ T5377] BTRFS info (device loop0): enabling ssd optimizations [pid 5377] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5377] chdir("./file0") = 0 [pid 5377] ioctl(4, LOOP_CLR_FD) = 0 [pid 5377] close(4) = 0 [pid 5377] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5377] getpid() = 5377 [pid 5377] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5377] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5377] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5377] exit_group(0) = ? [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 53.399982][ T5377] BTRFS info (device loop0): auto enabling async discard umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5394 ./strace-static-x86_64: Process 5394 attached [pid 5394] set_robust_list(0x5555573f6660, 24) = 0 [pid 5394] chdir("./21") = 0 [pid 5394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5394] setpgid(0, 0) = 0 [pid 5394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5394] write(3, "1000", 4) = 4 [pid 5394] close(3) = 0 [pid 5394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5394] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5394] memfd_create("syzkaller", 0) = 3 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5394] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5394] close(3) = 0 [pid 5394] mkdir("./file0", 0777) = 0 [ 53.668349][ T5394] loop0: detected capacity change from 0 to 32768 [ 53.689603][ T5394] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5394) [ 53.705696][ T5394] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.714526][ T5394] BTRFS info (device loop0): setting nodatacow, compression disabled [ 53.722635][ T5394] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.733405][ T5394] BTRFS info (device loop0): trying to use backup root at mount time [ 53.741566][ T5394] BTRFS info (device loop0): disabling tree log [ 53.747900][ T5394] BTRFS info (device loop0): enabling auto defrag [ 53.754337][ T5394] BTRFS info (device loop0): using free space tree [pid 5394] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5394] chdir("./file0") = 0 [pid 5394] ioctl(4, LOOP_CLR_FD) = 0 [pid 5394] close(4) = 0 [pid 5394] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5394] getpid() = 5394 [pid 5394] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5394] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5394] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5394] exit_group(0) = ? [pid 5394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5394, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 53.770259][ T5394] BTRFS info (device loop0): enabling ssd optimizations [ 53.777414][ T5394] BTRFS info (device loop0): auto enabling async discard umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5411 ./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x5555573f6660, 24) = 0 [pid 5411] chdir("./22") = 0 [pid 5411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5411] setpgid(0, 0) = 0 [pid 5411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5411] write(3, "1000", 4) = 4 [pid 5411] close(3) = 0 [pid 5411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5411] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5411] memfd_create("syzkaller", 0) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5411] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [ 54.041611][ T5411] loop0: detected capacity change from 0 to 32768 [ 54.051869][ T5411] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5411) [ 54.066918][ T5411] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.075713][ T5411] BTRFS info (device loop0): setting nodatacow, compression disabled [ 54.083927][ T5411] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 54.094591][ T5411] BTRFS info (device loop0): trying to use backup root at mount time [ 54.102757][ T5411] BTRFS info (device loop0): disabling tree log [ 54.109180][ T5411] BTRFS info (device loop0): enabling auto defrag [ 54.115627][ T5411] BTRFS info (device loop0): using free space tree [ 54.131300][ T5411] BTRFS info (device loop0): enabling ssd optimizations [pid 5411] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./file0") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5411] getpid() = 5411 [pid 5411] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5411] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5411] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5411] exit_group(0) = ? [pid 5411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5411, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 54.138402][ T5411] BTRFS info (device loop0): auto enabling async discard umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5428 ./strace-static-x86_64: Process 5428 attached [pid 5428] set_robust_list(0x5555573f6660, 24) = 0 [pid 5428] chdir("./23") = 0 [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5428] setpgid(0, 0) = 0 [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5428] write(3, "1000", 4) = 4 [pid 5428] close(3) = 0 [pid 5428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5428] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5428] memfd_create("syzkaller", 0) = 3 [pid 5428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5428] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5428] close(3) = 0 [pid 5428] mkdir("./file0", 0777) = 0 [ 54.413253][ T5428] loop0: detected capacity change from 0 to 32768 [ 54.423175][ T5428] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5428) [ 54.437710][ T5428] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.446537][ T5428] BTRFS info (device loop0): setting nodatacow, compression disabled [ 54.454621][ T5428] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 54.465304][ T5428] BTRFS info (device loop0): trying to use backup root at mount time [ 54.473445][ T5428] BTRFS info (device loop0): disabling tree log [ 54.479748][ T5428] BTRFS info (device loop0): enabling auto defrag [ 54.486169][ T5428] BTRFS info (device loop0): using free space tree [ 54.501896][ T5428] BTRFS info (device loop0): enabling ssd optimizations [pid 5428] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5428] chdir("./file0") = 0 [pid 5428] ioctl(4, LOOP_CLR_FD) = 0 [pid 5428] close(4) = 0 [pid 5428] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5428] getpid() = 5428 [pid 5428] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5428] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5428] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5428] exit_group(0) = ? [pid 5428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5428, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 54.508979][ T5428] BTRFS info (device loop0): auto enabling async discard umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5445 ./strace-static-x86_64: Process 5445 attached [pid 5445] set_robust_list(0x5555573f6660, 24) = 0 [pid 5445] chdir("./24") = 0 [pid 5445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5445] setpgid(0, 0) = 0 [pid 5445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5445] write(3, "1000", 4) = 4 [pid 5445] close(3) = 0 [pid 5445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5445] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5445] memfd_create("syzkaller", 0) = 3 [pid 5445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5445] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5445] close(3) = 0 [pid 5445] mkdir("./file0", 0777) = 0 [ 54.777901][ T5445] loop0: detected capacity change from 0 to 32768 [ 54.786973][ T5445] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5445) [ 54.801839][ T5445] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.810661][ T5445] BTRFS info (device loop0): setting nodatacow, compression disabled [ 54.818801][ T5445] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 54.829468][ T5445] BTRFS info (device loop0): trying to use backup root at mount time [ 54.837584][ T5445] BTRFS info (device loop0): disabling tree log [ 54.843866][ T5445] BTRFS info (device loop0): enabling auto defrag [ 54.850394][ T5445] BTRFS info (device loop0): using free space tree [ 54.865891][ T5445] BTRFS info (device loop0): enabling ssd optimizations [pid 5445] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5445] chdir("./file0") = 0 [pid 5445] ioctl(4, LOOP_CLR_FD) = 0 [pid 5445] close(4) = 0 [pid 5445] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5445] getpid() = 5445 [pid 5445] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5445] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5445] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5445] exit_group(0) = ? [pid 5445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5445, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 54.873121][ T5445] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5462 ./strace-static-x86_64: Process 5462 attached [pid 5462] set_robust_list(0x5555573f6660, 24) = 0 [pid 5462] chdir("./25") = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5462] setpgid(0, 0) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5462] write(3, "1000", 4) = 4 [pid 5462] close(3) = 0 [pid 5462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5462] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5462] memfd_create("syzkaller", 0) = 3 [pid 5462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5462] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5462] close(3) = 0 [pid 5462] mkdir("./file0", 0777) = 0 [ 55.140273][ T5462] loop0: detected capacity change from 0 to 32768 [ 55.149457][ T5462] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5462) [ 55.164675][ T5462] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.173488][ T5462] BTRFS info (device loop0): setting nodatacow, compression disabled [ 55.181657][ T5462] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.192327][ T5462] BTRFS info (device loop0): trying to use backup root at mount time [ 55.200454][ T5462] BTRFS info (device loop0): disabling tree log [ 55.206813][ T5462] BTRFS info (device loop0): enabling auto defrag [ 55.213259][ T5462] BTRFS info (device loop0): using free space tree [ 55.228717][ T5462] BTRFS info (device loop0): enabling ssd optimizations [pid 5462] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5462] chdir("./file0") = 0 [pid 5462] ioctl(4, LOOP_CLR_FD) = 0 [pid 5462] close(4) = 0 [pid 5462] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5462] getpid() = 5462 [pid 5462] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5462] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5462] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5462] exit_group(0) = ? [pid 5462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5462, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 55.235664][ T5462] BTRFS info (device loop0): auto enabling async discard umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5479 ./strace-static-x86_64: Process 5479 attached [pid 5479] set_robust_list(0x5555573f6660, 24) = 0 [pid 5479] chdir("./26") = 0 [pid 5479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5479] setpgid(0, 0) = 0 [pid 5479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5479] write(3, "1000", 4) = 4 [pid 5479] close(3) = 0 [pid 5479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5479] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5479] memfd_create("syzkaller", 0) = 3 [pid 5479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5479] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5479] close(3) = 0 [pid 5479] mkdir("./file0", 0777) = 0 [ 55.502596][ T5479] loop0: detected capacity change from 0 to 32768 [ 55.511728][ T5479] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5479) [ 55.527462][ T5479] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.536200][ T5479] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 5479] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5479] chdir("./file0") = 0 [pid 5479] ioctl(4, LOOP_CLR_FD) = 0 [pid 5479] close(4) = 0 [pid 5479] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5479] getpid() = 5479 [pid 5479] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5479] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5479] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5479] exit_group(0) = ? [pid 5479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5479, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 55.544357][ T5479] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.555030][ T5479] BTRFS info (device loop0): trying to use backup root at mount time [ 55.563204][ T5479] BTRFS info (device loop0): disabling tree log umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5496 ./strace-static-x86_64: Process 5496 attached [pid 5496] set_robust_list(0x5555573f6660, 24) = 0 [pid 5496] chdir("./27") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5496] memfd_create("syzkaller", 0) = 3 [pid 5496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5496] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5496] close(3) = 0 [pid 5496] mkdir("./file0", 0777) = 0 [pid 5496] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5496] chdir("./file0") = 0 [pid 5496] ioctl(4, LOOP_CLR_FD) = 0 [pid 5496] close(4) = 0 [pid 5496] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5496] getpid() = 5496 [pid 5496] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5496] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5496] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5496] exit_group(0) = ? [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 55.845629][ T5496] loop0: detected capacity change from 0 to 32768 [ 55.856683][ T5496] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5496) [ 55.872061][ T5496] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5513 ./strace-static-x86_64: Process 5513 attached [pid 5513] set_robust_list(0x5555573f6660, 24) = 0 [pid 5513] chdir("./28") = 0 [pid 5513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5513] setpgid(0, 0) = 0 [pid 5513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5513] write(3, "1000", 4) = 4 [pid 5513] close(3) = 0 [pid 5513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5513] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5513] memfd_create("syzkaller", 0) = 3 [pid 5513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5513] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5513] close(3) = 0 [pid 5513] mkdir("./file0", 0777) = 0 [ 56.153450][ T5513] loop0: detected capacity change from 0 to 32768 [ 56.162743][ T5513] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5513) [ 56.178189][ T5513] _btrfs_printk: 12 callbacks suppressed [ 56.178211][ T5513] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.192598][ T5513] BTRFS info (device loop0): setting nodatacow, compression disabled [ 56.200690][ T5513] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 56.211337][ T5513] BTRFS info (device loop0): trying to use backup root at mount time [ 56.219467][ T5513] BTRFS info (device loop0): disabling tree log [ 56.225733][ T5513] BTRFS info (device loop0): enabling auto defrag [ 56.232252][ T5513] BTRFS info (device loop0): using free space tree [pid 5513] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5513] chdir("./file0") = 0 [pid 5513] ioctl(4, LOOP_CLR_FD) = 0 [pid 5513] close(4) = 0 [pid 5513] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5513] getpid() = 5513 [pid 5513] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5513] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5513] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5513] exit_group(0) = ? [pid 5513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5513, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 56.247692][ T5513] BTRFS info (device loop0): enabling ssd optimizations [ 56.254653][ T5513] BTRFS info (device loop0): auto enabling async discard umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5530 ./strace-static-x86_64: Process 5530 attached [pid 5530] set_robust_list(0x5555573f6660, 24) = 0 [pid 5530] chdir("./29") = 0 [pid 5530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5530] setpgid(0, 0) = 0 [pid 5530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5530] write(3, "1000", 4) = 4 [pid 5530] close(3) = 0 [pid 5530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5530] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5530] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] mkdir("./file0", 0777) = 0 [ 56.524247][ T5530] loop0: detected capacity change from 0 to 32768 [ 56.534164][ T5530] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5530) [ 56.549377][ T5530] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.558129][ T5530] BTRFS info (device loop0): setting nodatacow, compression disabled [ 56.566206][ T5530] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 56.576919][ T5530] BTRFS info (device loop0): trying to use backup root at mount time [ 56.584997][ T5530] BTRFS info (device loop0): disabling tree log [ 56.591281][ T5530] BTRFS info (device loop0): enabling auto defrag [ 56.597809][ T5530] BTRFS info (device loop0): using free space tree [ 56.614091][ T5530] BTRFS info (device loop0): enabling ssd optimizations [pid 5530] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./file0") = 0 [pid 5530] ioctl(4, LOOP_CLR_FD) = 0 [pid 5530] close(4) = 0 [pid 5530] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5530] getpid() = 5530 [pid 5530] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5530] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5530] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5530] exit_group(0) = ? [pid 5530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5530, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 56.621202][ T5530] BTRFS info (device loop0): auto enabling async discard umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5547 ./strace-static-x86_64: Process 5547 attached [pid 5547] set_robust_list(0x5555573f6660, 24) = 0 [pid 5547] chdir("./30") = 0 [pid 5547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5547] setpgid(0, 0) = 0 [pid 5547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5547] write(3, "1000", 4) = 4 [pid 5547] close(3) = 0 [pid 5547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5547] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5547] memfd_create("syzkaller", 0) = 3 [pid 5547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5547] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5547] close(3) = 0 [pid 5547] mkdir("./file0", 0777) = 0 [ 56.899746][ T5547] loop0: detected capacity change from 0 to 32768 [ 56.909590][ T5547] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5547) [ 56.924884][ T5547] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.933680][ T5547] BTRFS info (device loop0): setting nodatacow, compression disabled [ 56.941844][ T5547] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 56.952523][ T5547] BTRFS info (device loop0): trying to use backup root at mount time [ 56.960676][ T5547] BTRFS info (device loop0): disabling tree log [ 56.966975][ T5547] BTRFS info (device loop0): enabling auto defrag [ 56.973397][ T5547] BTRFS info (device loop0): using free space tree [ 56.989066][ T5547] BTRFS info (device loop0): enabling ssd optimizations [pid 5547] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5547] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5547] chdir("./file0") = 0 [pid 5547] ioctl(4, LOOP_CLR_FD) = 0 [pid 5547] close(4) = 0 [pid 5547] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5547] getpid() = 5547 [pid 5547] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5547] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5547] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5547] exit_group(0) = ? [pid 5547] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5547, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 56.996076][ T5547] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5564 ./strace-static-x86_64: Process 5564 attached [pid 5564] set_robust_list(0x5555573f6660, 24) = 0 [pid 5564] chdir("./31") = 0 [pid 5564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5564] setpgid(0, 0) = 0 [pid 5564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5564] write(3, "1000", 4) = 4 [pid 5564] close(3) = 0 [pid 5564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5564] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5564] memfd_create("syzkaller", 0) = 3 [pid 5564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5564] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5564] close(3) = 0 [pid 5564] mkdir("./file0", 0777) = 0 [ 57.269977][ T5564] loop0: detected capacity change from 0 to 32768 [ 57.279637][ T5564] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5564) [ 57.295070][ T5564] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.303834][ T5564] BTRFS info (device loop0): setting nodatacow, compression disabled [ 57.311960][ T5564] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 57.323034][ T5564] BTRFS info (device loop0): trying to use backup root at mount time [ 57.331253][ T5564] BTRFS info (device loop0): disabling tree log [ 57.337591][ T5564] BTRFS info (device loop0): enabling auto defrag [ 57.344121][ T5564] BTRFS info (device loop0): using free space tree [ 57.359622][ T5564] BTRFS info (device loop0): enabling ssd optimizations [pid 5564] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5564] chdir("./file0") = 0 [pid 5564] ioctl(4, LOOP_CLR_FD) = 0 [pid 5564] close(4) = 0 [pid 5564] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5564] getpid() = 5564 [pid 5564] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5564] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5564] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5564] exit_group(0) = ? [pid 5564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5564, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 57.366649][ T5564] BTRFS info (device loop0): auto enabling async discard umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5581 attached , child_tidptr=0x5555573f6650) = 5581 [pid 5581] set_robust_list(0x5555573f6660, 24) = 0 [pid 5581] chdir("./32") = 0 [pid 5581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5581] setpgid(0, 0) = 0 [pid 5581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5581] write(3, "1000", 4) = 4 [pid 5581] close(3) = 0 [pid 5581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5581] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5581] memfd_create("syzkaller", 0) = 3 [pid 5581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5581] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5581] close(3) = 0 [pid 5581] mkdir("./file0", 0777) = 0 [ 57.641428][ T5581] loop0: detected capacity change from 0 to 32768 [ 57.651795][ T5581] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5581) [ 57.667053][ T5581] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.675759][ T5581] BTRFS info (device loop0): setting nodatacow, compression disabled [ 57.683929][ T5581] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 57.694631][ T5581] BTRFS info (device loop0): trying to use backup root at mount time [ 57.702846][ T5581] BTRFS info (device loop0): disabling tree log [ 57.709146][ T5581] BTRFS info (device loop0): enabling auto defrag [ 57.715609][ T5581] BTRFS info (device loop0): using free space tree [ 57.731410][ T5581] BTRFS info (device loop0): enabling ssd optimizations [pid 5581] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5581] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5581] chdir("./file0") = 0 [pid 5581] ioctl(4, LOOP_CLR_FD) = 0 [pid 5581] close(4) = 0 [pid 5581] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5581] getpid() = 5581 [pid 5581] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5581] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5581] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5581] exit_group(0) = ? [pid 5581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5581, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 57.738536][ T5581] BTRFS info (device loop0): auto enabling async discard umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5598 ./strace-static-x86_64: Process 5598 attached [pid 5598] set_robust_list(0x5555573f6660, 24) = 0 [pid 5598] chdir("./33") = 0 [pid 5598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] setpgid(0, 0) = 0 [pid 5598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5598] write(3, "1000", 4) = 4 [pid 5598] close(3) = 0 [pid 5598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5598] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5598] memfd_create("syzkaller", 0) = 3 [pid 5598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5598] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5598] close(3) = 0 [pid 5598] mkdir("./file0", 0777) = 0 [ 58.022362][ T5598] loop0: detected capacity change from 0 to 32768 [ 58.032554][ T5598] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5598) [ 58.047745][ T5598] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.056604][ T5598] BTRFS info (device loop0): setting nodatacow, compression disabled [ 58.064699][ T5598] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.075345][ T5598] BTRFS info (device loop0): trying to use backup root at mount time [ 58.083569][ T5598] BTRFS info (device loop0): disabling tree log [ 58.090049][ T5598] BTRFS info (device loop0): enabling auto defrag [ 58.096490][ T5598] BTRFS info (device loop0): using free space tree [ 58.112025][ T5598] BTRFS info (device loop0): enabling ssd optimizations [pid 5598] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5598] chdir("./file0") = 0 [pid 5598] ioctl(4, LOOP_CLR_FD) = 0 [pid 5598] close(4) = 0 [pid 5598] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5598] getpid() = 5598 [pid 5598] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5598] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5598] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5598] exit_group(0) = ? [pid 5598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5598, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 58.119086][ T5598] BTRFS info (device loop0): auto enabling async discard umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5615 ./strace-static-x86_64: Process 5615 attached [pid 5615] set_robust_list(0x5555573f6660, 24) = 0 [pid 5615] chdir("./34") = 0 [pid 5615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5615] setpgid(0, 0) = 0 [pid 5615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5615] write(3, "1000", 4) = 4 [pid 5615] close(3) = 0 [pid 5615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5615] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5615] memfd_create("syzkaller", 0) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5615] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5615] close(3) = 0 [pid 5615] mkdir("./file0", 0777) = 0 [ 58.383571][ T5615] loop0: detected capacity change from 0 to 32768 [ 58.395768][ T5615] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5615) [ 58.410729][ T5615] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.419554][ T5615] BTRFS info (device loop0): setting nodatacow, compression disabled [ 58.427779][ T5615] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.438510][ T5615] BTRFS info (device loop0): trying to use backup root at mount time [ 58.446844][ T5615] BTRFS info (device loop0): disabling tree log [ 58.453130][ T5615] BTRFS info (device loop0): enabling auto defrag [ 58.459609][ T5615] BTRFS info (device loop0): using free space tree [ 58.475282][ T5615] BTRFS info (device loop0): enabling ssd optimizations [pid 5615] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./file0") = 0 [pid 5615] ioctl(4, LOOP_CLR_FD) = 0 [pid 5615] close(4) = 0 [pid 5615] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5615] getpid() = 5615 [pid 5615] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5615] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5615] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5615] exit_group(0) = ? [pid 5615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5615, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 58.482336][ T5615] BTRFS info (device loop0): auto enabling async discard umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5632 ./strace-static-x86_64: Process 5632 attached [pid 5632] set_robust_list(0x5555573f6660, 24) = 0 [pid 5632] chdir("./35") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5632] memfd_create("syzkaller", 0) = 3 [pid 5632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5632] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5632] close(3) = 0 [pid 5632] mkdir("./file0", 0777) = 0 [ 58.757090][ T5632] loop0: detected capacity change from 0 to 32768 [ 58.767088][ T5632] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5632) [ 58.782240][ T5632] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.791034][ T5632] BTRFS info (device loop0): setting nodatacow, compression disabled [ 58.799170][ T5632] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.809843][ T5632] BTRFS info (device loop0): trying to use backup root at mount time [ 58.817974][ T5632] BTRFS info (device loop0): disabling tree log [ 58.824244][ T5632] BTRFS info (device loop0): enabling auto defrag [ 58.830750][ T5632] BTRFS info (device loop0): using free space tree [ 58.846778][ T5632] BTRFS info (device loop0): enabling ssd optimizations [pid 5632] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5632] chdir("./file0") = 0 [pid 5632] ioctl(4, LOOP_CLR_FD) = 0 [pid 5632] close(4) = 0 [pid 5632] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5632] getpid() = 5632 [pid 5632] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5632] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5632] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5632] exit_group(0) = ? [pid 5632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5632, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 58.853797][ T5632] BTRFS info (device loop0): auto enabling async discard umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5649 ./strace-static-x86_64: Process 5649 attached [pid 5649] set_robust_list(0x5555573f6660, 24) = 0 [pid 5649] chdir("./36") = 0 [pid 5649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5649] setpgid(0, 0) = 0 [pid 5649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5649] write(3, "1000", 4) = 4 [pid 5649] close(3) = 0 [pid 5649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5649] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5649] memfd_create("syzkaller", 0) = 3 [pid 5649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5649] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5649] close(3) = 0 [pid 5649] mkdir("./file0", 0777) = 0 [ 59.124762][ T5649] loop0: detected capacity change from 0 to 32768 [ 59.134113][ T5649] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5649) [ 59.149390][ T5649] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.158165][ T5649] BTRFS info (device loop0): setting nodatacow, compression disabled [ 59.166348][ T5649] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 59.177005][ T5649] BTRFS info (device loop0): trying to use backup root at mount time [ 59.185108][ T5649] BTRFS info (device loop0): disabling tree log [ 59.191414][ T5649] BTRFS info (device loop0): enabling auto defrag [ 59.197900][ T5649] BTRFS info (device loop0): using free space tree [ 59.213457][ T5649] BTRFS info (device loop0): enabling ssd optimizations [pid 5649] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5649] chdir("./file0") = 0 [pid 5649] ioctl(4, LOOP_CLR_FD) = 0 [pid 5649] close(4) = 0 [pid 5649] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5649] getpid() = 5649 [pid 5649] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5649] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5649] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5649] exit_group(0) = ? [pid 5649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5649, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 59.220579][ T5649] BTRFS info (device loop0): auto enabling async discard umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5666 attached [pid 5666] set_robust_list(0x5555573f6660, 24) = 0 [pid 5666] chdir("./37" [pid 5019] <... clone resumed>, child_tidptr=0x5555573f6650) = 5666 [pid 5666] <... chdir resumed>) = 0 [pid 5666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5666] setpgid(0, 0) = 0 [pid 5666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5666] write(3, "1000", 4) = 4 [pid 5666] close(3) = 0 [pid 5666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5666] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5666] memfd_create("syzkaller", 0) = 3 [pid 5666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5666] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5666] close(3) = 0 [pid 5666] mkdir("./file0", 0777) = 0 [ 59.490620][ T5666] loop0: detected capacity change from 0 to 32768 [ 59.500380][ T5666] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5666) [ 59.515743][ T5666] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.524539][ T5666] BTRFS info (device loop0): setting nodatacow, compression disabled [ 59.532727][ T5666] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 59.543406][ T5666] BTRFS info (device loop0): trying to use backup root at mount time [ 59.551527][ T5666] BTRFS info (device loop0): disabling tree log [ 59.557882][ T5666] BTRFS info (device loop0): enabling auto defrag [ 59.564349][ T5666] BTRFS info (device loop0): using free space tree [ 59.580097][ T5666] BTRFS info (device loop0): enabling ssd optimizations [pid 5666] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5666] chdir("./file0") = 0 [pid 5666] ioctl(4, LOOP_CLR_FD) = 0 [pid 5666] close(4) = 0 [pid 5666] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5666] getpid() = 5666 [pid 5666] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5666] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5666] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5666] exit_group(0) = ? [pid 5666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5666, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 59.587125][ T5666] BTRFS info (device loop0): auto enabling async discard umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5683 ./strace-static-x86_64: Process 5683 attached [pid 5683] set_robust_list(0x5555573f6660, 24) = 0 [pid 5683] chdir("./38") = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5683] memfd_create("syzkaller", 0) = 3 [pid 5683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5683] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5683] close(3) = 0 [pid 5683] mkdir("./file0", 0777) = 0 [ 59.853886][ T5683] loop0: detected capacity change from 0 to 32768 [ 59.863376][ T5683] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5683) [ 59.879392][ T5683] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.888285][ T5683] BTRFS info (device loop0): setting nodatacow, compression disabled [ 59.896440][ T5683] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 59.907402][ T5683] BTRFS info (device loop0): trying to use backup root at mount time [ 59.915500][ T5683] BTRFS info (device loop0): disabling tree log [ 59.921818][ T5683] BTRFS info (device loop0): enabling auto defrag [ 59.928291][ T5683] BTRFS info (device loop0): using free space tree [ 59.944043][ T5683] BTRFS info (device loop0): enabling ssd optimizations [pid 5683] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5683] chdir("./file0") = 0 [pid 5683] ioctl(4, LOOP_CLR_FD) = 0 [pid 5683] close(4) = 0 [pid 5683] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5683] getpid() = 5683 [pid 5683] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5683] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5683] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5683] exit_group(0) = ? [pid 5683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5683, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 59.951110][ T5683] BTRFS info (device loop0): auto enabling async discard umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5700 ./strace-static-x86_64: Process 5700 attached [pid 5700] set_robust_list(0x5555573f6660, 24) = 0 [pid 5700] chdir("./39") = 0 [pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5700] setpgid(0, 0) = 0 [pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5700] write(3, "1000", 4) = 4 [pid 5700] close(3) = 0 [pid 5700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5700] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5700] memfd_create("syzkaller", 0) = 3 [pid 5700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5700] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5700] close(3) = 0 [pid 5700] mkdir("./file0", 0777) = 0 [ 60.215873][ T5700] loop0: detected capacity change from 0 to 32768 [ 60.225906][ T5700] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5700) [ 60.241184][ T5700] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 60.249956][ T5700] BTRFS info (device loop0): setting nodatacow, compression disabled [ 60.258181][ T5700] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 60.269131][ T5700] BTRFS info (device loop0): trying to use backup root at mount time [ 60.277289][ T5700] BTRFS info (device loop0): disabling tree log [ 60.283704][ T5700] BTRFS info (device loop0): enabling auto defrag [ 60.290504][ T5700] BTRFS info (device loop0): using free space tree [ 60.306102][ T5700] BTRFS info (device loop0): enabling ssd optimizations [pid 5700] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5700] chdir("./file0") = 0 [pid 5700] ioctl(4, LOOP_CLR_FD) = 0 [pid 5700] close(4) = 0 [pid 5700] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5700] getpid() = 5700 [pid 5700] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5700] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5700] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5700] exit_group(0) = ? [pid 5700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5700, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.313122][ T5700] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5719 ./strace-static-x86_64: Process 5719 attached [pid 5719] set_robust_list(0x5555573f6660, 24) = 0 [pid 5719] chdir("./40") = 0 [pid 5719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5719] setpgid(0, 0) = 0 [pid 5719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5719] write(3, "1000", 4) = 4 [pid 5719] close(3) = 0 [pid 5719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5719] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5719] memfd_create("syzkaller", 0) = 3 [pid 5719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5719] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5719] close(3) = 0 [pid 5719] mkdir("./file0", 0777) = 0 [ 60.579183][ T5719] loop0: detected capacity change from 0 to 32768 [ 60.588015][ T5719] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5719) [ 60.602243][ T5719] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 60.611144][ T5719] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 5719] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5719] chdir("./file0") = 0 [pid 5719] ioctl(4, LOOP_CLR_FD) = 0 [pid 5719] close(4) = 0 [pid 5719] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5719] getpid() = 5719 [pid 5719] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5719] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5719] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5719] exit_group(0) = ? [pid 5719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5719, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 60.619527][ T5719] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 60.630434][ T5719] BTRFS info (device loop0): trying to use backup root at mount time [ 60.638605][ T5719] BTRFS info (device loop0): disabling tree log umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5736 ./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x5555573f6660, 24) = 0 [pid 5736] chdir("./41") = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0) = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5736] memfd_create("syzkaller", 0) = 3 [pid 5736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5736] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5736] close(3) = 0 [pid 5736] mkdir("./file0", 0777) = 0 [pid 5736] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5736] chdir("./file0") = 0 [pid 5736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5736] close(4) = 0 [pid 5736] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5736] getpid() = 5736 [pid 5736] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5736] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5736] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5736] exit_group(0) = ? [pid 5736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5736, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.911719][ T5736] loop0: detected capacity change from 0 to 32768 [ 60.922147][ T5736] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5736) [ 60.938080][ T5736] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5753 ./strace-static-x86_64: Process 5753 attached [pid 5753] set_robust_list(0x5555573f6660, 24) = 0 [pid 5753] chdir("./42") = 0 [pid 5753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5753] setpgid(0, 0) = 0 [pid 5753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5753] write(3, "1000", 4) = 4 [pid 5753] close(3) = 0 [pid 5753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5753] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5753] memfd_create("syzkaller", 0) = 3 [pid 5753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5753] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5753] close(3) = 0 [pid 5753] mkdir("./file0", 0777) = 0 [ 61.232585][ T5753] loop0: detected capacity change from 0 to 32768 [ 61.242698][ T5753] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5753) [ 61.258390][ T5753] _btrfs_printk: 12 callbacks suppressed [ 61.258403][ T5753] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 61.272842][ T5753] BTRFS info (device loop0): setting nodatacow, compression disabled [ 61.280990][ T5753] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 61.291628][ T5753] BTRFS info (device loop0): trying to use backup root at mount time [ 61.299765][ T5753] BTRFS info (device loop0): disabling tree log [ 61.306009][ T5753] BTRFS info (device loop0): enabling auto defrag [ 61.312505][ T5753] BTRFS info (device loop0): using free space tree [pid 5753] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5753] chdir("./file0") = 0 [pid 5753] ioctl(4, LOOP_CLR_FD) = 0 [pid 5753] close(4) = 0 [pid 5753] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5753] getpid() = 5753 [pid 5753] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5753] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5753] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5753] exit_group(0) = ? [pid 5753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5753, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 61.328039][ T5753] BTRFS info (device loop0): enabling ssd optimizations [ 61.335015][ T5753] BTRFS info (device loop0): auto enabling async discard umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5770 ./strace-static-x86_64: Process 5770 attached [pid 5770] set_robust_list(0x5555573f6660, 24) = 0 [pid 5770] chdir("./43") = 0 [pid 5770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5770] setpgid(0, 0) = 0 [pid 5770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5770] write(3, "1000", 4) = 4 [pid 5770] close(3) = 0 [pid 5770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5770] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5770] memfd_create("syzkaller", 0) = 3 [pid 5770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5770] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5770] close(3) = 0 [pid 5770] mkdir("./file0", 0777) = 0 [ 61.611325][ T5770] loop0: detected capacity change from 0 to 32768 [ 61.620643][ T5770] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5770) [ 61.635470][ T5770] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 61.644226][ T5770] BTRFS info (device loop0): setting nodatacow, compression disabled [ 61.652321][ T5770] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 61.663117][ T5770] BTRFS info (device loop0): trying to use backup root at mount time [ 61.671250][ T5770] BTRFS info (device loop0): disabling tree log [ 61.677557][ T5770] BTRFS info (device loop0): enabling auto defrag [ 61.683979][ T5770] BTRFS info (device loop0): using free space tree [ 61.699554][ T5770] BTRFS info (device loop0): enabling ssd optimizations [pid 5770] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5770] chdir("./file0") = 0 [pid 5770] ioctl(4, LOOP_CLR_FD) = 0 [pid 5770] close(4) = 0 [pid 5770] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5770] getpid() = 5770 [pid 5770] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5770] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5770] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5770] exit_group(0) = ? [pid 5770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5770, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 61.706592][ T5770] BTRFS info (device loop0): auto enabling async discard umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5787 ./strace-static-x86_64: Process 5787 attached [pid 5787] set_robust_list(0x5555573f6660, 24) = 0 [pid 5787] chdir("./44") = 0 [pid 5787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5787] setpgid(0, 0) = 0 [pid 5787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5787] write(3, "1000", 4) = 4 [pid 5787] close(3) = 0 [pid 5787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5787] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5787] memfd_create("syzkaller", 0) = 3 [pid 5787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5787] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5787] close(3) = 0 [pid 5787] mkdir("./file0", 0777) = 0 [ 61.984971][ T5787] loop0: detected capacity change from 0 to 32768 [ 61.994180][ T5787] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5787) [ 62.008935][ T5787] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.017700][ T5787] BTRFS info (device loop0): setting nodatacow, compression disabled [ 62.025858][ T5787] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 62.036514][ T5787] BTRFS info (device loop0): trying to use backup root at mount time [ 62.044645][ T5787] BTRFS info (device loop0): disabling tree log [ 62.050969][ T5787] BTRFS info (device loop0): enabling auto defrag [ 62.057462][ T5787] BTRFS info (device loop0): using free space tree [ 62.073420][ T5787] BTRFS info (device loop0): enabling ssd optimizations [pid 5787] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5787] chdir("./file0") = 0 [pid 5787] ioctl(4, LOOP_CLR_FD) = 0 [pid 5787] close(4) = 0 [pid 5787] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5787] getpid() = 5787 [pid 5787] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5787] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5787] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5787] exit_group(0) = ? [pid 5787] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5787, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 62.080473][ T5787] BTRFS info (device loop0): auto enabling async discard umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5804 ./strace-static-x86_64: Process 5804 attached [pid 5804] set_robust_list(0x5555573f6660, 24) = 0 [pid 5804] chdir("./45") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5804] memfd_create("syzkaller", 0) = 3 [pid 5804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5804] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5804] close(3) = 0 [pid 5804] mkdir("./file0", 0777) = 0 [ 62.340320][ T5804] loop0: detected capacity change from 0 to 32768 [ 62.350307][ T5804] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5804) [ 62.365655][ T5804] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.374481][ T5804] BTRFS info (device loop0): setting nodatacow, compression disabled [ 62.382620][ T5804] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 62.393291][ T5804] BTRFS info (device loop0): trying to use backup root at mount time [ 62.401425][ T5804] BTRFS info (device loop0): disabling tree log [ 62.407724][ T5804] BTRFS info (device loop0): enabling auto defrag [ 62.414154][ T5804] BTRFS info (device loop0): using free space tree [ 62.430666][ T5804] BTRFS info (device loop0): enabling ssd optimizations [pid 5804] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5804] chdir("./file0") = 0 [pid 5804] ioctl(4, LOOP_CLR_FD) = 0 [pid 5804] close(4) = 0 [pid 5804] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5804] getpid() = 5804 [pid 5804] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5804] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5804] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5804] exit_group(0) = ? [pid 5804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5804, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.437845][ T5804] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5821 ./strace-static-x86_64: Process 5821 attached [pid 5821] set_robust_list(0x5555573f6660, 24) = 0 [pid 5821] chdir("./46") = 0 [pid 5821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5821] setpgid(0, 0) = 0 [pid 5821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1000", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5821] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5821] memfd_create("syzkaller", 0) = 3 [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5821] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5821] close(3) = 0 [pid 5821] mkdir("./file0", 0777) = 0 [ 62.707389][ T5821] loop0: detected capacity change from 0 to 32768 [ 62.716643][ T5821] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5821) [ 62.731956][ T5821] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.740760][ T5821] BTRFS info (device loop0): setting nodatacow, compression disabled [ 62.748917][ T5821] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 62.759584][ T5821] BTRFS info (device loop0): trying to use backup root at mount time [ 62.767711][ T5821] BTRFS info (device loop0): disabling tree log [ 62.773985][ T5821] BTRFS info (device loop0): enabling auto defrag [ 62.780515][ T5821] BTRFS info (device loop0): using free space tree [ 62.796323][ T5821] BTRFS info (device loop0): enabling ssd optimizations [pid 5821] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5821] chdir("./file0") = 0 [pid 5821] ioctl(4, LOOP_CLR_FD) = 0 [pid 5821] close(4) = 0 [pid 5821] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5821] getpid() = 5821 [pid 5821] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5821] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5821] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5821] exit_group(0) = ? [pid 5821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5821, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 62.803493][ T5821] BTRFS info (device loop0): auto enabling async discard umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5838 ./strace-static-x86_64: Process 5838 attached [pid 5838] set_robust_list(0x5555573f6660, 24) = 0 [pid 5838] chdir("./47") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5838] memfd_create("syzkaller", 0) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5838] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5838] close(3) = 0 [pid 5838] mkdir("./file0", 0777) = 0 [ 63.077313][ T5838] loop0: detected capacity change from 0 to 32768 [ 63.087520][ T5838] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5838) [ 63.103104][ T5838] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.111934][ T5838] BTRFS info (device loop0): setting nodatacow, compression disabled [ 63.120420][ T5838] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.131080][ T5838] BTRFS info (device loop0): trying to use backup root at mount time [ 63.139435][ T5838] BTRFS info (device loop0): disabling tree log [ 63.145725][ T5838] BTRFS info (device loop0): enabling auto defrag [ 63.152242][ T5838] BTRFS info (device loop0): using free space tree [ 63.167849][ T5838] BTRFS info (device loop0): enabling ssd optimizations [pid 5838] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("./file0") = 0 [pid 5838] ioctl(4, LOOP_CLR_FD) = 0 [pid 5838] close(4) = 0 [pid 5838] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5838] getpid() = 5838 [pid 5838] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5838] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5838] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5838] exit_group(0) = ? [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 63.174798][ T5838] BTRFS info (device loop0): auto enabling async discard umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5855 ./strace-static-x86_64: Process 5855 attached [pid 5855] set_robust_list(0x5555573f6660, 24) = 0 [pid 5855] chdir("./48") = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5855] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5855] memfd_create("syzkaller", 0) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5855] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] mkdir("./file0", 0777) = 0 [ 63.447395][ T5855] loop0: detected capacity change from 0 to 32768 [ 63.456197][ T5855] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5855) [ 63.472277][ T5855] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.481070][ T5855] BTRFS info (device loop0): setting nodatacow, compression disabled [ 63.489436][ T5855] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.500105][ T5855] BTRFS info (device loop0): trying to use backup root at mount time [ 63.508205][ T5855] BTRFS info (device loop0): disabling tree log [ 63.514469][ T5855] BTRFS info (device loop0): enabling auto defrag [ 63.520919][ T5855] BTRFS info (device loop0): using free space tree [ 63.536454][ T5855] BTRFS info (device loop0): enabling ssd optimizations [pid 5855] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file0") = 0 [pid 5855] ioctl(4, LOOP_CLR_FD) = 0 [pid 5855] close(4) = 0 [pid 5855] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5855] getpid() = 5855 [pid 5855] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5855] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5855] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5855] exit_group(0) = ? [pid 5855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 63.543464][ T5855] BTRFS info (device loop0): auto enabling async discard umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5872 ./strace-static-x86_64: Process 5872 attached [pid 5872] set_robust_list(0x5555573f6660, 24) = 0 [pid 5872] chdir("./49") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5872] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] mkdir("./file0", 0777) = 0 [ 63.819765][ T5872] loop0: detected capacity change from 0 to 32768 [ 63.829344][ T5872] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5872) [ 63.843790][ T5872] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.852626][ T5872] BTRFS info (device loop0): setting nodatacow, compression disabled [ 63.860804][ T5872] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.871442][ T5872] BTRFS info (device loop0): trying to use backup root at mount time [ 63.879543][ T5872] BTRFS info (device loop0): disabling tree log [ 63.885784][ T5872] BTRFS info (device loop0): enabling auto defrag [ 63.892358][ T5872] BTRFS info (device loop0): using free space tree [ 63.907772][ T5872] BTRFS info (device loop0): enabling ssd optimizations [pid 5872] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./file0") = 0 [pid 5872] ioctl(4, LOOP_CLR_FD) = 0 [pid 5872] close(4) = 0 [pid 5872] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5872] getpid() = 5872 [pid 5872] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5872] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5872] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5872] exit_group(0) = ? [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 63.914738][ T5872] BTRFS info (device loop0): auto enabling async discard umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5889 ./strace-static-x86_64: Process 5889 attached [pid 5889] set_robust_list(0x5555573f6660, 24) = 0 [pid 5889] chdir("./50") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5889] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5889] close(3) = 0 [pid 5889] mkdir("./file0", 0777) = 0 [ 64.190228][ T5889] loop0: detected capacity change from 0 to 32768 [ 64.199922][ T5889] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5889) [ 64.216042][ T5889] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.224939][ T5889] BTRFS info (device loop0): setting nodatacow, compression disabled [ 64.233057][ T5889] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 64.243700][ T5889] BTRFS info (device loop0): trying to use backup root at mount time [ 64.251849][ T5889] BTRFS info (device loop0): disabling tree log [ 64.258112][ T5889] BTRFS info (device loop0): enabling auto defrag [ 64.264528][ T5889] BTRFS info (device loop0): using free space tree [ 64.280329][ T5889] BTRFS info (device loop0): enabling ssd optimizations [pid 5889] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./file0") = 0 [pid 5889] ioctl(4, LOOP_CLR_FD) = 0 [pid 5889] close(4) = 0 [pid 5889] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5889] getpid() = 5889 [pid 5889] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5889] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5889] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5889] exit_group(0) = ? [pid 5889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.287425][ T5889] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5906 ./strace-static-x86_64: Process 5906 attached [pid 5906] set_robust_list(0x5555573f6660, 24) = 0 [pid 5906] chdir("./51") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5906] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] mkdir("./file0", 0777) = 0 [ 64.556161][ T5906] loop0: detected capacity change from 0 to 32768 [ 64.566319][ T5906] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5906) [ 64.581893][ T5906] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.590679][ T5906] BTRFS info (device loop0): setting nodatacow, compression disabled [ 64.598877][ T5906] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 64.609571][ T5906] BTRFS info (device loop0): trying to use backup root at mount time [ 64.617739][ T5906] BTRFS info (device loop0): disabling tree log [ 64.624015][ T5906] BTRFS info (device loop0): enabling auto defrag [ 64.630506][ T5906] BTRFS info (device loop0): using free space tree [ 64.647203][ T5906] BTRFS info (device loop0): enabling ssd optimizations [pid 5906] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file0") = 0 [pid 5906] ioctl(4, LOOP_CLR_FD) = 0 [pid 5906] close(4) = 0 [pid 5906] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5906] getpid() = 5906 [pid 5906] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5906] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5906] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5906] exit_group(0) = ? [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 64.654301][ T5906] BTRFS info (device loop0): auto enabling async discard umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5923 ./strace-static-x86_64: Process 5923 attached [pid 5923] set_robust_list(0x5555573f6660, 24) = 0 [pid 5923] chdir("./52") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5923] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [pid 5923] mkdir("./file0", 0777) = 0 [ 64.925126][ T5923] loop0: detected capacity change from 0 to 32768 [ 64.937189][ T5923] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5923) [ 64.952496][ T5923] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.961333][ T5923] BTRFS info (device loop0): setting nodatacow, compression disabled [ 64.969478][ T5923] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 64.980109][ T5923] BTRFS info (device loop0): trying to use backup root at mount time [ 64.988322][ T5923] BTRFS info (device loop0): disabling tree log [ 64.994594][ T5923] BTRFS info (device loop0): enabling auto defrag [ 65.001063][ T5923] BTRFS info (device loop0): using free space tree [ 65.017026][ T5923] BTRFS info (device loop0): enabling ssd optimizations [pid 5923] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./file0") = 0 [pid 5923] ioctl(4, LOOP_CLR_FD) = 0 [pid 5923] close(4) = 0 [pid 5923] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5923] getpid() = 5923 [pid 5923] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5923] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5923] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5923] exit_group(0) = ? [pid 5923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 65.024042][ T5923] BTRFS info (device loop0): auto enabling async discard umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached [pid 5940] set_robust_list(0x5555573f6660, 24) = 0 [pid 5940] chdir("./53") = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5019] <... clone resumed>, child_tidptr=0x5555573f6650) = 5940 [pid 5940] write(3, "1000", 4) = 4 [pid 5940] close(3) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5940] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5940] memfd_create("syzkaller", 0) = 3 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5940] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5940] close(3) = 0 [pid 5940] mkdir("./file0", 0777) = 0 [ 65.300192][ T5940] loop0: detected capacity change from 0 to 32768 [ 65.310041][ T5940] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5940) [ 65.325335][ T5940] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 65.334179][ T5940] BTRFS info (device loop0): setting nodatacow, compression disabled [ 65.342383][ T5940] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 65.353034][ T5940] BTRFS info (device loop0): trying to use backup root at mount time [ 65.361156][ T5940] BTRFS info (device loop0): disabling tree log [ 65.367452][ T5940] BTRFS info (device loop0): enabling auto defrag [ 65.373885][ T5940] BTRFS info (device loop0): using free space tree [ 65.389847][ T5940] BTRFS info (device loop0): enabling ssd optimizations [pid 5940] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5940] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5940] chdir("./file0") = 0 [pid 5940] ioctl(4, LOOP_CLR_FD) = 0 [pid 5940] close(4) = 0 [pid 5940] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5940] getpid() = 5940 [pid 5940] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5940] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5940] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5940] exit_group(0) = ? [pid 5940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 65.396909][ T5940] BTRFS info (device loop0): auto enabling async discard umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5958 ./strace-static-x86_64: Process 5958 attached [pid 5958] set_robust_list(0x5555573f6660, 24) = 0 [pid 5958] chdir("./54") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3) = 0 [pid 5958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5958] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5958] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5958] close(3) = 0 [pid 5958] mkdir("./file0", 0777) = 0 [ 65.665195][ T5958] loop0: detected capacity change from 0 to 32768 [ 65.675260][ T5958] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5958) [ 65.690217][ T5958] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 65.699104][ T5958] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 5958] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5958] chdir("./file0") = 0 [pid 5958] ioctl(4, LOOP_CLR_FD) = 0 [pid 5958] close(4) = 0 [pid 5958] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5958] getpid() = 5958 [pid 5958] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5958] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5958] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5958] exit_group(0) = ? [pid 5958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 65.707334][ T5958] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 65.718006][ T5958] BTRFS info (device loop0): trying to use backup root at mount time [ 65.726083][ T5958] BTRFS info (device loop0): disabling tree log umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5975 attached , child_tidptr=0x5555573f6650) = 5975 [pid 5975] set_robust_list(0x5555573f6660, 24) = 0 [pid 5975] chdir("./55") = 0 [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5975] setpgid(0, 0) = 0 [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5975] write(3, "1000", 4) = 4 [pid 5975] close(3) = 0 [pid 5975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5975] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5975] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] mkdir("./file0", 0777) = 0 [pid 5975] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./file0") = 0 [pid 5975] ioctl(4, LOOP_CLR_FD) = 0 [pid 5975] close(4) = 0 [pid 5975] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5975] getpid() = 5975 [pid 5975] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5975] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5975] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5975] exit_group(0) = ? [pid 5975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 66.006103][ T5975] loop0: detected capacity change from 0 to 32768 [ 66.017348][ T5975] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5975) [ 66.033127][ T5975] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 5992 ./strace-static-x86_64: Process 5992 attached [pid 5992] set_robust_list(0x5555573f6660, 24) = 0 [pid 5992] chdir("./56") = 0 [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5992] setpgid(0, 0) = 0 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5992] write(3, "1000", 4) = 4 [pid 5992] close(3) = 0 [pid 5992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5992] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5992] memfd_create("syzkaller", 0) = 3 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 5992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5992] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5992] close(3) = 0 [pid 5992] mkdir("./file0", 0777) = 0 [ 66.385547][ T5992] loop0: detected capacity change from 0 to 32768 [ 66.395214][ T5992] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (5992) [ 66.411042][ T5992] _btrfs_printk: 12 callbacks suppressed [ 66.411055][ T5992] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.425557][ T5992] BTRFS info (device loop0): setting nodatacow, compression disabled [ 66.433729][ T5992] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.444362][ T5992] BTRFS info (device loop0): trying to use backup root at mount time [ 66.452469][ T5992] BTRFS info (device loop0): disabling tree log [ 66.458781][ T5992] BTRFS info (device loop0): enabling auto defrag [ 66.465196][ T5992] BTRFS info (device loop0): using free space tree [pid 5992] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5992] chdir("./file0") = 0 [pid 5992] ioctl(4, LOOP_CLR_FD) = 0 [pid 5992] close(4) = 0 [pid 5992] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5992] getpid() = 5992 [pid 5992] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 5992] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5992] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 5992] exit_group(0) = ? [pid 5992] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5992, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 66.480839][ T5992] BTRFS info (device loop0): enabling ssd optimizations [ 66.487909][ T5992] BTRFS info (device loop0): auto enabling async discard umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6009 ./strace-static-x86_64: Process 6009 attached [pid 6009] set_robust_list(0x5555573f6660, 24) = 0 [pid 6009] chdir("./57") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6009] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6009] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] mkdir("./file0", 0777) = 0 [ 66.755880][ T6009] loop0: detected capacity change from 0 to 32768 [ 66.765101][ T6009] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6009) [ 66.780597][ T6009] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.789397][ T6009] BTRFS info (device loop0): setting nodatacow, compression disabled [ 66.797517][ T6009] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.808125][ T6009] BTRFS info (device loop0): trying to use backup root at mount time [ 66.816191][ T6009] BTRFS info (device loop0): disabling tree log [ 66.822534][ T6009] BTRFS info (device loop0): enabling auto defrag [ 66.828998][ T6009] BTRFS info (device loop0): using free space tree [ 66.844597][ T6009] BTRFS info (device loop0): enabling ssd optimizations [pid 6009] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./file0") = 0 [pid 6009] ioctl(4, LOOP_CLR_FD) = 0 [pid 6009] close(4) = 0 [pid 6009] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6009] getpid() = 6009 [pid 6009] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6009] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6009] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6009] exit_group(0) = ? [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 66.851616][ T6009] BTRFS info (device loop0): auto enabling async discard umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x5555573f6660, 24) = 0 [pid 6026] chdir("./58") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6026] memfd_create("syzkaller", 0) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6026] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6026] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6026] close(3) = 0 [pid 6026] mkdir("./file0", 0777) = 0 [ 67.120848][ T6026] loop0: detected capacity change from 0 to 32768 [ 67.131126][ T6026] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6026) [ 67.146524][ T6026] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.155250][ T6026] BTRFS info (device loop0): setting nodatacow, compression disabled [ 67.163408][ T6026] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.174174][ T6026] BTRFS info (device loop0): trying to use backup root at mount time [ 67.182334][ T6026] BTRFS info (device loop0): disabling tree log [ 67.188628][ T6026] BTRFS info (device loop0): enabling auto defrag [ 67.195047][ T6026] BTRFS info (device loop0): using free space tree [ 67.210743][ T6026] BTRFS info (device loop0): enabling ssd optimizations [pid 6026] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6026] chdir("./file0") = 0 [pid 6026] ioctl(4, LOOP_CLR_FD) = 0 [pid 6026] close(4) = 0 [pid 6026] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6026] getpid() = 6026 [pid 6026] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6026] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6026] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6026] exit_group(0) = ? [pid 6026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 67.217901][ T6026] BTRFS info (device loop0): auto enabling async discard unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6043 ./strace-static-x86_64: Process 6043 attached [pid 6043] set_robust_list(0x5555573f6660, 24) = 0 [pid 6043] chdir("./59") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6043] memfd_create("syzkaller", 0) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6043] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [pid 6043] mkdir("./file0", 0777) = 0 [ 67.489585][ T6043] loop0: detected capacity change from 0 to 32768 [ 67.499970][ T6043] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6043) [ 67.515043][ T6043] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.523912][ T6043] BTRFS info (device loop0): setting nodatacow, compression disabled [ 67.532119][ T6043] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.542831][ T6043] BTRFS info (device loop0): trying to use backup root at mount time [ 67.550950][ T6043] BTRFS info (device loop0): disabling tree log [ 67.557272][ T6043] BTRFS info (device loop0): enabling auto defrag [ 67.563713][ T6043] BTRFS info (device loop0): using free space tree [ 67.579918][ T6043] BTRFS info (device loop0): enabling ssd optimizations [pid 6043] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] chdir("./file0") = 0 [pid 6043] ioctl(4, LOOP_CLR_FD) = 0 [pid 6043] close(4) = 0 [pid 6043] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6043] getpid() = 6043 [pid 6043] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6043] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6043] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6043] exit_group(0) = ? [pid 6043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 67.587138][ T6043] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6060 ./strace-static-x86_64: Process 6060 attached [pid 6060] set_robust_list(0x5555573f6660, 24) = 0 [pid 6060] chdir("./60") = 0 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0) = 0 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6060] write(3, "1000", 4) = 4 [pid 6060] close(3) = 0 [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6060] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6060] memfd_create("syzkaller", 0) = 3 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6060] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6060] close(3) = 0 [pid 6060] mkdir("./file0", 0777) = 0 [ 67.865102][ T6060] loop0: detected capacity change from 0 to 32768 [ 67.874375][ T6060] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6060) [ 67.889667][ T6060] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.898450][ T6060] BTRFS info (device loop0): setting nodatacow, compression disabled [ 67.906548][ T6060] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.917178][ T6060] BTRFS info (device loop0): trying to use backup root at mount time [ 67.925357][ T6060] BTRFS info (device loop0): disabling tree log [ 67.931941][ T6060] BTRFS info (device loop0): enabling auto defrag [ 67.938425][ T6060] BTRFS info (device loop0): using free space tree [ 67.954369][ T6060] BTRFS info (device loop0): enabling ssd optimizations [pid 6060] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6060] chdir("./file0") = 0 [pid 6060] ioctl(4, LOOP_CLR_FD) = 0 [pid 6060] close(4) = 0 [pid 6060] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6060] getpid() = 6060 [pid 6060] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6060] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6060] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6060] exit_group(0) = ? [pid 6060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6060, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 67.961466][ T6060] BTRFS info (device loop0): auto enabling async discard umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6077 attached , child_tidptr=0x5555573f6650) = 6077 [pid 6077] set_robust_list(0x5555573f6660, 24) = 0 [pid 6077] chdir("./61") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6077] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6077] memfd_create("syzkaller", 0) = 3 [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6077] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6077] close(3) = 0 [pid 6077] mkdir("./file0", 0777) = 0 [ 68.241670][ T6077] loop0: detected capacity change from 0 to 32768 [ 68.251645][ T6077] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6077) [ 68.267312][ T6077] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.276013][ T6077] BTRFS info (device loop0): setting nodatacow, compression disabled [ 68.284145][ T6077] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 68.294937][ T6077] BTRFS info (device loop0): trying to use backup root at mount time [ 68.303076][ T6077] BTRFS info (device loop0): disabling tree log [ 68.309401][ T6077] BTRFS info (device loop0): enabling auto defrag [ 68.315802][ T6077] BTRFS info (device loop0): using free space tree [ 68.331566][ T6077] BTRFS info (device loop0): enabling ssd optimizations [pid 6077] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6077] chdir("./file0") = 0 [pid 6077] ioctl(4, LOOP_CLR_FD) = 0 [pid 6077] close(4) = 0 [pid 6077] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6077] getpid() = 6077 [pid 6077] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6077] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6077] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6077] exit_group(0) = ? [pid 6077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 68.338592][ T6077] BTRFS info (device loop0): auto enabling async discard umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6094 ./strace-static-x86_64: Process 6094 attached [pid 6094] set_robust_list(0x5555573f6660, 24) = 0 [pid 6094] chdir("./62") = 0 [pid 6094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6094] setpgid(0, 0) = 0 [pid 6094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6094] write(3, "1000", 4) = 4 [pid 6094] close(3) = 0 [pid 6094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6094] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6094] memfd_create("syzkaller", 0) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6094] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] mkdir("./file0", 0777) = 0 [ 68.616742][ T6094] loop0: detected capacity change from 0 to 32768 [ 68.626659][ T6094] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6094) [ 68.641990][ T6094] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.651125][ T6094] BTRFS info (device loop0): setting nodatacow, compression disabled [ 68.659292][ T6094] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 68.669926][ T6094] BTRFS info (device loop0): trying to use backup root at mount time [ 68.678056][ T6094] BTRFS info (device loop0): disabling tree log [ 68.684305][ T6094] BTRFS info (device loop0): enabling auto defrag [ 68.690923][ T6094] BTRFS info (device loop0): using free space tree [ 68.707469][ T6094] BTRFS info (device loop0): enabling ssd optimizations [pid 6094] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./file0") = 0 [pid 6094] ioctl(4, LOOP_CLR_FD) = 0 [pid 6094] close(4) = 0 [pid 6094] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6094] getpid() = 6094 [pid 6094] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6094] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6094] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6094] exit_group(0) = ? [pid 6094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6094, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 68.714440][ T6094] BTRFS info (device loop0): auto enabling async discard umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6111 ./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x5555573f6660, 24) = 0 [pid 6111] chdir("./63") = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6111] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6111] memfd_create("syzkaller", 0) = 3 [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6111] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6111] close(3) = 0 [pid 6111] mkdir("./file0", 0777) = 0 [ 68.983212][ T6111] loop0: detected capacity change from 0 to 32768 [ 68.993301][ T6111] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6111) [ 69.008508][ T6111] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.017294][ T6111] BTRFS info (device loop0): setting nodatacow, compression disabled [ 69.025405][ T6111] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 69.036105][ T6111] BTRFS info (device loop0): trying to use backup root at mount time [ 69.044249][ T6111] BTRFS info (device loop0): disabling tree log [ 69.050559][ T6111] BTRFS info (device loop0): enabling auto defrag [ 69.057032][ T6111] BTRFS info (device loop0): using free space tree [ 69.072416][ T6111] BTRFS info (device loop0): enabling ssd optimizations [pid 6111] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6111] chdir("./file0") = 0 [pid 6111] ioctl(4, LOOP_CLR_FD) = 0 [pid 6111] close(4) = 0 [pid 6111] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6111] getpid() = 6111 [pid 6111] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6111] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6111] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6111] exit_group(0) = ? [ 69.079482][ T6111] BTRFS info (device loop0): auto enabling async discard [pid 6111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6128 ./strace-static-x86_64: Process 6128 attached [pid 6128] set_robust_list(0x5555573f6660, 24) = 0 [pid 6128] chdir("./64") = 0 [pid 6128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6128] setpgid(0, 0) = 0 [pid 6128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6128] write(3, "1000", 4) = 4 [pid 6128] close(3) = 0 [pid 6128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6128] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6128] memfd_create("syzkaller", 0) = 3 [pid 6128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6128] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6128] close(3) = 0 [pid 6128] mkdir("./file0", 0777) = 0 [ 69.350937][ T6128] loop0: detected capacity change from 0 to 32768 [ 69.360202][ T6128] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6128) [ 69.375510][ T6128] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.384393][ T6128] BTRFS info (device loop0): setting nodatacow, compression disabled [ 69.392685][ T6128] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 69.403393][ T6128] BTRFS info (device loop0): trying to use backup root at mount time [ 69.411616][ T6128] BTRFS info (device loop0): disabling tree log [ 69.417931][ T6128] BTRFS info (device loop0): enabling auto defrag [ 69.424371][ T6128] BTRFS info (device loop0): using free space tree [ 69.440146][ T6128] BTRFS info (device loop0): enabling ssd optimizations [pid 6128] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6128] chdir("./file0") = 0 [pid 6128] ioctl(4, LOOP_CLR_FD) = 0 [pid 6128] close(4) = 0 [pid 6128] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6128] getpid() = 6128 [pid 6128] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6128] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6128] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6128] exit_group(0) = ? [pid 6128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6128, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 69.447163][ T6128] BTRFS info (device loop0): auto enabling async discard unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6145 ./strace-static-x86_64: Process 6145 attached [pid 6145] set_robust_list(0x5555573f6660, 24) = 0 [pid 6145] chdir("./65") = 0 [pid 6145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6145] setpgid(0, 0) = 0 [pid 6145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6145] write(3, "1000", 4) = 4 [pid 6145] close(3) = 0 [pid 6145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6145] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6145] memfd_create("syzkaller", 0) = 3 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6145] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6145] close(3) = 0 [pid 6145] mkdir("./file0", 0777) = 0 [ 69.725040][ T6145] loop0: detected capacity change from 0 to 32768 [ 69.734868][ T6145] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6145) [ 69.750079][ T6145] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.758970][ T6145] BTRFS info (device loop0): setting nodatacow, compression disabled [ 69.767659][ T6145] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 69.778324][ T6145] BTRFS info (device loop0): trying to use backup root at mount time [ 69.786566][ T6145] BTRFS info (device loop0): disabling tree log [ 69.792842][ T6145] BTRFS info (device loop0): enabling auto defrag [ 69.799361][ T6145] BTRFS info (device loop0): using free space tree [ 69.814919][ T6145] BTRFS info (device loop0): enabling ssd optimizations [pid 6145] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6145] chdir("./file0") = 0 [pid 6145] ioctl(4, LOOP_CLR_FD) = 0 [pid 6145] close(4) = 0 [pid 6145] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6145] getpid() = 6145 [pid 6145] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6145] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6145] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6145] exit_group(0) = ? [pid 6145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6145, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.821935][ T6145] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6162 ./strace-static-x86_64: Process 6162 attached [pid 6162] set_robust_list(0x5555573f6660, 24) = 0 [pid 6162] chdir("./66") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6162] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6162] memfd_create("syzkaller", 0) = 3 [pid 6162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6162] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6162] close(3) = 0 [pid 6162] mkdir("./file0", 0777) = 0 [ 70.102417][ T6162] loop0: detected capacity change from 0 to 32768 [ 70.112429][ T6162] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6162) [ 70.128062][ T6162] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.136886][ T6162] BTRFS info (device loop0): setting nodatacow, compression disabled [ 70.144963][ T6162] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 70.155667][ T6162] BTRFS info (device loop0): trying to use backup root at mount time [ 70.163790][ T6162] BTRFS info (device loop0): disabling tree log [ 70.170090][ T6162] BTRFS info (device loop0): enabling auto defrag [ 70.176577][ T6162] BTRFS info (device loop0): using free space tree [ 70.192386][ T6162] BTRFS info (device loop0): enabling ssd optimizations [pid 6162] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6162] chdir("./file0") = 0 [pid 6162] ioctl(4, LOOP_CLR_FD) = 0 [pid 6162] close(4) = 0 [pid 6162] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6162] getpid() = 6162 [pid 6162] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6162] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6162] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6162] exit_group(0) = ? [pid 6162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [ 70.199543][ T6162] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6179 attached [pid 6179] set_robust_list(0x5555573f6660, 24) = 0 [pid 6179] chdir("./67") = 0 [pid 6179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6179] setpgid(0, 0) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x5555573f6650) = 6179 [pid 6179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6179] write(3, "1000", 4) = 4 [pid 6179] close(3) = 0 [pid 6179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6179] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6179] memfd_create("syzkaller", 0) = 3 [pid 6179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6179] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6179] close(3) = 0 [pid 6179] mkdir("./file0", 0777) = 0 [ 70.476986][ T6179] loop0: detected capacity change from 0 to 32768 [ 70.487123][ T6179] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6179) [ 70.502348][ T6179] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.511192][ T6179] BTRFS info (device loop0): setting nodatacow, compression disabled [ 70.519300][ T6179] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 70.529951][ T6179] BTRFS info (device loop0): trying to use backup root at mount time [ 70.538052][ T6179] BTRFS info (device loop0): disabling tree log [ 70.544304][ T6179] BTRFS info (device loop0): enabling auto defrag [ 70.550859][ T6179] BTRFS info (device loop0): using free space tree [ 70.567052][ T6179] BTRFS info (device loop0): enabling ssd optimizations [pid 6179] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6179] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6179] chdir("./file0") = 0 [pid 6179] ioctl(4, LOOP_CLR_FD) = 0 [pid 6179] close(4) = 0 [pid 6179] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6179] getpid() = 6179 [pid 6179] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6179] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6179] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6179] exit_group(0) = ? [pid 6179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6179, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 70.574023][ T6179] BTRFS info (device loop0): auto enabling async discard umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6196 attached [pid 6196] set_robust_list(0x5555573f6660, 24) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x5555573f6650) = 6196 [pid 6196] chdir("./68") = 0 [pid 6196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6196] setpgid(0, 0) = 0 [pid 6196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6196] write(3, "1000", 4) = 4 [pid 6196] close(3) = 0 [pid 6196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6196] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6196] memfd_create("syzkaller", 0) = 3 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [ 70.768939][ T770] cfg80211: failed to load regulatory.db [pid 6196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6196] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6196] close(3) = 0 [pid 6196] mkdir("./file0", 0777) = 0 [ 70.890291][ T6196] loop0: detected capacity change from 0 to 32768 [ 70.898904][ T6196] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6196) [ 70.929781][ T6196] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [pid 6196] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6196] chdir("./file0") = 0 [pid 6196] ioctl(4, LOOP_CLR_FD) = 0 [ 70.938931][ T6196] BTRFS info (device loop0): setting nodatacow, compression disabled [ 70.947443][ T6196] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 70.958463][ T6196] BTRFS info (device loop0): trying to use backup root at mount time [ 70.966929][ T6196] BTRFS info (device loop0): disabling tree log [pid 6196] close(4) = 0 [pid 6196] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6196] getpid() = 6196 [pid 6196] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6196] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6196] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6196] exit_group(0) = ? [pid 6196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6196, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6215 ./strace-static-x86_64: Process 6215 attached [pid 6215] set_robust_list(0x5555573f6660, 24) = 0 [pid 6215] chdir("./69") = 0 [pid 6215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6215] setpgid(0, 0) = 0 [pid 6215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6215] write(3, "1000", 4) = 4 [pid 6215] close(3) = 0 [pid 6215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6215] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6215] memfd_create("syzkaller", 0) = 3 [pid 6215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6215] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6215] close(3) = 0 [pid 6215] mkdir("./file0", 0777) = 0 [pid 6215] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6215] chdir("./file0") = 0 [pid 6215] ioctl(4, LOOP_CLR_FD) = 0 [pid 6215] close(4) = 0 [pid 6215] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [ 71.298989][ T6215] loop0: detected capacity change from 0 to 32768 [ 71.309706][ T6215] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6215) [ 71.325186][ T6215] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 6215] getpid() = 6215 [pid 6215] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6215] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6215] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6215] exit_group(0) = ? [pid 6215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6215, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6232 ./strace-static-x86_64: Process 6232 attached [pid 6232] set_robust_list(0x5555573f6660, 24) = 0 [pid 6232] chdir("./70") = 0 [pid 6232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6232] setpgid(0, 0) = 0 [pid 6232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6232] write(3, "1000", 4) = 4 [pid 6232] close(3) = 0 [pid 6232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6232] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6232] memfd_create("syzkaller", 0) = 3 [pid 6232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6232] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6232] close(3) = 0 [pid 6232] mkdir("./file0", 0777) = 0 [ 71.631033][ T6232] loop0: detected capacity change from 0 to 32768 [ 71.641118][ T6232] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6232) [ 71.657097][ T6232] _btrfs_printk: 12 callbacks suppressed [ 71.657106][ T6232] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.671518][ T6232] BTRFS info (device loop0): setting nodatacow, compression disabled [ 71.679646][ T6232] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 71.690282][ T6232] BTRFS info (device loop0): trying to use backup root at mount time [ 71.698399][ T6232] BTRFS info (device loop0): disabling tree log [ 71.704671][ T6232] BTRFS info (device loop0): enabling auto defrag [ 71.711171][ T6232] BTRFS info (device loop0): using free space tree [pid 6232] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6232] chdir("./file0") = 0 [pid 6232] ioctl(4, LOOP_CLR_FD) = 0 [pid 6232] close(4) = 0 [pid 6232] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6232] getpid() = 6232 [pid 6232] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6232] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6232] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6232] exit_group(0) = ? [pid 6232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6232, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 71.726894][ T6232] BTRFS info (device loop0): enabling ssd optimizations [ 71.733846][ T6232] BTRFS info (device loop0): auto enabling async discard umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6249 ./strace-static-x86_64: Process 6249 attached [pid 6249] set_robust_list(0x5555573f6660, 24) = 0 [pid 6249] chdir("./71") = 0 [pid 6249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6249] setpgid(0, 0) = 0 [pid 6249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6249] write(3, "1000", 4) = 4 [pid 6249] close(3) = 0 [pid 6249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6249] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6249] memfd_create("syzkaller", 0) = 3 [pid 6249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6249] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6249] close(3) = 0 [pid 6249] mkdir("./file0", 0777) = 0 [ 72.000853][ T6249] loop0: detected capacity change from 0 to 32768 [ 72.010325][ T6249] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6249) [ 72.025655][ T6249] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.034444][ T6249] BTRFS info (device loop0): setting nodatacow, compression disabled [ 72.042575][ T6249] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 72.053326][ T6249] BTRFS info (device loop0): trying to use backup root at mount time [ 72.061520][ T6249] BTRFS info (device loop0): disabling tree log [ 72.067934][ T6249] BTRFS info (device loop0): enabling auto defrag [ 72.074378][ T6249] BTRFS info (device loop0): using free space tree [ 72.090060][ T6249] BTRFS info (device loop0): enabling ssd optimizations [pid 6249] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6249] chdir("./file0") = 0 [pid 6249] ioctl(4, LOOP_CLR_FD) = 0 [pid 6249] close(4) = 0 [pid 6249] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6249] getpid() = 6249 [pid 6249] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6249] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6249] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6249] exit_group(0) = ? [pid 6249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6249, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 72.097064][ T6249] BTRFS info (device loop0): auto enabling async discard umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6266 attached , child_tidptr=0x5555573f6650) = 6266 [pid 6266] set_robust_list(0x5555573f6660, 24) = 0 [pid 6266] chdir("./72") = 0 [pid 6266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6266] setpgid(0, 0) = 0 [pid 6266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6266] write(3, "1000", 4) = 4 [pid 6266] close(3) = 0 [pid 6266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6266] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6266] memfd_create("syzkaller", 0) = 3 [pid 6266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6266] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6266] close(3) = 0 [pid 6266] mkdir("./file0", 0777) = 0 [ 72.377368][ T6266] loop0: detected capacity change from 0 to 32768 [ 72.387235][ T6266] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6266) [ 72.402296][ T6266] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.411204][ T6266] BTRFS info (device loop0): setting nodatacow, compression disabled [ 72.419342][ T6266] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 72.429999][ T6266] BTRFS info (device loop0): trying to use backup root at mount time [ 72.438145][ T6266] BTRFS info (device loop0): disabling tree log [ 72.444447][ T6266] BTRFS info (device loop0): enabling auto defrag [ 72.450973][ T6266] BTRFS info (device loop0): using free space tree [ 72.467077][ T6266] BTRFS info (device loop0): enabling ssd optimizations [pid 6266] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6266] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6266] chdir("./file0") = 0 [pid 6266] ioctl(4, LOOP_CLR_FD) = 0 [pid 6266] close(4) = 0 [pid 6266] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6266] getpid() = 6266 [pid 6266] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6266] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6266] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6266] exit_group(0) = ? [pid 6266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6266, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 72.474070][ T6266] BTRFS info (device loop0): auto enabling async discard umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6283 attached , child_tidptr=0x5555573f6650) = 6283 [pid 6283] set_robust_list(0x5555573f6660, 24) = 0 [pid 6283] chdir("./73") = 0 [pid 6283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6283] setpgid(0, 0) = 0 [pid 6283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6283] write(3, "1000", 4) = 4 [pid 6283] close(3) = 0 [pid 6283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6283] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6283] memfd_create("syzkaller", 0) = 3 [pid 6283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6283] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6283] close(3) = 0 [pid 6283] mkdir("./file0", 0777) = 0 [ 72.750476][ T6283] loop0: detected capacity change from 0 to 32768 [ 72.760723][ T6283] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6283) [ 72.775937][ T6283] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.784750][ T6283] BTRFS info (device loop0): setting nodatacow, compression disabled [ 72.792925][ T6283] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 72.803605][ T6283] BTRFS info (device loop0): trying to use backup root at mount time [ 72.811766][ T6283] BTRFS info (device loop0): disabling tree log [ 72.818103][ T6283] BTRFS info (device loop0): enabling auto defrag [ 72.824544][ T6283] BTRFS info (device loop0): using free space tree [ 72.840784][ T6283] BTRFS info (device loop0): enabling ssd optimizations [pid 6283] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6283] chdir("./file0") = 0 [pid 6283] ioctl(4, LOOP_CLR_FD) = 0 [pid 6283] close(4) = 0 [pid 6283] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6283] getpid() = 6283 [pid 6283] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6283] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6283] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6283] exit_group(0) = ? [pid 6283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6283, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 72.847832][ T6283] BTRFS info (device loop0): auto enabling async discard umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6300 ./strace-static-x86_64: Process 6300 attached [pid 6300] set_robust_list(0x5555573f6660, 24) = 0 [pid 6300] chdir("./74") = 0 [pid 6300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6300] setpgid(0, 0) = 0 [pid 6300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6300] write(3, "1000", 4) = 4 [pid 6300] close(3) = 0 [pid 6300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6300] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6300] memfd_create("syzkaller", 0) = 3 [pid 6300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6300] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6300] close(3) = 0 [pid 6300] mkdir("./file0", 0777) = 0 [ 73.114615][ T6300] loop0: detected capacity change from 0 to 32768 [ 73.124646][ T6300] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6300) [ 73.140055][ T6300] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.148892][ T6300] BTRFS info (device loop0): setting nodatacow, compression disabled [ 73.157001][ T6300] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 73.167647][ T6300] BTRFS info (device loop0): trying to use backup root at mount time [ 73.175736][ T6300] BTRFS info (device loop0): disabling tree log [ 73.182052][ T6300] BTRFS info (device loop0): enabling auto defrag [ 73.188507][ T6300] BTRFS info (device loop0): using free space tree [ 73.204747][ T6300] BTRFS info (device loop0): enabling ssd optimizations [pid 6300] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6300] chdir("./file0") = 0 [pid 6300] ioctl(4, LOOP_CLR_FD) = 0 [pid 6300] close(4) = 0 [pid 6300] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6300] getpid() = 6300 [pid 6300] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6300] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6300] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6300] exit_group(0) = ? [pid 6300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6300, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 73.211772][ T6300] BTRFS info (device loop0): auto enabling async discard umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6317 ./strace-static-x86_64: Process 6317 attached [pid 6317] set_robust_list(0x5555573f6660, 24) = 0 [pid 6317] chdir("./75") = 0 [pid 6317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6317] setpgid(0, 0) = 0 [pid 6317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6317] write(3, "1000", 4) = 4 [pid 6317] close(3) = 0 [pid 6317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6317] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6317] memfd_create("syzkaller", 0) = 3 [pid 6317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6317] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6317] close(3) = 0 [pid 6317] mkdir("./file0", 0777) = 0 [ 73.497758][ T6317] loop0: detected capacity change from 0 to 32768 [ 73.507427][ T6317] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6317) [ 73.522719][ T6317] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.531537][ T6317] BTRFS info (device loop0): setting nodatacow, compression disabled [ 73.539675][ T6317] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 73.550342][ T6317] BTRFS info (device loop0): trying to use backup root at mount time [ 73.558442][ T6317] BTRFS info (device loop0): disabling tree log [ 73.564672][ T6317] BTRFS info (device loop0): enabling auto defrag [ 73.571201][ T6317] BTRFS info (device loop0): using free space tree [ 73.587201][ T6317] BTRFS info (device loop0): enabling ssd optimizations [pid 6317] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6317] chdir("./file0") = 0 [pid 6317] ioctl(4, LOOP_CLR_FD) = 0 [pid 6317] close(4) = 0 [pid 6317] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6317] getpid() = 6317 [pid 6317] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6317] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6317] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6317] exit_group(0) = ? [pid 6317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6317, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.594200][ T6317] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6334 ./strace-static-x86_64: Process 6334 attached [pid 6334] set_robust_list(0x5555573f6660, 24) = 0 [pid 6334] chdir("./76") = 0 [pid 6334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6334] setpgid(0, 0) = 0 [pid 6334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6334] write(3, "1000", 4) = 4 [pid 6334] close(3) = 0 [pid 6334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6334] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6334] memfd_create("syzkaller", 0) = 3 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6334] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6334] close(3) = 0 [pid 6334] mkdir("./file0", 0777) = 0 [ 73.872966][ T6334] loop0: detected capacity change from 0 to 32768 [ 73.882594][ T6334] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6334) [ 73.897767][ T6334] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.906520][ T6334] BTRFS info (device loop0): setting nodatacow, compression disabled [ 73.914574][ T6334] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 73.925187][ T6334] BTRFS info (device loop0): trying to use backup root at mount time [ 73.933276][ T6334] BTRFS info (device loop0): disabling tree log [ 73.939549][ T6334] BTRFS info (device loop0): enabling auto defrag [ 73.945970][ T6334] BTRFS info (device loop0): using free space tree [ 73.961617][ T6334] BTRFS info (device loop0): enabling ssd optimizations [pid 6334] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6334] chdir("./file0") = 0 [pid 6334] ioctl(4, LOOP_CLR_FD) = 0 [pid 6334] close(4) = 0 [pid 6334] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6334] getpid() = 6334 [pid 6334] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6334] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [ 73.969732][ T6334] BTRFS info (device loop0): auto enabling async discard [pid 6334] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6334] exit_group(0) = ? [pid 6334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6334, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6351 ./strace-static-x86_64: Process 6351 attached [pid 6351] set_robust_list(0x5555573f6660, 24) = 0 [pid 6351] chdir("./77") = 0 [pid 6351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6351] setpgid(0, 0) = 0 [pid 6351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6351] write(3, "1000", 4) = 4 [pid 6351] close(3) = 0 [pid 6351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6351] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6351] memfd_create("syzkaller", 0) = 3 [pid 6351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6351] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6351] close(3) = 0 [pid 6351] mkdir("./file0", 0777) = 0 [ 74.243889][ T6351] loop0: detected capacity change from 0 to 32768 [ 74.257444][ T6351] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6351) [ 74.272760][ T6351] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.281582][ T6351] BTRFS info (device loop0): setting nodatacow, compression disabled [ 74.289780][ T6351] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 74.300492][ T6351] BTRFS info (device loop0): trying to use backup root at mount time [ 74.308618][ T6351] BTRFS info (device loop0): disabling tree log [ 74.314905][ T6351] BTRFS info (device loop0): enabling auto defrag [ 74.321518][ T6351] BTRFS info (device loop0): using free space tree [pid 6351] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6351] chdir("./file0") = 0 [pid 6351] ioctl(4, LOOP_CLR_FD) = 0 [pid 6351] close(4) = 0 [pid 6351] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6351] getpid() = 6351 [pid 6351] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6351] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6351] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6351] exit_group(0) = ? [pid 6351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6351, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 74.337954][ T6351] BTRFS info (device loop0): enabling ssd optimizations [ 74.344971][ T6351] BTRFS info (device loop0): auto enabling async discard umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6368 ./strace-static-x86_64: Process 6368 attached [pid 6368] set_robust_list(0x5555573f6660, 24) = 0 [pid 6368] chdir("./78") = 0 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6368] setpgid(0, 0) = 0 [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6368] write(3, "1000", 4) = 4 [pid 6368] close(3) = 0 [pid 6368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6368] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6368] memfd_create("syzkaller", 0) = 3 [pid 6368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6368] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6368] close(3) = 0 [pid 6368] mkdir("./file0", 0777) = 0 [ 74.613436][ T6368] loop0: detected capacity change from 0 to 32768 [ 74.623398][ T6368] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6368) [ 74.638761][ T6368] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.647608][ T6368] BTRFS info (device loop0): setting nodatacow, compression disabled [ 74.655706][ T6368] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 74.666644][ T6368] BTRFS info (device loop0): trying to use backup root at mount time [ 74.674768][ T6368] BTRFS info (device loop0): disabling tree log [ 74.681065][ T6368] BTRFS info (device loop0): enabling auto defrag [ 74.687522][ T6368] BTRFS info (device loop0): using free space tree [ 74.703683][ T6368] BTRFS info (device loop0): enabling ssd optimizations [pid 6368] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6368] chdir("./file0") = 0 [pid 6368] ioctl(4, LOOP_CLR_FD) = 0 [pid 6368] close(4) = 0 [pid 6368] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6368] getpid() = 6368 [pid 6368] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6368] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6368] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6368] exit_group(0) = ? [pid 6368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6368, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 74.710939][ T6368] BTRFS info (device loop0): auto enabling async discard umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6385 ./strace-static-x86_64: Process 6385 attached [pid 6385] set_robust_list(0x5555573f6660, 24) = 0 [pid 6385] chdir("./79") = 0 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6385] setpgid(0, 0) = 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6385] write(3, "1000", 4) = 4 [pid 6385] close(3) = 0 [pid 6385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6385] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6385] memfd_create("syzkaller", 0) = 3 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6385] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6385] close(3) = 0 [pid 6385] mkdir("./file0", 0777) = 0 [ 74.986483][ T6385] loop0: detected capacity change from 0 to 32768 [ 74.996273][ T6385] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6385) [ 75.011663][ T6385] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.020514][ T6385] BTRFS info (device loop0): setting nodatacow, compression disabled [ 75.029044][ T6385] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 75.040021][ T6385] BTRFS info (device loop0): trying to use backup root at mount time [ 75.048406][ T6385] BTRFS info (device loop0): disabling tree log [ 75.054668][ T6385] BTRFS info (device loop0): enabling auto defrag [ 75.061168][ T6385] BTRFS info (device loop0): using free space tree [ 75.077040][ T6385] BTRFS info (device loop0): enabling ssd optimizations [pid 6385] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6385] chdir("./file0") = 0 [pid 6385] ioctl(4, LOOP_CLR_FD) = 0 [pid 6385] close(4) = 0 [pid 6385] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6385] getpid() = 6385 [pid 6385] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6385] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6385] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6385] exit_group(0) = ? [pid 6385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.084079][ T6385] BTRFS info (device loop0): auto enabling async discard unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6402 ./strace-static-x86_64: Process 6402 attached [pid 6402] set_robust_list(0x5555573f6660, 24) = 0 [pid 6402] chdir("./80") = 0 [pid 6402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6402] setpgid(0, 0) = 0 [pid 6402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6402] write(3, "1000", 4) = 4 [pid 6402] close(3) = 0 [pid 6402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6402] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6402] memfd_create("syzkaller", 0) = 3 [pid 6402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6402] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6402] close(3) = 0 [pid 6402] mkdir("./file0", 0777) = 0 [ 75.360831][ T6402] loop0: detected capacity change from 0 to 32768 [ 75.371115][ T6402] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6402) [ 75.386910][ T6402] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.395633][ T6402] BTRFS info (device loop0): setting nodatacow, compression disabled [ 75.403821][ T6402] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 75.414494][ T6402] BTRFS info (device loop0): trying to use backup root at mount time [ 75.422660][ T6402] BTRFS info (device loop0): disabling tree log [ 75.429074][ T6402] BTRFS info (device loop0): enabling auto defrag [ 75.435513][ T6402] BTRFS info (device loop0): using free space tree [ 75.451292][ T6402] BTRFS info (device loop0): enabling ssd optimizations [pid 6402] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6402] chdir("./file0") = 0 [pid 6402] ioctl(4, LOOP_CLR_FD) = 0 [pid 6402] close(4) = 0 [pid 6402] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6402] getpid() = 6402 [pid 6402] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6402] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [ 75.458352][ T6402] BTRFS info (device loop0): auto enabling async discard [pid 6402] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6402] exit_group(0) = ? [pid 6402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6402, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6419 ./strace-static-x86_64: Process 6419 attached [pid 6419] set_robust_list(0x5555573f6660, 24) = 0 [pid 6419] chdir("./81") = 0 [pid 6419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6419] setpgid(0, 0) = 0 [pid 6419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6419] write(3, "1000", 4) = 4 [pid 6419] close(3) = 0 [pid 6419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6419] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6419] memfd_create("syzkaller", 0) = 3 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6419] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6419] close(3) = 0 [pid 6419] mkdir("./file0", 0777) = 0 [ 75.737951][ T6419] loop0: detected capacity change from 0 to 32768 [ 75.748523][ T6419] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6419) [ 75.763617][ T6419] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.772412][ T6419] BTRFS info (device loop0): setting nodatacow, compression disabled [ 75.780512][ T6419] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 75.791135][ T6419] BTRFS info (device loop0): trying to use backup root at mount time [ 75.799237][ T6419] BTRFS info (device loop0): disabling tree log [ 75.805473][ T6419] BTRFS info (device loop0): enabling auto defrag [ 75.811929][ T6419] BTRFS info (device loop0): using free space tree [ 75.828307][ T6419] BTRFS info (device loop0): enabling ssd optimizations [pid 6419] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6419] chdir("./file0") = 0 [pid 6419] ioctl(4, LOOP_CLR_FD) = 0 [pid 6419] close(4) = 0 [pid 6419] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6419] getpid() = 6419 [pid 6419] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6419] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6419] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6419] exit_group(0) = ? [pid 6419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6419, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 75.835295][ T6419] BTRFS info (device loop0): auto enabling async discard umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6436 ./strace-static-x86_64: Process 6436 attached [pid 6436] set_robust_list(0x5555573f6660, 24) = 0 [pid 6436] chdir("./82") = 0 [pid 6436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6436] setpgid(0, 0) = 0 [pid 6436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6436] write(3, "1000", 4) = 4 [pid 6436] close(3) = 0 [pid 6436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6436] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6436] memfd_create("syzkaller", 0) = 3 [pid 6436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6436] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6436] close(3) = 0 [pid 6436] mkdir("./file0", 0777) = 0 [ 76.099152][ T6436] loop0: detected capacity change from 0 to 32768 [ 76.110172][ T6436] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6436) [ 76.125394][ T6436] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.134188][ T6436] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 6436] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6436] chdir("./file0") = 0 [pid 6436] ioctl(4, LOOP_CLR_FD) = 0 [pid 6436] close(4) = 0 [pid 6436] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6436] getpid() = 6436 [pid 6436] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6436] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6436] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6436] exit_group(0) = ? [pid 6436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6436, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 76.142331][ T6436] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 76.152970][ T6436] BTRFS info (device loop0): trying to use backup root at mount time [ 76.161065][ T6436] BTRFS info (device loop0): disabling tree log umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6453 ./strace-static-x86_64: Process 6453 attached [pid 6453] set_robust_list(0x5555573f6660, 24) = 0 [pid 6453] chdir("./83") = 0 [pid 6453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6453] setpgid(0, 0) = 0 [pid 6453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6453] write(3, "1000", 4) = 4 [pid 6453] close(3) = 0 [pid 6453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6453] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6453] memfd_create("syzkaller", 0) = 3 [pid 6453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6453] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6453] close(3) = 0 [pid 6453] mkdir("./file0", 0777) = 0 [pid 6453] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6453] chdir("./file0") = 0 [pid 6453] ioctl(4, LOOP_CLR_FD) = 0 [pid 6453] close(4) = 0 [pid 6453] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6453] getpid() = 6453 [pid 6453] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6453] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6453] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6453] exit_group(0) = ? [pid 6453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6453, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 76.452581][ T6453] loop0: detected capacity change from 0 to 32768 [ 76.461958][ T6453] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6453) [ 76.477357][ T6453] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6471 ./strace-static-x86_64: Process 6471 attached [pid 6471] set_robust_list(0x5555573f6660, 24) = 0 [pid 6471] chdir("./84") = 0 [pid 6471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6471] setpgid(0, 0) = 0 [pid 6471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6471] write(3, "1000", 4) = 4 [pid 6471] close(3) = 0 [pid 6471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6471] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6471] memfd_create("syzkaller", 0) = 3 [pid 6471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6471] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6471] close(3) = 0 [pid 6471] mkdir("./file0", 0777) = 0 [ 76.762593][ T6471] loop0: detected capacity change from 0 to 32768 [ 76.782638][ T6471] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6471) [ 76.797486][ T6471] _btrfs_printk: 12 callbacks suppressed [ 76.797499][ T6471] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.811925][ T6471] BTRFS info (device loop0): setting nodatacow, compression disabled [ 76.820149][ T6471] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 76.830791][ T6471] BTRFS info (device loop0): trying to use backup root at mount time [ 76.838931][ T6471] BTRFS info (device loop0): disabling tree log [ 76.845192][ T6471] BTRFS info (device loop0): enabling auto defrag [ 76.851646][ T6471] BTRFS info (device loop0): using free space tree [pid 6471] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6471] chdir("./file0") = 0 [pid 6471] ioctl(4, LOOP_CLR_FD) = 0 [pid 6471] close(4) = 0 [pid 6471] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6471] getpid() = 6471 [pid 6471] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6471] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6471] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6471] exit_group(0) = ? [pid 6471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6471, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 [ 76.868000][ T6471] BTRFS info (device loop0): enabling ssd optimizations [ 76.874980][ T6471] BTRFS info (device loop0): auto enabling async discard umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6489 ./strace-static-x86_64: Process 6489 attached [pid 6489] set_robust_list(0x5555573f6660, 24) = 0 [pid 6489] chdir("./85") = 0 [pid 6489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6489] setpgid(0, 0) = 0 [pid 6489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6489] write(3, "1000", 4) = 4 [pid 6489] close(3) = 0 [pid 6489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6489] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6489] memfd_create("syzkaller", 0) = 3 [pid 6489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6489] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6489] close(3) = 0 [pid 6489] mkdir("./file0", 0777) = 0 [ 77.145825][ T6489] loop0: detected capacity change from 0 to 32768 [ 77.156694][ T6489] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6489) [ 77.173531][ T6489] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.182609][ T6489] BTRFS info (device loop0): setting nodatacow, compression disabled [ 77.191001][ T6489] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 77.201680][ T6489] BTRFS info (device loop0): trying to use backup root at mount time [ 77.209981][ T6489] BTRFS info (device loop0): disabling tree log [ 77.216255][ T6489] BTRFS info (device loop0): enabling auto defrag [ 77.222778][ T6489] BTRFS info (device loop0): using free space tree [ 77.238114][ T6489] BTRFS info (device loop0): enabling ssd optimizations [pid 6489] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6489] chdir("./file0") = 0 [pid 6489] ioctl(4, LOOP_CLR_FD) = 0 [pid 6489] close(4) = 0 [pid 6489] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6489] getpid() = 6489 [pid 6489] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6489] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6489] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6489] exit_group(0) = ? [pid 6489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6489, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 [ 77.245185][ T6489] BTRFS info (device loop0): auto enabling async discard umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6506 ./strace-static-x86_64: Process 6506 attached [pid 6506] set_robust_list(0x5555573f6660, 24) = 0 [pid 6506] chdir("./86") = 0 [pid 6506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6506] setpgid(0, 0) = 0 [pid 6506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6506] write(3, "1000", 4) = 4 [pid 6506] close(3) = 0 [pid 6506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6506] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6506] memfd_create("syzkaller", 0) = 3 [pid 6506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6506] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6506] close(3) = 0 [pid 6506] mkdir("./file0", 0777) = 0 [ 77.525618][ T6506] loop0: detected capacity change from 0 to 32768 [ 77.535755][ T6506] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6506) [ 77.551176][ T6506] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.559982][ T6506] BTRFS info (device loop0): setting nodatacow, compression disabled [ 77.568142][ T6506] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 77.578800][ T6506] BTRFS info (device loop0): trying to use backup root at mount time [ 77.586973][ T6506] BTRFS info (device loop0): disabling tree log [ 77.593255][ T6506] BTRFS info (device loop0): enabling auto defrag [ 77.599766][ T6506] BTRFS info (device loop0): using free space tree [ 77.615240][ T6506] BTRFS info (device loop0): enabling ssd optimizations [pid 6506] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6506] chdir("./file0") = 0 [pid 6506] ioctl(4, LOOP_CLR_FD) = 0 [pid 6506] close(4) = 0 [pid 6506] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6506] getpid() = 6506 [pid 6506] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6506] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6506] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6506] exit_group(0) = ? [ 77.622439][ T6506] BTRFS info (device loop0): auto enabling async discard [pid 6506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6506, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6523 ./strace-static-x86_64: Process 6523 attached [pid 6523] set_robust_list(0x5555573f6660, 24) = 0 [pid 6523] chdir("./87") = 0 [pid 6523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6523] setpgid(0, 0) = 0 [pid 6523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6523] write(3, "1000", 4) = 4 [pid 6523] close(3) = 0 [pid 6523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6523] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6523] memfd_create("syzkaller", 0) = 3 [pid 6523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6523] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6523] close(3) = 0 [pid 6523] mkdir("./file0", 0777) = 0 [ 77.905854][ T6523] loop0: detected capacity change from 0 to 32768 [ 77.915423][ T6523] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6523) [ 77.930768][ T6523] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.939570][ T6523] BTRFS info (device loop0): setting nodatacow, compression disabled [ 77.947711][ T6523] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 77.958348][ T6523] BTRFS info (device loop0): trying to use backup root at mount time [ 77.966588][ T6523] BTRFS info (device loop0): disabling tree log [ 77.972861][ T6523] BTRFS info (device loop0): enabling auto defrag [ 77.979377][ T6523] BTRFS info (device loop0): using free space tree [ 77.995426][ T6523] BTRFS info (device loop0): enabling ssd optimizations [pid 6523] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6523] chdir("./file0") = 0 [pid 6523] ioctl(4, LOOP_CLR_FD) = 0 [pid 6523] close(4) = 0 [pid 6523] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6523] getpid() = 6523 [pid 6523] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6523] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6523] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6523] exit_group(0) = ? [pid 6523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6523, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 [ 78.002477][ T6523] BTRFS info (device loop0): auto enabling async discard umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6540 ./strace-static-x86_64: Process 6540 attached [pid 6540] set_robust_list(0x5555573f6660, 24) = 0 [pid 6540] chdir("./88") = 0 [pid 6540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6540] setpgid(0, 0) = 0 [pid 6540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6540] write(3, "1000", 4) = 4 [pid 6540] close(3) = 0 [pid 6540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6540] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6540] memfd_create("syzkaller", 0) = 3 [pid 6540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6540] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6540] close(3) = 0 [pid 6540] mkdir("./file0", 0777) = 0 [ 78.282926][ T6540] loop0: detected capacity change from 0 to 32768 [ 78.293159][ T6540] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6540) [ 78.308477][ T6540] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.317667][ T6540] BTRFS info (device loop0): setting nodatacow, compression disabled [ 78.325973][ T6540] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.336694][ T6540] BTRFS info (device loop0): trying to use backup root at mount time [ 78.344778][ T6540] BTRFS info (device loop0): disabling tree log [ 78.351079][ T6540] BTRFS info (device loop0): enabling auto defrag [ 78.357541][ T6540] BTRFS info (device loop0): using free space tree [ 78.373466][ T6540] BTRFS info (device loop0): enabling ssd optimizations [pid 6540] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6540] chdir("./file0") = 0 [pid 6540] ioctl(4, LOOP_CLR_FD) = 0 [pid 6540] close(4) = 0 [pid 6540] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6540] getpid() = 6540 [pid 6540] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6540] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6540] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6540] exit_group(0) = ? [pid 6540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6540, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 78.380570][ T6540] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6557 ./strace-static-x86_64: Process 6557 attached [pid 6557] set_robust_list(0x5555573f6660, 24) = 0 [pid 6557] chdir("./89") = 0 [pid 6557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6557] setpgid(0, 0) = 0 [pid 6557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6557] write(3, "1000", 4) = 4 [pid 6557] close(3) = 0 [pid 6557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6557] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6557] memfd_create("syzkaller", 0) = 3 [pid 6557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6557] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6557] close(3) = 0 [pid 6557] mkdir("./file0", 0777) = 0 [ 78.653668][ T6557] loop0: detected capacity change from 0 to 32768 [ 78.664309][ T6557] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6557) [ 78.679587][ T6557] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.688587][ T6557] BTRFS info (device loop0): setting nodatacow, compression disabled [ 78.696871][ T6557] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.707634][ T6557] BTRFS info (device loop0): trying to use backup root at mount time [ 78.715726][ T6557] BTRFS info (device loop0): disabling tree log [ 78.722155][ T6557] BTRFS info (device loop0): enabling auto defrag [ 78.728647][ T6557] BTRFS info (device loop0): using free space tree [ 78.744451][ T6557] BTRFS info (device loop0): enabling ssd optimizations [pid 6557] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6557] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6557] chdir("./file0") = 0 [pid 6557] ioctl(4, LOOP_CLR_FD) = 0 [pid 6557] close(4) = 0 [pid 6557] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6557] getpid() = 6557 [pid 6557] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6557] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6557] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6557] exit_group(0) = ? [pid 6557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6557, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 78.751522][ T6557] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6574 ./strace-static-x86_64: Process 6574 attached [pid 6574] set_robust_list(0x5555573f6660, 24) = 0 [pid 6574] chdir("./90") = 0 [pid 6574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6574] setpgid(0, 0) = 0 [pid 6574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6574] write(3, "1000", 4) = 4 [pid 6574] close(3) = 0 [pid 6574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6574] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6574] memfd_create("syzkaller", 0) = 3 [pid 6574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6574] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6574] close(3) = 0 [pid 6574] mkdir("./file0", 0777) = 0 [ 79.033706][ T6574] loop0: detected capacity change from 0 to 32768 [ 79.043591][ T6574] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6574) [ 79.058951][ T6574] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.067673][ T6574] BTRFS info (device loop0): setting nodatacow, compression disabled [ 79.075728][ T6574] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 79.086386][ T6574] BTRFS info (device loop0): trying to use backup root at mount time [ 79.094455][ T6574] BTRFS info (device loop0): disabling tree log [ 79.100758][ T6574] BTRFS info (device loop0): enabling auto defrag [ 79.107221][ T6574] BTRFS info (device loop0): using free space tree [ 79.122980][ T6574] BTRFS info (device loop0): enabling ssd optimizations [pid 6574] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6574] chdir("./file0") = 0 [pid 6574] ioctl(4, LOOP_CLR_FD) = 0 [pid 6574] close(4) = 0 [pid 6574] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6574] getpid() = 6574 [pid 6574] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6574] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6574] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6574] exit_group(0) = ? [pid 6574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6574, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 79.130030][ T6574] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6591 ./strace-static-x86_64: Process 6591 attached [pid 6591] set_robust_list(0x5555573f6660, 24) = 0 [pid 6591] chdir("./91") = 0 [pid 6591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6591] setpgid(0, 0) = 0 [pid 6591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6591] write(3, "1000", 4) = 4 [pid 6591] close(3) = 0 [pid 6591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6591] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6591] memfd_create("syzkaller", 0) = 3 [pid 6591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6591] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6591] close(3) = 0 [pid 6591] mkdir("./file0", 0777) = 0 [ 79.404263][ T6591] loop0: detected capacity change from 0 to 32768 [ 79.413815][ T6591] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6591) [ 79.429239][ T6591] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.438402][ T6591] BTRFS info (device loop0): setting nodatacow, compression disabled [ 79.446595][ T6591] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 79.457331][ T6591] BTRFS info (device loop0): trying to use backup root at mount time [ 79.465409][ T6591] BTRFS info (device loop0): disabling tree log [ 79.471862][ T6591] BTRFS info (device loop0): enabling auto defrag [ 79.478420][ T6591] BTRFS info (device loop0): using free space tree [ 79.494489][ T6591] BTRFS info (device loop0): enabling ssd optimizations [pid 6591] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6591] chdir("./file0") = 0 [pid 6591] ioctl(4, LOOP_CLR_FD) = 0 [pid 6591] close(4) = 0 [pid 6591] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6591] getpid() = 6591 [pid 6591] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6591] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6591] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6591] exit_group(0) = ? [pid 6591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6591, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 79.501519][ T6591] BTRFS info (device loop0): auto enabling async discard unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6608 ./strace-static-x86_64: Process 6608 attached [pid 6608] set_robust_list(0x5555573f6660, 24) = 0 [pid 6608] chdir("./92") = 0 [pid 6608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6608] setpgid(0, 0) = 0 [pid 6608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6608] write(3, "1000", 4) = 4 [pid 6608] close(3) = 0 [pid 6608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6608] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6608] memfd_create("syzkaller", 0) = 3 [pid 6608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6608] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6608] close(3) = 0 [pid 6608] mkdir("./file0", 0777) = 0 [ 79.766745][ T6608] loop0: detected capacity change from 0 to 32768 [ 79.775486][ T6608] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6608) [ 79.790754][ T6608] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.799579][ T6608] BTRFS info (device loop0): setting nodatacow, compression disabled [ 79.807696][ T6608] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 79.818377][ T6608] BTRFS info (device loop0): trying to use backup root at mount time [ 79.826516][ T6608] BTRFS info (device loop0): disabling tree log [ 79.832833][ T6608] BTRFS info (device loop0): enabling auto defrag [ 79.839375][ T6608] BTRFS info (device loop0): using free space tree [ 79.854927][ T6608] BTRFS info (device loop0): enabling ssd optimizations [pid 6608] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6608] chdir("./file0") = 0 [pid 6608] ioctl(4, LOOP_CLR_FD) = 0 [pid 6608] close(4) = 0 [pid 6608] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6608] getpid() = 6608 [pid 6608] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6608] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6608] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6608] exit_group(0) = ? [pid 6608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6608, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 79.861941][ T6608] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6625 ./strace-static-x86_64: Process 6625 attached [pid 6625] set_robust_list(0x5555573f6660, 24) = 0 [pid 6625] chdir("./93") = 0 [pid 6625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6625] setpgid(0, 0) = 0 [pid 6625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6625] write(3, "1000", 4) = 4 [pid 6625] close(3) = 0 [pid 6625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6625] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6625] memfd_create("syzkaller", 0) = 3 [pid 6625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6625] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6625] close(3) = 0 [pid 6625] mkdir("./file0", 0777) = 0 [ 80.139377][ T6625] loop0: detected capacity change from 0 to 32768 [ 80.149707][ T6625] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6625) [ 80.164895][ T6625] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.174230][ T6625] BTRFS info (device loop0): setting nodatacow, compression disabled [ 80.182343][ T6625] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.193075][ T6625] BTRFS info (device loop0): trying to use backup root at mount time [ 80.201206][ T6625] BTRFS info (device loop0): disabling tree log [ 80.207485][ T6625] BTRFS info (device loop0): enabling auto defrag [ 80.213885][ T6625] BTRFS info (device loop0): using free space tree [ 80.229552][ T6625] BTRFS info (device loop0): enabling ssd optimizations [pid 6625] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6625] chdir("./file0") = 0 [pid 6625] ioctl(4, LOOP_CLR_FD) = 0 [pid 6625] close(4) = 0 [pid 6625] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6625] getpid() = 6625 [pid 6625] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6625] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6625] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6625] exit_group(0) = ? [pid 6625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6625, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 80.236552][ T6625] BTRFS info (device loop0): auto enabling async discard unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6642 ./strace-static-x86_64: Process 6642 attached [pid 6642] set_robust_list(0x5555573f6660, 24) = 0 [pid 6642] chdir("./94") = 0 [pid 6642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6642] setpgid(0, 0) = 0 [pid 6642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6642] write(3, "1000", 4) = 4 [pid 6642] close(3) = 0 [pid 6642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6642] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6642] memfd_create("syzkaller", 0) = 3 [pid 6642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6642] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6642] close(3) = 0 [pid 6642] mkdir("./file0", 0777) = 0 [ 80.510751][ T6642] loop0: detected capacity change from 0 to 32768 [ 80.520905][ T6642] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6642) [ 80.536789][ T6642] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.545541][ T6642] BTRFS info (device loop0): setting nodatacow, compression disabled [ 80.553720][ T6642] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.564470][ T6642] BTRFS info (device loop0): trying to use backup root at mount time [ 80.572636][ T6642] BTRFS info (device loop0): disabling tree log [ 80.578925][ T6642] BTRFS info (device loop0): enabling auto defrag [ 80.585374][ T6642] BTRFS info (device loop0): using free space tree [ 80.601618][ T6642] BTRFS info (device loop0): enabling ssd optimizations [pid 6642] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6642] chdir("./file0") = 0 [pid 6642] ioctl(4, LOOP_CLR_FD) = 0 [pid 6642] close(4) = 0 [pid 6642] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6642] getpid() = 6642 [pid 6642] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6642] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6642] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6642] exit_group(0) = ? [pid 6642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6642, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [ 80.608658][ T6642] BTRFS info (device loop0): auto enabling async discard umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6659 ./strace-static-x86_64: Process 6659 attached [pid 6659] set_robust_list(0x5555573f6660, 24) = 0 [pid 6659] chdir("./95") = 0 [pid 6659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6659] setpgid(0, 0) = 0 [pid 6659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6659] write(3, "1000", 4) = 4 [pid 6659] close(3) = 0 [pid 6659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6659] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6659] memfd_create("syzkaller", 0) = 3 [pid 6659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6659] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6659] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6659] close(3) = 0 [pid 6659] mkdir("./file0", 0777) = 0 [ 80.889499][ T6659] loop0: detected capacity change from 0 to 32768 [ 80.898980][ T6659] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6659) [ 80.914432][ T6659] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.923318][ T6659] BTRFS info (device loop0): setting nodatacow, compression disabled [ 80.931656][ T6659] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.942329][ T6659] BTRFS info (device loop0): trying to use backup root at mount time [ 80.950468][ T6659] BTRFS info (device loop0): disabling tree log [ 80.956781][ T6659] BTRFS info (device loop0): enabling auto defrag [ 80.963281][ T6659] BTRFS info (device loop0): using free space tree [ 80.979200][ T6659] BTRFS info (device loop0): enabling ssd optimizations [pid 6659] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6659] chdir("./file0") = 0 [pid 6659] ioctl(4, LOOP_CLR_FD) = 0 [pid 6659] close(4) = 0 [pid 6659] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6659] getpid() = 6659 [pid 6659] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6659] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6659] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6659] exit_group(0) = ? [pid 6659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6659, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 [ 80.986201][ T6659] BTRFS info (device loop0): auto enabling async discard umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6676 ./strace-static-x86_64: Process 6676 attached [pid 6676] set_robust_list(0x5555573f6660, 24) = 0 [pid 6676] chdir("./96") = 0 [pid 6676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6676] setpgid(0, 0) = 0 [pid 6676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6676] write(3, "1000", 4) = 4 [pid 6676] close(3) = 0 [pid 6676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6676] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6676] memfd_create("syzkaller", 0) = 3 [pid 6676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6676] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6676] close(3) = 0 [pid 6676] mkdir("./file0", 0777) = 0 [ 81.260052][ T6676] loop0: detected capacity change from 0 to 32768 [ 81.270601][ T6676] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6676) [ 81.285262][ T6676] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.294075][ T6676] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 6676] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6676] chdir("./file0") = 0 [pid 6676] ioctl(4, LOOP_CLR_FD) = 0 [pid 6676] close(4) = 0 [pid 6676] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6676] getpid() = 6676 [pid 6676] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6676] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6676] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6676] exit_group(0) = ? [pid 6676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6676, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 [ 81.302201][ T6676] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 81.312819][ T6676] BTRFS info (device loop0): trying to use backup root at mount time [ 81.320912][ T6676] BTRFS info (device loop0): disabling tree log umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6693 ./strace-static-x86_64: Process 6693 attached [pid 6693] set_robust_list(0x5555573f6660, 24) = 0 [pid 6693] chdir("./97") = 0 [pid 6693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6693] setpgid(0, 0) = 0 [pid 6693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6693] write(3, "1000", 4) = 4 [pid 6693] close(3) = 0 [pid 6693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6693] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6693] memfd_create("syzkaller", 0) = 3 [pid 6693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6693] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6693] close(3) = 0 [pid 6693] mkdir("./file0", 0777) = 0 [pid 6693] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6693] chdir("./file0") = 0 [pid 6693] ioctl(4, LOOP_CLR_FD) = 0 [pid 6693] close(4) = 0 [pid 6693] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6693] getpid() = 6693 [pid 6693] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6693] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6693] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6693] exit_group(0) = ? [pid 6693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6693, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 81.602043][ T6693] loop0: detected capacity change from 0 to 32768 [ 81.611651][ T6693] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6693) [ 81.626999][ T6693] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6710 ./strace-static-x86_64: Process 6710 attached [pid 6710] set_robust_list(0x5555573f6660, 24) = 0 [pid 6710] chdir("./98") = 0 [pid 6710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6710] setpgid(0, 0) = 0 [pid 6710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6710] write(3, "1000", 4) = 4 [pid 6710] close(3) = 0 [pid 6710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6710] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6710] memfd_create("syzkaller", 0) = 3 [pid 6710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6710] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6710] close(3) = 0 [pid 6710] mkdir("./file0", 0777) = 0 [ 81.916706][ T6710] loop0: detected capacity change from 0 to 32768 [ 81.926634][ T6710] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6710) [ 81.942010][ T6710] _btrfs_printk: 12 callbacks suppressed [ 81.942024][ T6710] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.956580][ T6710] BTRFS info (device loop0): setting nodatacow, compression disabled [ 81.964756][ T6710] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 81.975423][ T6710] BTRFS info (device loop0): trying to use backup root at mount time [ 81.983589][ T6710] BTRFS info (device loop0): disabling tree log [ 81.989899][ T6710] BTRFS info (device loop0): enabling auto defrag [ 81.996321][ T6710] BTRFS info (device loop0): using free space tree [pid 6710] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6710] chdir("./file0") = 0 [pid 6710] ioctl(4, LOOP_CLR_FD) = 0 [pid 6710] close(4) = 0 [pid 6710] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6710] getpid() = 6710 [pid 6710] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6710] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6710] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6710] exit_group(0) = ? [pid 6710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6710, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 [ 82.011533][ T6710] BTRFS info (device loop0): enabling ssd optimizations [ 82.018553][ T6710] BTRFS info (device loop0): auto enabling async discard umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6727 ./strace-static-x86_64: Process 6727 attached [pid 6727] set_robust_list(0x5555573f6660, 24) = 0 [pid 6727] chdir("./99") = 0 [pid 6727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6727] setpgid(0, 0) = 0 [pid 6727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6727] write(3, "1000", 4) = 4 [pid 6727] close(3) = 0 [pid 6727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6727] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6727] memfd_create("syzkaller", 0) = 3 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6727] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6727] close(3) = 0 [pid 6727] mkdir("./file0", 0777) = 0 [ 82.295611][ T6727] loop0: detected capacity change from 0 to 32768 [ 82.305347][ T6727] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6727) [ 82.320805][ T6727] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.329624][ T6727] BTRFS info (device loop0): setting nodatacow, compression disabled [ 82.337925][ T6727] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 82.348608][ T6727] BTRFS info (device loop0): trying to use backup root at mount time [ 82.356754][ T6727] BTRFS info (device loop0): disabling tree log [ 82.363067][ T6727] BTRFS info (device loop0): enabling auto defrag [ 82.369556][ T6727] BTRFS info (device loop0): using free space tree [ 82.385150][ T6727] BTRFS info (device loop0): enabling ssd optimizations [pid 6727] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6727] chdir("./file0") = 0 [pid 6727] ioctl(4, LOOP_CLR_FD) = 0 [pid 6727] close(4) = 0 [pid 6727] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6727] getpid() = 6727 [pid 6727] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6727] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6727] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6727] exit_group(0) = ? [pid 6727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6727, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 82.392278][ T6727] BTRFS info (device loop0): auto enabling async discard umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6744 ./strace-static-x86_64: Process 6744 attached [pid 6744] set_robust_list(0x5555573f6660, 24) = 0 [pid 6744] chdir("./100") = 0 [pid 6744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6744] setpgid(0, 0) = 0 [pid 6744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6744] write(3, "1000", 4) = 4 [pid 6744] close(3) = 0 [pid 6744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6744] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6744] memfd_create("syzkaller", 0) = 3 [pid 6744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6744] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6744] close(3) = 0 [pid 6744] mkdir("./file0", 0777) = 0 [ 82.666174][ T6744] loop0: detected capacity change from 0 to 32768 [ 82.676648][ T6744] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6744) [ 82.691865][ T6744] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.700685][ T6744] BTRFS info (device loop0): setting nodatacow, compression disabled [ 82.708816][ T6744] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 82.719490][ T6744] BTRFS info (device loop0): trying to use backup root at mount time [ 82.727618][ T6744] BTRFS info (device loop0): disabling tree log [ 82.733898][ T6744] BTRFS info (device loop0): enabling auto defrag [ 82.740433][ T6744] BTRFS info (device loop0): using free space tree [ 82.755751][ T6744] BTRFS info (device loop0): enabling ssd optimizations [pid 6744] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6744] chdir("./file0") = 0 [pid 6744] ioctl(4, LOOP_CLR_FD) = 0 [pid 6744] close(4) = 0 [pid 6744] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6744] getpid() = 6744 [pid 6744] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6744] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6744] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6744] exit_group(0) = ? [pid 6744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6744, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 82.762848][ T6744] BTRFS info (device loop0): auto enabling async discard umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6761 ./strace-static-x86_64: Process 6761 attached [pid 6761] set_robust_list(0x5555573f6660, 24) = 0 [pid 6761] chdir("./101") = 0 [pid 6761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6761] setpgid(0, 0) = 0 [pid 6761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6761] write(3, "1000", 4) = 4 [pid 6761] close(3) = 0 [pid 6761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6761] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6761] memfd_create("syzkaller", 0) = 3 [pid 6761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6761] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6761] close(3) = 0 [pid 6761] mkdir("./file0", 0777) = 0 [ 83.035847][ T6761] loop0: detected capacity change from 0 to 32768 [ 83.045618][ T6761] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6761) [ 83.061178][ T6761] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.070411][ T6761] BTRFS info (device loop0): setting nodatacow, compression disabled [ 83.078862][ T6761] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.089658][ T6761] BTRFS info (device loop0): trying to use backup root at mount time [ 83.097787][ T6761] BTRFS info (device loop0): disabling tree log [ 83.104028][ T6761] BTRFS info (device loop0): enabling auto defrag [ 83.110495][ T6761] BTRFS info (device loop0): using free space tree [ 83.125927][ T6761] BTRFS info (device loop0): enabling ssd optimizations [pid 6761] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6761] chdir("./file0") = 0 [pid 6761] ioctl(4, LOOP_CLR_FD) = 0 [pid 6761] close(4) = 0 [pid 6761] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6761] getpid() = 6761 [pid 6761] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6761] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6761] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6761] exit_group(0) = ? [ 83.133083][ T6761] BTRFS info (device loop0): auto enabling async discard [pid 6761] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6761, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6778 ./strace-static-x86_64: Process 6778 attached [pid 6778] set_robust_list(0x5555573f6660, 24) = 0 [pid 6778] chdir("./102") = 0 [pid 6778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6778] setpgid(0, 0) = 0 [pid 6778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6778] write(3, "1000", 4) = 4 [pid 6778] close(3) = 0 [pid 6778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6778] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6778] memfd_create("syzkaller", 0) = 3 [pid 6778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6778] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6778] close(3) = 0 [pid 6778] mkdir("./file0", 0777) = 0 [ 83.415579][ T6778] loop0: detected capacity change from 0 to 32768 [ 83.425841][ T6778] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6778) [ 83.441115][ T6778] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.449930][ T6778] BTRFS info (device loop0): setting nodatacow, compression disabled [ 83.458100][ T6778] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.468773][ T6778] BTRFS info (device loop0): trying to use backup root at mount time [ 83.476935][ T6778] BTRFS info (device loop0): disabling tree log [ 83.483252][ T6778] BTRFS info (device loop0): enabling auto defrag [ 83.489782][ T6778] BTRFS info (device loop0): using free space tree [ 83.505244][ T6778] BTRFS info (device loop0): enabling ssd optimizations [pid 6778] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6778] chdir("./file0") = 0 [pid 6778] ioctl(4, LOOP_CLR_FD) = 0 [pid 6778] close(4) = 0 [pid 6778] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6778] getpid() = 6778 [pid 6778] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6778] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6778] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6778] exit_group(0) = ? [pid 6778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6778, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 [ 83.512367][ T6778] BTRFS info (device loop0): auto enabling async discard umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6795 ./strace-static-x86_64: Process 6795 attached [pid 6795] set_robust_list(0x5555573f6660, 24) = 0 [pid 6795] chdir("./103") = 0 [pid 6795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6795] setpgid(0, 0) = 0 [pid 6795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6795] write(3, "1000", 4) = 4 [pid 6795] close(3) = 0 [pid 6795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6795] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6795] memfd_create("syzkaller", 0) = 3 [pid 6795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6795] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6795] close(3) = 0 [pid 6795] mkdir("./file0", 0777) = 0 [ 83.790640][ T6795] loop0: detected capacity change from 0 to 32768 [ 83.800979][ T6795] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6795) [ 83.816748][ T6795] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.825832][ T6795] BTRFS info (device loop0): setting nodatacow, compression disabled [ 83.834003][ T6795] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.844763][ T6795] BTRFS info (device loop0): trying to use backup root at mount time [ 83.852876][ T6795] BTRFS info (device loop0): disabling tree log [ 83.859191][ T6795] BTRFS info (device loop0): enabling auto defrag [ 83.865634][ T6795] BTRFS info (device loop0): using free space tree [ 83.881663][ T6795] BTRFS info (device loop0): enabling ssd optimizations [pid 6795] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6795] chdir("./file0") = 0 [pid 6795] ioctl(4, LOOP_CLR_FD) = 0 [pid 6795] close(4) = 0 [pid 6795] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6795] getpid() = 6795 [pid 6795] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6795] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6795] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6795] exit_group(0) = ? [pid 6795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6795, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 83.888688][ T6795] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6812 ./strace-static-x86_64: Process 6812 attached [pid 6812] set_robust_list(0x5555573f6660, 24) = 0 [pid 6812] chdir("./104") = 0 [pid 6812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6812] setpgid(0, 0) = 0 [pid 6812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6812] write(3, "1000", 4) = 4 [pid 6812] close(3) = 0 [pid 6812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6812] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6812] memfd_create("syzkaller", 0) = 3 [pid 6812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6812] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6812] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6812] close(3) = 0 [pid 6812] mkdir("./file0", 0777) = 0 [ 84.160278][ T6812] loop0: detected capacity change from 0 to 32768 [ 84.170211][ T6812] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6812) [ 84.185688][ T6812] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.194489][ T6812] BTRFS info (device loop0): setting nodatacow, compression disabled [ 84.202628][ T6812] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 84.213386][ T6812] BTRFS info (device loop0): trying to use backup root at mount time [ 84.221611][ T6812] BTRFS info (device loop0): disabling tree log [ 84.227991][ T6812] BTRFS info (device loop0): enabling auto defrag [ 84.234448][ T6812] BTRFS info (device loop0): using free space tree [ 84.251614][ T6812] BTRFS info (device loop0): enabling ssd optimizations [pid 6812] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6812] chdir("./file0") = 0 [pid 6812] ioctl(4, LOOP_CLR_FD) = 0 [pid 6812] close(4) = 0 [pid 6812] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6812] getpid() = 6812 [pid 6812] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6812] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6812] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6812] exit_group(0) = ? [pid 6812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6812, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.258674][ T6812] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6829 attached , child_tidptr=0x5555573f6650) = 6829 [pid 6829] set_robust_list(0x5555573f6660, 24) = 0 [pid 6829] chdir("./105") = 0 [pid 6829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6829] setpgid(0, 0) = 0 [pid 6829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6829] write(3, "1000", 4) = 4 [pid 6829] close(3) = 0 [pid 6829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6829] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6829] memfd_create("syzkaller", 0) = 3 [pid 6829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6829] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6829] close(3) = 0 [pid 6829] mkdir("./file0", 0777) = 0 [ 84.550587][ T6829] loop0: detected capacity change from 0 to 32768 [ 84.560765][ T6829] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6829) [ 84.576114][ T6829] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.584944][ T6829] BTRFS info (device loop0): setting nodatacow, compression disabled [ 84.593239][ T6829] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 84.603902][ T6829] BTRFS info (device loop0): trying to use backup root at mount time [ 84.612098][ T6829] BTRFS info (device loop0): disabling tree log [ 84.618429][ T6829] BTRFS info (device loop0): enabling auto defrag [ 84.624861][ T6829] BTRFS info (device loop0): using free space tree [ 84.640890][ T6829] BTRFS info (device loop0): enabling ssd optimizations [pid 6829] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6829] chdir("./file0") = 0 [pid 6829] ioctl(4, LOOP_CLR_FD) = 0 [pid 6829] close(4) = 0 [pid 6829] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6829] getpid() = 6829 [pid 6829] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6829] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6829] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6829] exit_group(0) = ? [pid 6829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6829, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [ 84.647939][ T6829] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6849 ./strace-static-x86_64: Process 6849 attached [pid 6849] set_robust_list(0x5555573f6660, 24) = 0 [pid 6849] chdir("./106") = 0 [pid 6849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6849] setpgid(0, 0) = 0 [pid 6849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6849] write(3, "1000", 4) = 4 [pid 6849] close(3) = 0 [pid 6849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6849] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6849] memfd_create("syzkaller", 0) = 3 [pid 6849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6849] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6849] close(3) = 0 [pid 6849] mkdir("./file0", 0777) = 0 [ 84.937001][ T6849] loop0: detected capacity change from 0 to 32768 [ 84.946474][ T6849] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6849) [ 84.961746][ T6849] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.970505][ T6849] BTRFS info (device loop0): setting nodatacow, compression disabled [ 84.978607][ T6849] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 84.989218][ T6849] BTRFS info (device loop0): trying to use backup root at mount time [ 84.997333][ T6849] BTRFS info (device loop0): disabling tree log [ 85.003574][ T6849] BTRFS info (device loop0): enabling auto defrag [ 85.010048][ T6849] BTRFS info (device loop0): using free space tree [ 85.025071][ T6849] BTRFS info (device loop0): enabling ssd optimizations [pid 6849] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6849] chdir("./file0") = 0 [pid 6849] ioctl(4, LOOP_CLR_FD) = 0 [pid 6849] close(4) = 0 [pid 6849] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6849] getpid() = 6849 [pid 6849] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6849] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6849] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6849] exit_group(0) = ? [pid 6849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6849, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 85.032155][ T6849] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6866 attached [pid 6866] set_robust_list(0x5555573f6660, 24) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x5555573f6650) = 6866 [pid 6866] chdir("./107") = 0 [pid 6866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6866] setpgid(0, 0) = 0 [pid 6866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6866] write(3, "1000", 4) = 4 [pid 6866] close(3) = 0 [pid 6866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6866] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6866] memfd_create("syzkaller", 0) = 3 [pid 6866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6866] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6866] close(3) = 0 [pid 6866] mkdir("./file0", 0777) = 0 [ 85.312011][ T6866] loop0: detected capacity change from 0 to 32768 [ 85.321435][ T6866] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6866) [ 85.337062][ T6866] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.345777][ T6866] BTRFS info (device loop0): setting nodatacow, compression disabled [ 85.353922][ T6866] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 85.364645][ T6866] BTRFS info (device loop0): trying to use backup root at mount time [ 85.372789][ T6866] BTRFS info (device loop0): disabling tree log [ 85.379144][ T6866] BTRFS info (device loop0): enabling auto defrag [ 85.385592][ T6866] BTRFS info (device loop0): using free space tree [ 85.401250][ T6866] BTRFS info (device loop0): enabling ssd optimizations [pid 6866] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6866] chdir("./file0") = 0 [pid 6866] ioctl(4, LOOP_CLR_FD) = 0 [pid 6866] close(4) = 0 [pid 6866] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6866] getpid() = 6866 [pid 6866] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6866] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6866] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6866] exit_group(0) = ? [pid 6866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6866, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 [ 85.408342][ T6866] BTRFS info (device loop0): auto enabling async discard umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6884 attached , child_tidptr=0x5555573f6650) = 6884 [pid 6884] set_robust_list(0x5555573f6660, 24) = 0 [pid 6884] chdir("./108") = 0 [pid 6884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6884] setpgid(0, 0) = 0 [pid 6884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6884] write(3, "1000", 4) = 4 [pid 6884] close(3) = 0 [pid 6884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6884] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6884] memfd_create("syzkaller", 0) = 3 [pid 6884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6884] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6884] close(3) = 0 [pid 6884] mkdir("./file0", 0777) = 0 [ 85.702231][ T6884] loop0: detected capacity change from 0 to 32768 [ 85.713008][ T6884] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6884) [ 85.728694][ T6884] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.737507][ T6884] BTRFS info (device loop0): setting nodatacow, compression disabled [ 85.745569][ T6884] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 85.756219][ T6884] BTRFS info (device loop0): trying to use backup root at mount time [ 85.764319][ T6884] BTRFS info (device loop0): disabling tree log [ 85.770607][ T6884] BTRFS info (device loop0): enabling auto defrag [ 85.777061][ T6884] BTRFS info (device loop0): using free space tree [ 85.793281][ T6884] BTRFS info (device loop0): enabling ssd optimizations [pid 6884] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6884] chdir("./file0") = 0 [pid 6884] ioctl(4, LOOP_CLR_FD) = 0 [pid 6884] close(4) = 0 [pid 6884] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6884] getpid() = 6884 [pid 6884] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6884] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6884] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6884] exit_group(0) = ? [pid 6884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6884, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.800476][ T6884] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6903 attached , child_tidptr=0x5555573f6650) = 6903 [pid 6903] set_robust_list(0x5555573f6660, 24) = 0 [pid 6903] chdir("./109") = 0 [pid 6903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6903] setpgid(0, 0) = 0 [pid 6903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6903] write(3, "1000", 4) = 4 [pid 6903] close(3) = 0 [pid 6903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6903] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6903] memfd_create("syzkaller", 0) = 3 [pid 6903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6903] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6903] close(3) = 0 [pid 6903] mkdir("./file0", 0777) = 0 [ 86.084889][ T6903] loop0: detected capacity change from 0 to 32768 [ 86.094867][ T6903] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6903) [ 86.109828][ T6903] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.118617][ T6903] BTRFS info (device loop0): setting nodatacow, compression disabled [ 86.126756][ T6903] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 86.137406][ T6903] BTRFS info (device loop0): trying to use backup root at mount time [ 86.145484][ T6903] BTRFS info (device loop0): disabling tree log [ 86.151811][ T6903] BTRFS info (device loop0): enabling auto defrag [ 86.158295][ T6903] BTRFS info (device loop0): using free space tree [ 86.174840][ T6903] BTRFS info (device loop0): enabling ssd optimizations [pid 6903] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6903] chdir("./file0") = 0 [pid 6903] ioctl(4, LOOP_CLR_FD) = 0 [pid 6903] close(4) = 0 [pid 6903] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6903] getpid() = 6903 [pid 6903] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6903] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6903] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6903] exit_group(0) = ? [pid 6903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6903, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 86.182011][ T6903] BTRFS info (device loop0): auto enabling async discard umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6920 ./strace-static-x86_64: Process 6920 attached [pid 6920] set_robust_list(0x5555573f6660, 24) = 0 [pid 6920] chdir("./110") = 0 [pid 6920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6920] setpgid(0, 0) = 0 [pid 6920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6920] write(3, "1000", 4) = 4 [pid 6920] close(3) = 0 [pid 6920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6920] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6920] memfd_create("syzkaller", 0) = 3 [pid 6920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6920] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6920] close(3) = 0 [pid 6920] mkdir("./file0", 0777) = 0 [ 86.459475][ T6920] loop0: detected capacity change from 0 to 32768 [ 86.468228][ T6920] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6920) [ 86.483552][ T6920] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.492372][ T6920] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 6920] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6920] chdir("./file0") = 0 [pid 6920] ioctl(4, LOOP_CLR_FD) = 0 [pid 6920] close(4) = 0 [pid 6920] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6920] getpid() = 6920 [pid 6920] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6920] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6920] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6920] exit_group(0) = ? [pid 6920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6920, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 86.500647][ T6920] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 86.511309][ T6920] BTRFS info (device loop0): trying to use backup root at mount time [ 86.519447][ T6920] BTRFS info (device loop0): disabling tree log umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6937 ./strace-static-x86_64: Process 6937 attached [pid 6937] set_robust_list(0x5555573f6660, 24) = 0 [pid 6937] chdir("./111") = 0 [pid 6937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6937] setpgid(0, 0) = 0 [pid 6937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6937] write(3, "1000", 4) = 4 [pid 6937] close(3) = 0 [pid 6937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6937] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6937] memfd_create("syzkaller", 0) = 3 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6937] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6937] close(3) = 0 [pid 6937] mkdir("./file0", 0777) = 0 [pid 6937] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6937] chdir("./file0") = 0 [pid 6937] ioctl(4, LOOP_CLR_FD) = 0 [pid 6937] close(4) = 0 [pid 6937] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6937] getpid() = 6937 [pid 6937] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6937] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6937] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6937] exit_group(0) = ? [pid 6937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6937, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 86.803339][ T6937] loop0: detected capacity change from 0 to 32768 [ 86.813803][ T6937] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6937) [ 86.829069][ T6937] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6954 ./strace-static-x86_64: Process 6954 attached [pid 6954] set_robust_list(0x5555573f6660, 24) = 0 [pid 6954] chdir("./112") = 0 [pid 6954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6954] setpgid(0, 0) = 0 [pid 6954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6954] write(3, "1000", 4) = 4 [pid 6954] close(3) = 0 [pid 6954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6954] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6954] memfd_create("syzkaller", 0) = 3 [pid 6954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6954] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6954] close(3) = 0 [pid 6954] mkdir("./file0", 0777) = 0 [ 87.114571][ T6954] loop0: detected capacity change from 0 to 32768 [ 87.124102][ T6954] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6954) [ 87.139350][ T6954] _btrfs_printk: 12 callbacks suppressed [ 87.139363][ T6954] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.154029][ T6954] BTRFS info (device loop0): setting nodatacow, compression disabled [ 87.162288][ T6954] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 87.173108][ T6954] BTRFS info (device loop0): trying to use backup root at mount time [ 87.181277][ T6954] BTRFS info (device loop0): disabling tree log [ 87.187582][ T6954] BTRFS info (device loop0): enabling auto defrag [ 87.194006][ T6954] BTRFS info (device loop0): using free space tree [pid 6954] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6954] chdir("./file0") = 0 [pid 6954] ioctl(4, LOOP_CLR_FD) = 0 [pid 6954] close(4) = 0 [pid 6954] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6954] getpid() = 6954 [pid 6954] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6954] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6954] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6954] exit_group(0) = ? [pid 6954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6954, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 87.210102][ T6954] BTRFS info (device loop0): enabling ssd optimizations [ 87.217131][ T6954] BTRFS info (device loop0): auto enabling async discard umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6971 ./strace-static-x86_64: Process 6971 attached [pid 6971] set_robust_list(0x5555573f6660, 24) = 0 [pid 6971] chdir("./113") = 0 [pid 6971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6971] setpgid(0, 0) = 0 [pid 6971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6971] write(3, "1000", 4) = 4 [pid 6971] close(3) = 0 [pid 6971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6971] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6971] memfd_create("syzkaller", 0) = 3 [pid 6971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6971] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6971] close(3) = 0 [pid 6971] mkdir("./file0", 0777) = 0 [ 87.492378][ T6971] loop0: detected capacity change from 0 to 32768 [ 87.502283][ T6971] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6971) [ 87.518117][ T6971] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.526884][ T6971] BTRFS info (device loop0): setting nodatacow, compression disabled [ 87.534980][ T6971] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 87.545972][ T6971] BTRFS info (device loop0): trying to use backup root at mount time [ 87.554238][ T6971] BTRFS info (device loop0): disabling tree log [ 87.560716][ T6971] BTRFS info (device loop0): enabling auto defrag [ 87.567162][ T6971] BTRFS info (device loop0): using free space tree [ 87.582824][ T6971] BTRFS info (device loop0): enabling ssd optimizations [pid 6971] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6971] chdir("./file0") = 0 [pid 6971] ioctl(4, LOOP_CLR_FD) = 0 [pid 6971] close(4) = 0 [pid 6971] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6971] getpid() = 6971 [pid 6971] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6971] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6971] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6971] exit_group(0) = ? [pid 6971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6971, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 87.589898][ T6971] BTRFS info (device loop0): auto enabling async discard umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 6988 ./strace-static-x86_64: Process 6988 attached [pid 6988] set_robust_list(0x5555573f6660, 24) = 0 [pid 6988] chdir("./114") = 0 [pid 6988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6988] setpgid(0, 0) = 0 [pid 6988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6988] write(3, "1000", 4) = 4 [pid 6988] close(3) = 0 [pid 6988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6988] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 6988] memfd_create("syzkaller", 0) = 3 [pid 6988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 6988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6988] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 6988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6988] close(3) = 0 [pid 6988] mkdir("./file0", 0777) = 0 [ 87.859168][ T6988] loop0: detected capacity change from 0 to 32768 [ 87.869692][ T6988] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (6988) [ 87.885070][ T6988] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.893896][ T6988] BTRFS info (device loop0): setting nodatacow, compression disabled [ 87.902133][ T6988] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 87.912824][ T6988] BTRFS info (device loop0): trying to use backup root at mount time [ 87.920967][ T6988] BTRFS info (device loop0): disabling tree log [ 87.927277][ T6988] BTRFS info (device loop0): enabling auto defrag [ 87.933710][ T6988] BTRFS info (device loop0): using free space tree [ 87.949931][ T6988] BTRFS info (device loop0): enabling ssd optimizations [pid 6988] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6988] chdir("./file0") = 0 [pid 6988] ioctl(4, LOOP_CLR_FD) = 0 [pid 6988] close(4) = 0 [pid 6988] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 6988] getpid() = 6988 [pid 6988] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 6988] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6988] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 6988] exit_group(0) = ? [pid 6988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6988, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 87.956971][ T6988] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7005 ./strace-static-x86_64: Process 7005 attached [pid 7005] set_robust_list(0x5555573f6660, 24) = 0 [pid 7005] chdir("./115") = 0 [pid 7005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7005] setpgid(0, 0) = 0 [pid 7005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7005] write(3, "1000", 4) = 4 [pid 7005] close(3) = 0 [pid 7005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7005] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7005] memfd_create("syzkaller", 0) = 3 [pid 7005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7005] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7005] close(3) = 0 [pid 7005] mkdir("./file0", 0777) = 0 [ 88.227636][ T7005] loop0: detected capacity change from 0 to 32768 [ 88.237715][ T7005] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7005) [ 88.252703][ T7005] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.261804][ T7005] BTRFS info (device loop0): setting nodatacow, compression disabled [ 88.270217][ T7005] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 88.280939][ T7005] BTRFS info (device loop0): trying to use backup root at mount time [ 88.289135][ T7005] BTRFS info (device loop0): disabling tree log [ 88.295539][ T7005] BTRFS info (device loop0): enabling auto defrag [ 88.302031][ T7005] BTRFS info (device loop0): using free space tree [ 88.318576][ T7005] BTRFS info (device loop0): enabling ssd optimizations [pid 7005] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7005] chdir("./file0") = 0 [pid 7005] ioctl(4, LOOP_CLR_FD) = 0 [pid 7005] close(4) = 0 [pid 7005] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7005] getpid() = 7005 [pid 7005] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7005] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7005] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7005] exit_group(0) = ? [pid 7005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7005, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 [ 88.325631][ T7005] BTRFS info (device loop0): auto enabling async discard umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7022 ./strace-static-x86_64: Process 7022 attached [pid 7022] set_robust_list(0x5555573f6660, 24) = 0 [pid 7022] chdir("./116") = 0 [pid 7022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7022] setpgid(0, 0) = 0 [pid 7022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7022] write(3, "1000", 4) = 4 [pid 7022] close(3) = 0 [pid 7022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7022] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7022] memfd_create("syzkaller", 0) = 3 [pid 7022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7022] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7022] close(3) = 0 [pid 7022] mkdir("./file0", 0777) = 0 [ 88.609333][ T7022] loop0: detected capacity change from 0 to 32768 [ 88.619257][ T7022] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7022) [ 88.634319][ T7022] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.643123][ T7022] BTRFS info (device loop0): setting nodatacow, compression disabled [ 88.651257][ T7022] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 88.661934][ T7022] BTRFS info (device loop0): trying to use backup root at mount time [ 88.670052][ T7022] BTRFS info (device loop0): disabling tree log [ 88.676291][ T7022] BTRFS info (device loop0): enabling auto defrag [ 88.682841][ T7022] BTRFS info (device loop0): using free space tree [ 88.698981][ T7022] BTRFS info (device loop0): enabling ssd optimizations [pid 7022] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7022] chdir("./file0") = 0 [pid 7022] ioctl(4, LOOP_CLR_FD) = 0 [pid 7022] close(4) = 0 [pid 7022] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7022] getpid() = 7022 [pid 7022] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7022] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7022] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7022] exit_group(0) = ? [pid 7022] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7022, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 88.706073][ T7022] BTRFS info (device loop0): auto enabling async discard unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7039 ./strace-static-x86_64: Process 7039 attached [pid 7039] set_robust_list(0x5555573f6660, 24) = 0 [pid 7039] chdir("./117") = 0 [pid 7039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7039] setpgid(0, 0) = 0 [pid 7039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7039] write(3, "1000", 4) = 4 [pid 7039] close(3) = 0 [pid 7039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7039] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7039] memfd_create("syzkaller", 0) = 3 [pid 7039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7039] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7039] close(3) = 0 [pid 7039] mkdir("./file0", 0777) = 0 [ 88.985340][ T7039] loop0: detected capacity change from 0 to 32768 [ 88.995418][ T7039] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7039) [ 89.010831][ T7039] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.019610][ T7039] BTRFS info (device loop0): setting nodatacow, compression disabled [ 89.027752][ T7039] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 89.038400][ T7039] BTRFS info (device loop0): trying to use backup root at mount time [ 89.046531][ T7039] BTRFS info (device loop0): disabling tree log [ 89.052799][ T7039] BTRFS info (device loop0): enabling auto defrag [ 89.059441][ T7039] BTRFS info (device loop0): using free space tree [ 89.075490][ T7039] BTRFS info (device loop0): enabling ssd optimizations [pid 7039] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7039] chdir("./file0") = 0 [pid 7039] ioctl(4, LOOP_CLR_FD) = 0 [pid 7039] close(4) = 0 [pid 7039] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7039] getpid() = 7039 [pid 7039] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7039] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7039] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7039] exit_group(0) = ? [pid 7039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7039, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 89.082536][ T7039] BTRFS info (device loop0): auto enabling async discard umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7056 ./strace-static-x86_64: Process 7056 attached [pid 7056] set_robust_list(0x5555573f6660, 24) = 0 [pid 7056] chdir("./118") = 0 [pid 7056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7056] setpgid(0, 0) = 0 [pid 7056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7056] write(3, "1000", 4) = 4 [pid 7056] close(3) = 0 [pid 7056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7056] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7056] memfd_create("syzkaller", 0) = 3 [pid 7056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7056] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7056] close(3) = 0 [pid 7056] mkdir("./file0", 0777) = 0 [ 89.346985][ T7056] loop0: detected capacity change from 0 to 32768 [ 89.356957][ T7056] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7056) [ 89.372278][ T7056] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.381081][ T7056] BTRFS info (device loop0): setting nodatacow, compression disabled [ 89.389366][ T7056] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 89.400088][ T7056] BTRFS info (device loop0): trying to use backup root at mount time [ 89.408298][ T7056] BTRFS info (device loop0): disabling tree log [ 89.414609][ T7056] BTRFS info (device loop0): enabling auto defrag [ 89.421106][ T7056] BTRFS info (device loop0): using free space tree [ 89.436624][ T7056] BTRFS info (device loop0): enabling ssd optimizations [pid 7056] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7056] chdir("./file0") = 0 [pid 7056] ioctl(4, LOOP_CLR_FD) = 0 [pid 7056] close(4) = 0 [pid 7056] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7056] getpid() = 7056 [pid 7056] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7056] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7056] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7056] exit_group(0) = ? [pid 7056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7056, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 89.443605][ T7056] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7073 attached , child_tidptr=0x5555573f6650) = 7073 [pid 7073] set_robust_list(0x5555573f6660, 24) = 0 [pid 7073] chdir("./119") = 0 [pid 7073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7073] setpgid(0, 0) = 0 [pid 7073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7073] write(3, "1000", 4) = 4 [pid 7073] close(3) = 0 [pid 7073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7073] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7073] memfd_create("syzkaller", 0) = 3 [pid 7073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7073] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7073] close(3) = 0 [pid 7073] mkdir("./file0", 0777) = 0 [ 89.719426][ T7073] loop0: detected capacity change from 0 to 32768 [ 89.729134][ T7073] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7073) [ 89.744280][ T7073] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.753066][ T7073] BTRFS info (device loop0): setting nodatacow, compression disabled [ 89.761193][ T7073] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 89.771966][ T7073] BTRFS info (device loop0): trying to use backup root at mount time [ 89.780097][ T7073] BTRFS info (device loop0): disabling tree log [ 89.786450][ T7073] BTRFS info (device loop0): enabling auto defrag [ 89.792970][ T7073] BTRFS info (device loop0): using free space tree [ 89.808132][ T7073] BTRFS info (device loop0): enabling ssd optimizations [pid 7073] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7073] chdir("./file0") = 0 [pid 7073] ioctl(4, LOOP_CLR_FD) = 0 [pid 7073] close(4) = 0 [pid 7073] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7073] getpid() = 7073 [pid 7073] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7073] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7073] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7073] exit_group(0) = ? [pid 7073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7073, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 [ 89.815127][ T7073] BTRFS info (device loop0): auto enabling async discard umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7090 ./strace-static-x86_64: Process 7090 attached [pid 7090] set_robust_list(0x5555573f6660, 24) = 0 [pid 7090] chdir("./120") = 0 [pid 7090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7090] setpgid(0, 0) = 0 [pid 7090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7090] write(3, "1000", 4) = 4 [pid 7090] close(3) = 0 [pid 7090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7090] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7090] memfd_create("syzkaller", 0) = 3 [pid 7090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7090] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7090] close(3) = 0 [pid 7090] mkdir("./file0", 0777) = 0 [ 90.096476][ T7090] loop0: detected capacity change from 0 to 32768 [ 90.106202][ T7090] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7090) [ 90.120781][ T7090] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.129881][ T7090] BTRFS info (device loop0): setting nodatacow, compression disabled [ 90.138165][ T7090] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 90.148923][ T7090] BTRFS info (device loop0): trying to use backup root at mount time [ 90.157056][ T7090] BTRFS info (device loop0): disabling tree log [ 90.163305][ T7090] BTRFS info (device loop0): enabling auto defrag [ 90.169877][ T7090] BTRFS info (device loop0): using free space tree [ 90.185603][ T7090] BTRFS info (device loop0): enabling ssd optimizations [pid 7090] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7090] chdir("./file0") = 0 [pid 7090] ioctl(4, LOOP_CLR_FD) = 0 [pid 7090] close(4) = 0 [pid 7090] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7090] getpid() = 7090 [pid 7090] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7090] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7090] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7090] exit_group(0) = ? [pid 7090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7090, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.193392][ T7090] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7107 ./strace-static-x86_64: Process 7107 attached [pid 7107] set_robust_list(0x5555573f6660, 24) = 0 [pid 7107] chdir("./121") = 0 [pid 7107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7107] setpgid(0, 0) = 0 [pid 7107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7107] write(3, "1000", 4) = 4 [pid 7107] close(3) = 0 [pid 7107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7107] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7107] memfd_create("syzkaller", 0) = 3 [pid 7107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7107] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7107] close(3) = 0 [pid 7107] mkdir("./file0", 0777) = 0 [ 90.476751][ T7107] loop0: detected capacity change from 0 to 32768 [ 90.486919][ T7107] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7107) [ 90.502183][ T7107] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.510972][ T7107] BTRFS info (device loop0): setting nodatacow, compression disabled [ 90.519136][ T7107] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 90.529794][ T7107] BTRFS info (device loop0): trying to use backup root at mount time [ 90.537899][ T7107] BTRFS info (device loop0): disabling tree log [ 90.544152][ T7107] BTRFS info (device loop0): enabling auto defrag [ 90.550645][ T7107] BTRFS info (device loop0): using free space tree [ 90.566067][ T7107] BTRFS info (device loop0): enabling ssd optimizations [pid 7107] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7107] chdir("./file0") = 0 [pid 7107] ioctl(4, LOOP_CLR_FD) = 0 [pid 7107] close(4) = 0 [pid 7107] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7107] getpid() = 7107 [pid 7107] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7107] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7107] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7107] exit_group(0) = ? [pid 7107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7107, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 90.573188][ T7107] BTRFS info (device loop0): auto enabling async discard unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7124 attached , child_tidptr=0x5555573f6650) = 7124 [pid 7124] set_robust_list(0x5555573f6660, 24) = 0 [pid 7124] chdir("./122") = 0 [pid 7124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7124] setpgid(0, 0) = 0 [pid 7124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7124] write(3, "1000", 4) = 4 [pid 7124] close(3) = 0 [pid 7124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7124] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7124] memfd_create("syzkaller", 0) = 3 [pid 7124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7124] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7124] close(3) = 0 [pid 7124] mkdir("./file0", 0777) = 0 [ 90.849750][ T7124] loop0: detected capacity change from 0 to 32768 [ 90.859921][ T7124] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7124) [ 90.875205][ T7124] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.883970][ T7124] BTRFS info (device loop0): setting nodatacow, compression disabled [ 90.892099][ T7124] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 90.903113][ T7124] BTRFS info (device loop0): trying to use backup root at mount time [ 90.911281][ T7124] BTRFS info (device loop0): disabling tree log [ 90.917598][ T7124] BTRFS info (device loop0): enabling auto defrag [ 90.924018][ T7124] BTRFS info (device loop0): using free space tree [ 90.939888][ T7124] BTRFS info (device loop0): enabling ssd optimizations [pid 7124] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7124] chdir("./file0") = 0 [pid 7124] ioctl(4, LOOP_CLR_FD) = 0 [pid 7124] close(4) = 0 [pid 7124] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7124] getpid() = 7124 [pid 7124] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7124] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7124] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7124] exit_group(0) = ? [pid 7124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7124, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 90.946924][ T7124] BTRFS info (device loop0): auto enabling async discard unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7141 ./strace-static-x86_64: Process 7141 attached [pid 7141] set_robust_list(0x5555573f6660, 24) = 0 [pid 7141] chdir("./123") = 0 [pid 7141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7141] setpgid(0, 0) = 0 [pid 7141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7141] write(3, "1000", 4) = 4 [pid 7141] close(3) = 0 [pid 7141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7141] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7141] memfd_create("syzkaller", 0) = 3 [pid 7141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7141] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7141] close(3) = 0 [pid 7141] mkdir("./file0", 0777) = 0 [ 91.226099][ T7141] loop0: detected capacity change from 0 to 32768 [ 91.235297][ T7141] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7141) [ 91.250322][ T7141] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.259118][ T7141] BTRFS info (device loop0): setting nodatacow, compression disabled [ 91.267329][ T7141] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 91.277999][ T7141] BTRFS info (device loop0): trying to use backup root at mount time [ 91.286077][ T7141] BTRFS info (device loop0): disabling tree log [ 91.292486][ T7141] BTRFS info (device loop0): enabling auto defrag [ 91.299008][ T7141] BTRFS info (device loop0): using free space tree [ 91.314418][ T7141] BTRFS info (device loop0): enabling ssd optimizations [pid 7141] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7141] chdir("./file0") = 0 [pid 7141] ioctl(4, LOOP_CLR_FD) = 0 [pid 7141] close(4) = 0 [pid 7141] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7141] getpid() = 7141 [pid 7141] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7141] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7141] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7141] exit_group(0) = ? [pid 7141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7141, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [ 91.321448][ T7141] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7158 ./strace-static-x86_64: Process 7158 attached [pid 7158] set_robust_list(0x5555573f6660, 24) = 0 [pid 7158] chdir("./124") = 0 [pid 7158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7158] setpgid(0, 0) = 0 [pid 7158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7158] write(3, "1000", 4) = 4 [pid 7158] close(3) = 0 [pid 7158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7158] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7158] memfd_create("syzkaller", 0) = 3 [pid 7158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7158] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7158] close(3) = 0 [pid 7158] mkdir("./file0", 0777) = 0 [ 91.590465][ T7158] loop0: detected capacity change from 0 to 32768 [ 91.600712][ T7158] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7158) [ 91.616063][ T7158] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.624850][ T7158] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 7158] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7158] chdir("./file0") = 0 [pid 7158] ioctl(4, LOOP_CLR_FD) = 0 [pid 7158] close(4) = 0 [pid 7158] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7158] getpid() = 7158 [pid 7158] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7158] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7158] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7158] exit_group(0) = ? [pid 7158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7158, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 [ 91.632979][ T7158] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 91.643659][ T7158] BTRFS info (device loop0): trying to use backup root at mount time [ 91.651800][ T7158] BTRFS info (device loop0): disabling tree log umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7177 ./strace-static-x86_64: Process 7177 attached [pid 7177] set_robust_list(0x5555573f6660, 24) = 0 [pid 7177] chdir("./125") = 0 [pid 7177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7177] setpgid(0, 0) = 0 [pid 7177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7177] write(3, "1000", 4) = 4 [pid 7177] close(3) = 0 [pid 7177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7177] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7177] memfd_create("syzkaller", 0) = 3 [pid 7177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7177] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7177] close(3) = 0 [pid 7177] mkdir("./file0", 0777) = 0 [pid 7177] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7177] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7177] chdir("./file0") = 0 [pid 7177] ioctl(4, LOOP_CLR_FD) = 0 [pid 7177] close(4) = 0 [pid 7177] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7177] getpid() = 7177 [pid 7177] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7177] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7177] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7177] exit_group(0) = ? [pid 7177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7177, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 [ 91.935777][ T7177] loop0: detected capacity change from 0 to 32768 [ 91.945825][ T7177] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7177) [ 91.960870][ T7177] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7194 ./strace-static-x86_64: Process 7194 attached [pid 7194] set_robust_list(0x5555573f6660, 24) = 0 [pid 7194] chdir("./126") = 0 [pid 7194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7194] setpgid(0, 0) = 0 [pid 7194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7194] write(3, "1000", 4) = 4 [pid 7194] close(3) = 0 [pid 7194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7194] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7194] memfd_create("syzkaller", 0) = 3 [pid 7194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7194] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7194] close(3) = 0 [pid 7194] mkdir("./file0", 0777) = 0 [ 92.242175][ T7194] loop0: detected capacity change from 0 to 32768 [ 92.251843][ T7194] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7194) [ 92.267400][ T7194] _btrfs_printk: 12 callbacks suppressed [ 92.267415][ T7194] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.281877][ T7194] BTRFS info (device loop0): setting nodatacow, compression disabled [ 92.290027][ T7194] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 92.300681][ T7194] BTRFS info (device loop0): trying to use backup root at mount time [ 92.308837][ T7194] BTRFS info (device loop0): disabling tree log [ 92.315067][ T7194] BTRFS info (device loop0): enabling auto defrag [ 92.321588][ T7194] BTRFS info (device loop0): using free space tree [pid 7194] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7194] chdir("./file0") = 0 [pid 7194] ioctl(4, LOOP_CLR_FD) = 0 [pid 7194] close(4) = 0 [pid 7194] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7194] getpid() = 7194 [pid 7194] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7194] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7194] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7194] exit_group(0) = ? [pid 7194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7194, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 [ 92.336899][ T7194] BTRFS info (device loop0): enabling ssd optimizations [ 92.343844][ T7194] BTRFS info (device loop0): auto enabling async discard umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7211 ./strace-static-x86_64: Process 7211 attached [pid 7211] set_robust_list(0x5555573f6660, 24) = 0 [pid 7211] chdir("./127") = 0 [pid 7211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7211] setpgid(0, 0) = 0 [pid 7211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7211] write(3, "1000", 4) = 4 [pid 7211] close(3) = 0 [pid 7211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7211] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7211] memfd_create("syzkaller", 0) = 3 [pid 7211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7211] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7211] close(3) = 0 [pid 7211] mkdir("./file0", 0777) = 0 [ 92.615296][ T7211] loop0: detected capacity change from 0 to 32768 [ 92.625211][ T7211] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7211) [ 92.640683][ T7211] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.649466][ T7211] BTRFS info (device loop0): setting nodatacow, compression disabled [ 92.657762][ T7211] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 92.668398][ T7211] BTRFS info (device loop0): trying to use backup root at mount time [ 92.676548][ T7211] BTRFS info (device loop0): disabling tree log [ 92.682805][ T7211] BTRFS info (device loop0): enabling auto defrag [ 92.689384][ T7211] BTRFS info (device loop0): using free space tree [ 92.705337][ T7211] BTRFS info (device loop0): enabling ssd optimizations [pid 7211] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7211] chdir("./file0") = 0 [pid 7211] ioctl(4, LOOP_CLR_FD) = 0 [pid 7211] close(4) = 0 [pid 7211] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7211] getpid() = 7211 [pid 7211] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7211] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7211] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7211] exit_group(0) = ? [pid 7211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7211, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 [ 92.712437][ T7211] BTRFS info (device loop0): auto enabling async discard umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7228 ./strace-static-x86_64: Process 7228 attached [pid 7228] set_robust_list(0x5555573f6660, 24) = 0 [pid 7228] chdir("./128") = 0 [pid 7228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7228] setpgid(0, 0) = 0 [pid 7228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7228] write(3, "1000", 4) = 4 [pid 7228] close(3) = 0 [pid 7228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7228] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7228] memfd_create("syzkaller", 0) = 3 [pid 7228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7228] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7228] close(3) = 0 [pid 7228] mkdir("./file0", 0777) = 0 [ 92.986563][ T7228] loop0: detected capacity change from 0 to 32768 [ 92.995271][ T7228] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7228) [ 93.009861][ T7228] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.018653][ T7228] BTRFS info (device loop0): setting nodatacow, compression disabled [ 93.026809][ T7228] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 93.037479][ T7228] BTRFS info (device loop0): trying to use backup root at mount time [ 93.045854][ T7228] BTRFS info (device loop0): disabling tree log [ 93.052195][ T7228] BTRFS info (device loop0): enabling auto defrag [ 93.058653][ T7228] BTRFS info (device loop0): using free space tree [ 93.074677][ T7228] BTRFS info (device loop0): enabling ssd optimizations [pid 7228] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7228] chdir("./file0") = 0 [pid 7228] ioctl(4, LOOP_CLR_FD) = 0 [pid 7228] close(4) = 0 [pid 7228] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7228] getpid() = 7228 [pid 7228] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7228] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7228] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7228] exit_group(0) = ? [pid 7228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7228, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 [ 93.081783][ T7228] BTRFS info (device loop0): auto enabling async discard umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7245 ./strace-static-x86_64: Process 7245 attached [pid 7245] set_robust_list(0x5555573f6660, 24) = 0 [pid 7245] chdir("./129") = 0 [pid 7245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7245] setpgid(0, 0) = 0 [pid 7245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7245] write(3, "1000", 4) = 4 [pid 7245] close(3) = 0 [pid 7245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7245] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7245] memfd_create("syzkaller", 0) = 3 [pid 7245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7245] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7245] close(3) = 0 [pid 7245] mkdir("./file0", 0777) = 0 [ 93.357162][ T7245] loop0: detected capacity change from 0 to 32768 [ 93.370510][ T7245] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7245) [ 93.385717][ T7245] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.394572][ T7245] BTRFS info (device loop0): setting nodatacow, compression disabled [ 93.402750][ T7245] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 93.413398][ T7245] BTRFS info (device loop0): trying to use backup root at mount time [ 93.421505][ T7245] BTRFS info (device loop0): disabling tree log [ 93.427824][ T7245] BTRFS info (device loop0): enabling auto defrag [ 93.434252][ T7245] BTRFS info (device loop0): using free space tree [ 93.449692][ T7245] BTRFS info (device loop0): enabling ssd optimizations [pid 7245] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7245] chdir("./file0") = 0 [pid 7245] ioctl(4, LOOP_CLR_FD) = 0 [pid 7245] close(4) = 0 [pid 7245] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7245] getpid() = 7245 [pid 7245] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7245] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7245] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7245] exit_group(0) = ? [pid 7245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7245, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 [ 93.456724][ T7245] BTRFS info (device loop0): auto enabling async discard umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7262 ./strace-static-x86_64: Process 7262 attached [pid 7262] set_robust_list(0x5555573f6660, 24) = 0 [pid 7262] chdir("./130") = 0 [pid 7262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7262] setpgid(0, 0) = 0 [pid 7262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7262] write(3, "1000", 4) = 4 [pid 7262] close(3) = 0 [pid 7262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7262] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7262] memfd_create("syzkaller", 0) = 3 [pid 7262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7262] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7262] close(3) = 0 [pid 7262] mkdir("./file0", 0777) = 0 [ 93.740824][ T7262] loop0: detected capacity change from 0 to 32768 [ 93.750540][ T7262] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7262) [ 93.765890][ T7262] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.774659][ T7262] BTRFS info (device loop0): setting nodatacow, compression disabled [ 93.782845][ T7262] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 93.793528][ T7262] BTRFS info (device loop0): trying to use backup root at mount time [ 93.801666][ T7262] BTRFS info (device loop0): disabling tree log [ 93.808003][ T7262] BTRFS info (device loop0): enabling auto defrag [ 93.814603][ T7262] BTRFS info (device loop0): using free space tree [ 93.831231][ T7262] BTRFS info (device loop0): enabling ssd optimizations [pid 7262] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7262] chdir("./file0") = 0 [pid 7262] ioctl(4, LOOP_CLR_FD) = 0 [pid 7262] close(4) = 0 [pid 7262] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7262] getpid() = 7262 [pid 7262] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7262] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7262] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7262] exit_group(0) = ? [pid 7262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7262, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.838375][ T7262] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7279 attached , child_tidptr=0x5555573f6650) = 7279 [pid 7279] set_robust_list(0x5555573f6660, 24) = 0 [pid 7279] chdir("./131") = 0 [pid 7279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7279] setpgid(0, 0) = 0 [pid 7279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7279] write(3, "1000", 4) = 4 [pid 7279] close(3) = 0 [pid 7279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7279] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7279] memfd_create("syzkaller", 0) = 3 [pid 7279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7279] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7279] close(3) = 0 [pid 7279] mkdir("./file0", 0777) = 0 [ 94.119425][ T7279] loop0: detected capacity change from 0 to 32768 [ 94.129491][ T7279] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7279) [ 94.144972][ T7279] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.153765][ T7279] BTRFS info (device loop0): setting nodatacow, compression disabled [ 94.162039][ T7279] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 94.172677][ T7279] BTRFS info (device loop0): trying to use backup root at mount time [ 94.180795][ T7279] BTRFS info (device loop0): disabling tree log [ 94.187089][ T7279] BTRFS info (device loop0): enabling auto defrag [ 94.193508][ T7279] BTRFS info (device loop0): using free space tree [ 94.209099][ T7279] BTRFS info (device loop0): enabling ssd optimizations [pid 7279] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7279] chdir("./file0") = 0 [pid 7279] ioctl(4, LOOP_CLR_FD) = 0 [pid 7279] close(4) = 0 [pid 7279] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7279] getpid() = 7279 [pid 7279] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7279] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7279] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7279] exit_group(0) = ? [ 94.216054][ T7279] BTRFS info (device loop0): auto enabling async discard [pid 7279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7279, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7296 ./strace-static-x86_64: Process 7296 attached [pid 7296] set_robust_list(0x5555573f6660, 24) = 0 [pid 7296] chdir("./132") = 0 [pid 7296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7296] setpgid(0, 0) = 0 [pid 7296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7296] write(3, "1000", 4) = 4 [pid 7296] close(3) = 0 [pid 7296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7296] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7296] memfd_create("syzkaller", 0) = 3 [pid 7296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7296] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7296] close(3) = 0 [pid 7296] mkdir("./file0", 0777) = 0 [ 94.492246][ T7296] loop0: detected capacity change from 0 to 32768 [ 94.501960][ T7296] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7296) [ 94.516858][ T7296] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.525675][ T7296] BTRFS info (device loop0): setting nodatacow, compression disabled [ 94.533915][ T7296] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 94.544570][ T7296] BTRFS info (device loop0): trying to use backup root at mount time [ 94.552755][ T7296] BTRFS info (device loop0): disabling tree log [ 94.559090][ T7296] BTRFS info (device loop0): enabling auto defrag [ 94.565616][ T7296] BTRFS info (device loop0): using free space tree [ 94.581515][ T7296] BTRFS info (device loop0): enabling ssd optimizations [pid 7296] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7296] chdir("./file0") = 0 [pid 7296] ioctl(4, LOOP_CLR_FD) = 0 [pid 7296] close(4) = 0 [pid 7296] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7296] getpid() = 7296 [pid 7296] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7296] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7296] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7296] exit_group(0) = ? [pid 7296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7296, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 94.588562][ T7296] BTRFS info (device loop0): auto enabling async discard unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7313 ./strace-static-x86_64: Process 7313 attached [pid 7313] set_robust_list(0x5555573f6660, 24) = 0 [pid 7313] chdir("./133") = 0 [pid 7313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7313] setpgid(0, 0) = 0 [pid 7313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7313] write(3, "1000", 4) = 4 [pid 7313] close(3) = 0 [pid 7313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7313] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7313] memfd_create("syzkaller", 0) = 3 [pid 7313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7313] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7313] close(3) = 0 [pid 7313] mkdir("./file0", 0777) = 0 [ 94.858730][ T7313] loop0: detected capacity change from 0 to 32768 [ 94.868603][ T7313] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7313) [ 94.883708][ T7313] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.892487][ T7313] BTRFS info (device loop0): setting nodatacow, compression disabled [ 94.900607][ T7313] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 94.911253][ T7313] BTRFS info (device loop0): trying to use backup root at mount time [ 94.919371][ T7313] BTRFS info (device loop0): disabling tree log [ 94.925633][ T7313] BTRFS info (device loop0): enabling auto defrag [ 94.932106][ T7313] BTRFS info (device loop0): using free space tree [ 94.947738][ T7313] BTRFS info (device loop0): enabling ssd optimizations [pid 7313] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7313] chdir("./file0") = 0 [pid 7313] ioctl(4, LOOP_CLR_FD) = 0 [pid 7313] close(4) = 0 [pid 7313] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7313] getpid() = 7313 [pid 7313] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7313] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7313] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7313] exit_group(0) = ? [pid 7313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7313, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 [ 94.954686][ T7313] BTRFS info (device loop0): auto enabling async discard umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7330 ./strace-static-x86_64: Process 7330 attached [pid 7330] set_robust_list(0x5555573f6660, 24) = 0 [pid 7330] chdir("./134") = 0 [pid 7330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7330] setpgid(0, 0) = 0 [pid 7330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7330] write(3, "1000", 4) = 4 [pid 7330] close(3) = 0 [pid 7330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7330] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7330] memfd_create("syzkaller", 0) = 3 [pid 7330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7330] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7330] close(3) = 0 [pid 7330] mkdir("./file0", 0777) = 0 [ 95.225699][ T7330] loop0: detected capacity change from 0 to 32768 [ 95.235509][ T7330] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7330) [ 95.250945][ T7330] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.259750][ T7330] BTRFS info (device loop0): setting nodatacow, compression disabled [ 95.267898][ T7330] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 95.278569][ T7330] BTRFS info (device loop0): trying to use backup root at mount time [ 95.286753][ T7330] BTRFS info (device loop0): disabling tree log [ 95.293023][ T7330] BTRFS info (device loop0): enabling auto defrag [ 95.299495][ T7330] BTRFS info (device loop0): using free space tree [ 95.314830][ T7330] BTRFS info (device loop0): enabling ssd optimizations [pid 7330] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7330] chdir("./file0") = 0 [pid 7330] ioctl(4, LOOP_CLR_FD) = 0 [pid 7330] close(4) = 0 [pid 7330] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7330] getpid() = 7330 [pid 7330] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7330] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7330] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7330] exit_group(0) = ? [pid 7330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7330, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 [ 95.321901][ T7330] BTRFS info (device loop0): auto enabling async discard umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7347 ./strace-static-x86_64: Process 7347 attached [pid 7347] set_robust_list(0x5555573f6660, 24) = 0 [pid 7347] chdir("./135") = 0 [pid 7347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7347] setpgid(0, 0) = 0 [pid 7347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7347] write(3, "1000", 4) = 4 [pid 7347] close(3) = 0 [pid 7347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7347] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7347] memfd_create("syzkaller", 0) = 3 [pid 7347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7347] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7347] close(3) = 0 [pid 7347] mkdir("./file0", 0777) = 0 [ 95.597874][ T7347] loop0: detected capacity change from 0 to 32768 [ 95.609045][ T7347] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7347) [ 95.624455][ T7347] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.633230][ T7347] BTRFS info (device loop0): setting nodatacow, compression disabled [ 95.641336][ T7347] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 95.652064][ T7347] BTRFS info (device loop0): trying to use backup root at mount time [ 95.660235][ T7347] BTRFS info (device loop0): disabling tree log [ 95.666598][ T7347] BTRFS info (device loop0): enabling auto defrag [ 95.673025][ T7347] BTRFS info (device loop0): using free space tree [ 95.689198][ T7347] BTRFS info (device loop0): enabling ssd optimizations [pid 7347] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7347] chdir("./file0") = 0 [pid 7347] ioctl(4, LOOP_CLR_FD) = 0 [pid 7347] close(4) = 0 [pid 7347] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7347] getpid() = 7347 [pid 7347] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7347] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7347] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7347] exit_group(0) = ? [pid 7347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7347, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 [ 95.696220][ T7347] BTRFS info (device loop0): auto enabling async discard umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7364 ./strace-static-x86_64: Process 7364 attached [pid 7364] set_robust_list(0x5555573f6660, 24) = 0 [pid 7364] chdir("./136") = 0 [pid 7364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7364] setpgid(0, 0) = 0 [pid 7364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7364] write(3, "1000", 4) = 4 [pid 7364] close(3) = 0 [pid 7364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7364] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7364] memfd_create("syzkaller", 0) = 3 [pid 7364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7364] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7364] close(3) = 0 [pid 7364] mkdir("./file0", 0777) = 0 [ 95.967390][ T7364] loop0: detected capacity change from 0 to 32768 [ 95.976601][ T7364] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7364) [ 95.991794][ T7364] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.000610][ T7364] BTRFS info (device loop0): setting nodatacow, compression disabled [ 96.008802][ T7364] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 96.019462][ T7364] BTRFS info (device loop0): trying to use backup root at mount time [ 96.027586][ T7364] BTRFS info (device loop0): disabling tree log [ 96.033847][ T7364] BTRFS info (device loop0): enabling auto defrag [ 96.040376][ T7364] BTRFS info (device loop0): using free space tree [ 96.056189][ T7364] BTRFS info (device loop0): enabling ssd optimizations [pid 7364] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7364] chdir("./file0") = 0 [pid 7364] ioctl(4, LOOP_CLR_FD) = 0 [pid 7364] close(4) = 0 [pid 7364] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7364] getpid() = 7364 [pid 7364] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7364] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7364] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7364] exit_group(0) = ? [pid 7364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7364, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 [ 96.063374][ T7364] BTRFS info (device loop0): auto enabling async discard umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7381 ./strace-static-x86_64: Process 7381 attached [pid 7381] set_robust_list(0x5555573f6660, 24) = 0 [pid 7381] chdir("./137") = 0 [pid 7381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7381] setpgid(0, 0) = 0 [pid 7381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7381] write(3, "1000", 4) = 4 [pid 7381] close(3) = 0 [pid 7381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7381] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7381] memfd_create("syzkaller", 0) = 3 [pid 7381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7381] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7381] close(3) = 0 [pid 7381] mkdir("./file0", 0777) = 0 [ 96.337395][ T7381] loop0: detected capacity change from 0 to 32768 [ 96.346029][ T7381] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7381) [ 96.361343][ T7381] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.370476][ T7381] BTRFS info (device loop0): setting nodatacow, compression disabled [ 96.378644][ T7381] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 96.389328][ T7381] BTRFS info (device loop0): trying to use backup root at mount time [ 96.397465][ T7381] BTRFS info (device loop0): disabling tree log [ 96.403726][ T7381] BTRFS info (device loop0): enabling auto defrag [ 96.410470][ T7381] BTRFS info (device loop0): using free space tree [ 96.426118][ T7381] BTRFS info (device loop0): enabling ssd optimizations [pid 7381] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7381] chdir("./file0") = 0 [pid 7381] ioctl(4, LOOP_CLR_FD) = 0 [pid 7381] close(4) = 0 [pid 7381] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7381] getpid() = 7381 [pid 7381] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7381] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7381] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7381] exit_group(0) = ? [pid 7381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7381, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 [ 96.433290][ T7381] BTRFS info (device loop0): auto enabling async discard umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7398 ./strace-static-x86_64: Process 7398 attached [pid 7398] set_robust_list(0x5555573f6660, 24) = 0 [pid 7398] chdir("./138") = 0 [pid 7398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7398] setpgid(0, 0) = 0 [pid 7398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7398] write(3, "1000", 4) = 4 [pid 7398] close(3) = 0 [pid 7398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7398] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7398] memfd_create("syzkaller", 0) = 3 [pid 7398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7398] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7398] close(3) = 0 [pid 7398] mkdir("./file0", 0777) = 0 [ 96.714961][ T7398] loop0: detected capacity change from 0 to 32768 [ 96.725153][ T7398] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7398) [ 96.740293][ T7398] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.749123][ T7398] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 7398] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7398] chdir("./file0") = 0 [pid 7398] ioctl(4, LOOP_CLR_FD) = 0 [pid 7398] close(4) = 0 [pid 7398] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7398] getpid() = 7398 [pid 7398] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7398] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7398] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7398] exit_group(0) = ? [pid 7398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7398, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 96.757335][ T7398] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 96.768105][ T7398] BTRFS info (device loop0): trying to use backup root at mount time [ 96.776197][ T7398] BTRFS info (device loop0): disabling tree log openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7415 ./strace-static-x86_64: Process 7415 attached [pid 7415] set_robust_list(0x5555573f6660, 24) = 0 [pid 7415] chdir("./139") = 0 [pid 7415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7415] setpgid(0, 0) = 0 [pid 7415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7415] write(3, "1000", 4) = 4 [pid 7415] close(3) = 0 [pid 7415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7415] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7415] memfd_create("syzkaller", 0) = 3 [pid 7415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7415] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7415] close(3) = 0 [pid 7415] mkdir("./file0", 0777) = 0 [pid 7415] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7415] chdir("./file0") = 0 [pid 7415] ioctl(4, LOOP_CLR_FD) = 0 [pid 7415] close(4) = 0 [pid 7415] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7415] getpid() = 7415 [pid 7415] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7415] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7415] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7415] exit_group(0) = ? [ 97.067504][ T7415] loop0: detected capacity change from 0 to 32768 [ 97.077742][ T7415] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7415) [ 97.092820][ T7415] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 7415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7415, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7432 ./strace-static-x86_64: Process 7432 attached [pid 7432] set_robust_list(0x5555573f6660, 24) = 0 [pid 7432] chdir("./140") = 0 [pid 7432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7432] setpgid(0, 0) = 0 [pid 7432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7432] write(3, "1000", 4) = 4 [pid 7432] close(3) = 0 [pid 7432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7432] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7432] memfd_create("syzkaller", 0) = 3 [pid 7432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7432] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7432] close(3) = 0 [pid 7432] mkdir("./file0", 0777) = 0 [ 97.428978][ T7432] loop0: detected capacity change from 0 to 32768 [ 97.438882][ T7432] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7432) [ 97.454004][ T7432] _btrfs_printk: 12 callbacks suppressed [ 97.454018][ T7432] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.468679][ T7432] BTRFS info (device loop0): setting nodatacow, compression disabled [ 97.476895][ T7432] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 97.487574][ T7432] BTRFS info (device loop0): trying to use backup root at mount time [ 97.495654][ T7432] BTRFS info (device loop0): disabling tree log [ 97.502077][ T7432] BTRFS info (device loop0): enabling auto defrag [ 97.508532][ T7432] BTRFS info (device loop0): using free space tree [pid 7432] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7432] chdir("./file0") = 0 [pid 7432] ioctl(4, LOOP_CLR_FD) = 0 [pid 7432] close(4) = 0 [pid 7432] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7432] getpid() = 7432 [pid 7432] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7432] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7432] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7432] exit_group(0) = ? [pid 7432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7432, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 [ 97.523981][ T7432] BTRFS info (device loop0): enabling ssd optimizations [ 97.531030][ T7432] BTRFS info (device loop0): auto enabling async discard umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7449 ./strace-static-x86_64: Process 7449 attached [pid 7449] set_robust_list(0x5555573f6660, 24) = 0 [pid 7449] chdir("./141") = 0 [pid 7449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7449] setpgid(0, 0) = 0 [pid 7449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7449] write(3, "1000", 4) = 4 [pid 7449] close(3) = 0 [pid 7449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7449] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7449] memfd_create("syzkaller", 0) = 3 [pid 7449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7449] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7449] close(3) = 0 [pid 7449] mkdir("./file0", 0777) = 0 [ 97.801016][ T7449] loop0: detected capacity change from 0 to 32768 [ 97.811304][ T7449] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7449) [ 97.827216][ T7449] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.835985][ T7449] BTRFS info (device loop0): setting nodatacow, compression disabled [ 97.844158][ T7449] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 97.854815][ T7449] BTRFS info (device loop0): trying to use backup root at mount time [ 97.862973][ T7449] BTRFS info (device loop0): disabling tree log [ 97.869256][ T7449] BTRFS info (device loop0): enabling auto defrag [ 97.875730][ T7449] BTRFS info (device loop0): using free space tree [ 97.891860][ T7449] BTRFS info (device loop0): enabling ssd optimizations [pid 7449] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7449] chdir("./file0") = 0 [pid 7449] ioctl(4, LOOP_CLR_FD) = 0 [pid 7449] close(4) = 0 [pid 7449] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7449] getpid() = 7449 [pid 7449] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7449] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7449] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7449] exit_group(0) = ? [pid 7449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7449, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 [ 97.898986][ T7449] BTRFS info (device loop0): auto enabling async discard umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7466 ./strace-static-x86_64: Process 7466 attached [pid 7466] set_robust_list(0x5555573f6660, 24) = 0 [pid 7466] chdir("./142") = 0 [pid 7466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7466] setpgid(0, 0) = 0 [pid 7466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7466] write(3, "1000", 4) = 4 [pid 7466] close(3) = 0 [pid 7466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7466] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7466] memfd_create("syzkaller", 0) = 3 [pid 7466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7466] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7466] close(3) = 0 [pid 7466] mkdir("./file0", 0777) = 0 [ 98.163324][ T7466] loop0: detected capacity change from 0 to 32768 [ 98.173118][ T7466] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7466) [ 98.188925][ T7466] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.197674][ T7466] BTRFS info (device loop0): setting nodatacow, compression disabled [ 98.205729][ T7466] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 98.216461][ T7466] BTRFS info (device loop0): trying to use backup root at mount time [ 98.224539][ T7466] BTRFS info (device loop0): disabling tree log [ 98.230825][ T7466] BTRFS info (device loop0): enabling auto defrag [ 98.237262][ T7466] BTRFS info (device loop0): using free space tree [ 98.252935][ T7466] BTRFS info (device loop0): enabling ssd optimizations [pid 7466] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7466] chdir("./file0") = 0 [pid 7466] ioctl(4, LOOP_CLR_FD) = 0 [pid 7466] close(4) = 0 [pid 7466] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7466] getpid() = 7466 [pid 7466] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7466] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7466] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7466] exit_group(0) = ? [pid 7466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7466, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 [ 98.260013][ T7466] BTRFS info (device loop0): auto enabling async discard umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7483 ./strace-static-x86_64: Process 7483 attached [pid 7483] set_robust_list(0x5555573f6660, 24) = 0 [pid 7483] chdir("./143") = 0 [pid 7483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7483] setpgid(0, 0) = 0 [pid 7483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7483] write(3, "1000", 4) = 4 [pid 7483] close(3) = 0 [pid 7483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7483] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7483] memfd_create("syzkaller", 0) = 3 [pid 7483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7483] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7483] close(3) = 0 [pid 7483] mkdir("./file0", 0777) = 0 [ 98.538221][ T7483] loop0: detected capacity change from 0 to 32768 [ 98.547483][ T7483] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7483) [ 98.562447][ T7483] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.571269][ T7483] BTRFS info (device loop0): setting nodatacow, compression disabled [ 98.579480][ T7483] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 98.590110][ T7483] BTRFS info (device loop0): trying to use backup root at mount time [ 98.598537][ T7483] BTRFS info (device loop0): disabling tree log [ 98.604806][ T7483] BTRFS info (device loop0): enabling auto defrag [ 98.611301][ T7483] BTRFS info (device loop0): using free space tree [ 98.626910][ T7483] BTRFS info (device loop0): enabling ssd optimizations [pid 7483] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7483] chdir("./file0") = 0 [pid 7483] ioctl(4, LOOP_CLR_FD) = 0 [pid 7483] close(4) = 0 [pid 7483] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7483] getpid() = 7483 [pid 7483] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7483] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7483] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7483] exit_group(0) = ? [pid 7483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7483, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 [ 98.633856][ T7483] BTRFS info (device loop0): auto enabling async discard umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7500 ./strace-static-x86_64: Process 7500 attached [pid 7500] set_robust_list(0x5555573f6660, 24) = 0 [pid 7500] chdir("./144") = 0 [pid 7500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7500] setpgid(0, 0) = 0 [pid 7500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7500] write(3, "1000", 4) = 4 [pid 7500] close(3) = 0 [pid 7500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7500] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7500] memfd_create("syzkaller", 0) = 3 [pid 7500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7500] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7500] close(3) = 0 [pid 7500] mkdir("./file0", 0777) = 0 [ 98.901356][ T7500] loop0: detected capacity change from 0 to 32768 [ 98.910385][ T7500] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7500) [ 98.925070][ T7500] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.934180][ T7500] BTRFS info (device loop0): setting nodatacow, compression disabled [ 98.942374][ T7500] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 98.953170][ T7500] BTRFS info (device loop0): trying to use backup root at mount time [ 98.961314][ T7500] BTRFS info (device loop0): disabling tree log [ 98.967646][ T7500] BTRFS info (device loop0): enabling auto defrag [ 98.974049][ T7500] BTRFS info (device loop0): using free space tree [ 98.989713][ T7500] BTRFS info (device loop0): enabling ssd optimizations [pid 7500] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7500] chdir("./file0") = 0 [pid 7500] ioctl(4, LOOP_CLR_FD) = 0 [pid 7500] close(4) = 0 [pid 7500] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7500] getpid() = 7500 [pid 7500] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7500] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7500] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7500] exit_group(0) = ? [pid 7500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7500, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 [ 98.996765][ T7500] BTRFS info (device loop0): auto enabling async discard umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7517 ./strace-static-x86_64: Process 7517 attached [pid 7517] set_robust_list(0x5555573f6660, 24) = 0 [pid 7517] chdir("./145") = 0 [pid 7517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7517] setpgid(0, 0) = 0 [pid 7517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7517] write(3, "1000", 4) = 4 [pid 7517] close(3) = 0 [pid 7517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7517] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7517] memfd_create("syzkaller", 0) = 3 [pid 7517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7517] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7517] close(3) = 0 [pid 7517] mkdir("./file0", 0777) = 0 [ 99.273036][ T7517] loop0: detected capacity change from 0 to 32768 [ 99.282795][ T7517] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7517) [ 99.298558][ T7517] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.307325][ T7517] BTRFS info (device loop0): setting nodatacow, compression disabled [ 99.315380][ T7517] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 99.326043][ T7517] BTRFS info (device loop0): trying to use backup root at mount time [ 99.334150][ T7517] BTRFS info (device loop0): disabling tree log [ 99.340437][ T7517] BTRFS info (device loop0): enabling auto defrag [ 99.346876][ T7517] BTRFS info (device loop0): using free space tree [ 99.363199][ T7517] BTRFS info (device loop0): enabling ssd optimizations [pid 7517] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7517] chdir("./file0") = 0 [pid 7517] ioctl(4, LOOP_CLR_FD) = 0 [pid 7517] close(4) = 0 [pid 7517] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7517] getpid() = 7517 [pid 7517] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7517] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7517] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7517] exit_group(0) = ? [ 99.370286][ T7517] BTRFS info (device loop0): auto enabling async discard [pid 7517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7517, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7534 ./strace-static-x86_64: Process 7534 attached [pid 7534] set_robust_list(0x5555573f6660, 24) = 0 [pid 7534] chdir("./146") = 0 [pid 7534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7534] setpgid(0, 0) = 0 [pid 7534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7534] write(3, "1000", 4) = 4 [pid 7534] close(3) = 0 [pid 7534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7534] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7534] memfd_create("syzkaller", 0) = 3 [pid 7534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7534] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7534] close(3) = 0 [pid 7534] mkdir("./file0", 0777) = 0 [ 99.664227][ T7534] loop0: detected capacity change from 0 to 32768 [ 99.674656][ T7534] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7534) [ 99.689737][ T7534] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.698495][ T7534] BTRFS info (device loop0): setting nodatacow, compression disabled [ 99.706678][ T7534] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 99.717530][ T7534] BTRFS info (device loop0): trying to use backup root at mount time [ 99.726045][ T7534] BTRFS info (device loop0): disabling tree log [ 99.732356][ T7534] BTRFS info (device loop0): enabling auto defrag [ 99.738863][ T7534] BTRFS info (device loop0): using free space tree [ 99.754487][ T7534] BTRFS info (device loop0): enabling ssd optimizations [pid 7534] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7534] chdir("./file0") = 0 [pid 7534] ioctl(4, LOOP_CLR_FD) = 0 [pid 7534] close(4) = 0 [pid 7534] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7534] getpid() = 7534 [pid 7534] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7534] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7534] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7534] exit_group(0) = ? [pid 7534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7534, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [ 99.761536][ T7534] BTRFS info (device loop0): auto enabling async discard umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7551 attached , child_tidptr=0x5555573f6650) = 7551 [pid 7551] set_robust_list(0x5555573f6660, 24) = 0 [pid 7551] chdir("./147") = 0 [pid 7551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7551] setpgid(0, 0) = 0 [pid 7551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7551] write(3, "1000", 4) = 4 [pid 7551] close(3) = 0 [pid 7551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7551] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7551] memfd_create("syzkaller", 0) = 3 [pid 7551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7551] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7551] close(3) = 0 [pid 7551] mkdir("./file0", 0777) = 0 [ 100.036486][ T7551] loop0: detected capacity change from 0 to 32768 [ 100.045628][ T7551] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7551) [ 100.060855][ T7551] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.069652][ T7551] BTRFS info (device loop0): setting nodatacow, compression disabled [ 100.077793][ T7551] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 100.088427][ T7551] BTRFS info (device loop0): trying to use backup root at mount time [ 100.096529][ T7551] BTRFS info (device loop0): disabling tree log [ 100.102765][ T7551] BTRFS info (device loop0): enabling auto defrag [ 100.109479][ T7551] BTRFS info (device loop0): using free space tree [ 100.125247][ T7551] BTRFS info (device loop0): enabling ssd optimizations [pid 7551] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7551] chdir("./file0") = 0 [pid 7551] ioctl(4, LOOP_CLR_FD) = 0 [pid 7551] close(4) = 0 [pid 7551] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7551] getpid() = 7551 [pid 7551] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7551] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7551] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7551] exit_group(0) = ? [pid 7551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7551, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 [ 100.132294][ T7551] BTRFS info (device loop0): auto enabling async discard umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7568 ./strace-static-x86_64: Process 7568 attached [pid 7568] set_robust_list(0x5555573f6660, 24) = 0 [pid 7568] chdir("./148") = 0 [pid 7568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7568] setpgid(0, 0) = 0 [pid 7568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7568] write(3, "1000", 4) = 4 [pid 7568] close(3) = 0 [pid 7568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7568] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7568] memfd_create("syzkaller", 0) = 3 [pid 7568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7568] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7568] close(3) = 0 [pid 7568] mkdir("./file0", 0777) = 0 [ 100.408817][ T7568] loop0: detected capacity change from 0 to 32768 [ 100.419051][ T7568] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7568) [ 100.433984][ T7568] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.442814][ T7568] BTRFS info (device loop0): setting nodatacow, compression disabled [ 100.450961][ T7568] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 100.461650][ T7568] BTRFS info (device loop0): trying to use backup root at mount time [ 100.469782][ T7568] BTRFS info (device loop0): disabling tree log [ 100.476054][ T7568] BTRFS info (device loop0): enabling auto defrag [ 100.482575][ T7568] BTRFS info (device loop0): using free space tree [ 100.498037][ T7568] BTRFS info (device loop0): enabling ssd optimizations [pid 7568] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7568] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7568] chdir("./file0") = 0 [pid 7568] ioctl(4, LOOP_CLR_FD) = 0 [pid 7568] close(4) = 0 [pid 7568] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7568] getpid() = 7568 [pid 7568] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7568] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7568] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7568] exit_group(0) = ? [pid 7568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7568, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 100.505000][ T7568] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7585 ./strace-static-x86_64: Process 7585 attached [pid 7585] set_robust_list(0x5555573f6660, 24) = 0 [pid 7585] chdir("./149") = 0 [pid 7585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7585] setpgid(0, 0) = 0 [pid 7585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7585] write(3, "1000", 4) = 4 [pid 7585] close(3) = 0 [pid 7585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7585] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7585] memfd_create("syzkaller", 0) = 3 [pid 7585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7585] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7585] close(3) = 0 [pid 7585] mkdir("./file0", 0777) = 0 [ 100.781586][ T7585] loop0: detected capacity change from 0 to 32768 [ 100.791501][ T7585] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7585) [ 100.807297][ T7585] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.816009][ T7585] BTRFS info (device loop0): setting nodatacow, compression disabled [ 100.824185][ T7585] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 100.834919][ T7585] BTRFS info (device loop0): trying to use backup root at mount time [ 100.843233][ T7585] BTRFS info (device loop0): disabling tree log [ 100.849620][ T7585] BTRFS info (device loop0): enabling auto defrag [ 100.856058][ T7585] BTRFS info (device loop0): using free space tree [ 100.871785][ T7585] BTRFS info (device loop0): enabling ssd optimizations [pid 7585] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7585] chdir("./file0") = 0 [pid 7585] ioctl(4, LOOP_CLR_FD) = 0 [pid 7585] close(4) = 0 [pid 7585] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7585] getpid() = 7585 [pid 7585] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7585] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7585] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7585] exit_group(0) = ? [pid 7585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7585, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 100.878800][ T7585] BTRFS info (device loop0): auto enabling async discard umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7602 ./strace-static-x86_64: Process 7602 attached [pid 7602] set_robust_list(0x5555573f6660, 24) = 0 [pid 7602] chdir("./150") = 0 [pid 7602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7602] setpgid(0, 0) = 0 [pid 7602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7602] write(3, "1000", 4) = 4 [pid 7602] close(3) = 0 [pid 7602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7602] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7602] memfd_create("syzkaller", 0) = 3 [pid 7602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7602] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7602] close(3) = 0 [pid 7602] mkdir("./file0", 0777) = 0 [ 101.148275][ T7602] loop0: detected capacity change from 0 to 32768 [ 101.157401][ T7602] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7602) [ 101.171718][ T7602] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.180521][ T7602] BTRFS info (device loop0): setting nodatacow, compression disabled [ 101.188637][ T7602] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 101.199292][ T7602] BTRFS info (device loop0): trying to use backup root at mount time [ 101.207423][ T7602] BTRFS info (device loop0): disabling tree log [ 101.213871][ T7602] BTRFS info (device loop0): enabling auto defrag [ 101.220405][ T7602] BTRFS info (device loop0): using free space tree [ 101.236201][ T7602] BTRFS info (device loop0): enabling ssd optimizations [pid 7602] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7602] chdir("./file0") = 0 [pid 7602] ioctl(4, LOOP_CLR_FD) = 0 [pid 7602] close(4) = 0 [pid 7602] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7602] getpid() = 7602 [pid 7602] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7602] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7602] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7602] exit_group(0) = ? [pid 7602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7602, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 101.243255][ T7602] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7619 ./strace-static-x86_64: Process 7619 attached [pid 7619] set_robust_list(0x5555573f6660, 24) = 0 [pid 7619] chdir("./151") = 0 [pid 7619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7619] setpgid(0, 0) = 0 [pid 7619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7619] write(3, "1000", 4) = 4 [pid 7619] close(3) = 0 [pid 7619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7619] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7619] memfd_create("syzkaller", 0) = 3 [pid 7619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7619] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7619] close(3) = 0 [pid 7619] mkdir("./file0", 0777) = 0 [ 101.523898][ T7619] loop0: detected capacity change from 0 to 32768 [ 101.533791][ T7619] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7619) [ 101.548980][ T7619] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.557828][ T7619] BTRFS info (device loop0): setting nodatacow, compression disabled [ 101.565922][ T7619] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 101.577447][ T7619] BTRFS info (device loop0): trying to use backup root at mount time [ 101.585623][ T7619] BTRFS info (device loop0): disabling tree log [ 101.591937][ T7619] BTRFS info (device loop0): enabling auto defrag [ 101.598445][ T7619] BTRFS info (device loop0): using free space tree [ 101.614654][ T7619] BTRFS info (device loop0): enabling ssd optimizations [pid 7619] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7619] chdir("./file0") = 0 [pid 7619] ioctl(4, LOOP_CLR_FD) = 0 [pid 7619] close(4) = 0 [pid 7619] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7619] getpid() = 7619 [pid 7619] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7619] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7619] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7619] exit_group(0) = ? [pid 7619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7619, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 [ 101.621713][ T7619] BTRFS info (device loop0): auto enabling async discard umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7636 ./strace-static-x86_64: Process 7636 attached [pid 7636] set_robust_list(0x5555573f6660, 24) = 0 [pid 7636] chdir("./152") = 0 [pid 7636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7636] setpgid(0, 0) = 0 [pid 7636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7636] write(3, "1000", 4) = 4 [pid 7636] close(3) = 0 [pid 7636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7636] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7636] memfd_create("syzkaller", 0) = 3 [pid 7636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7636] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7636] close(3) = 0 [pid 7636] mkdir("./file0", 0777) = 0 [ 101.891338][ T7636] loop0: detected capacity change from 0 to 32768 [ 101.899909][ T7636] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7636) [ 101.915995][ T7636] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.925021][ T7636] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 7636] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7636] chdir("./file0") = 0 [pid 7636] ioctl(4, LOOP_CLR_FD) = 0 [pid 7636] close(4) = 0 [pid 7636] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7636] getpid() = 7636 [pid 7636] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7636] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7636] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7636] exit_group(0) = ? [pid 7636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7636, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 [ 101.933278][ T7636] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 101.944012][ T7636] BTRFS info (device loop0): trying to use backup root at mount time [ 101.952200][ T7636] BTRFS info (device loop0): disabling tree log umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7653 ./strace-static-x86_64: Process 7653 attached [pid 7653] set_robust_list(0x5555573f6660, 24) = 0 [pid 7653] chdir("./153") = 0 [pid 7653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7653] setpgid(0, 0) = 0 [pid 7653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7653] write(3, "1000", 4) = 4 [pid 7653] close(3) = 0 [pid 7653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7653] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7653] memfd_create("syzkaller", 0) = 3 [pid 7653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7653] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7653] close(3) = 0 [pid 7653] mkdir("./file0", 0777) = 0 [pid 7653] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7653] chdir("./file0") = 0 [pid 7653] ioctl(4, LOOP_CLR_FD) = 0 [pid 7653] close(4) = 0 [pid 7653] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7653] getpid() = 7653 [pid 7653] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7653] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7653] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7653] exit_group(0) = ? [pid 7653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7653, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 [ 102.233785][ T7653] loop0: detected capacity change from 0 to 32768 [ 102.243102][ T7653] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7653) [ 102.258503][ T7653] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7670 attached , child_tidptr=0x5555573f6650) = 7670 [pid 7670] set_robust_list(0x5555573f6660, 24) = 0 [pid 7670] chdir("./154") = 0 [pid 7670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7670] setpgid(0, 0) = 0 [pid 7670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7670] write(3, "1000", 4) = 4 [pid 7670] close(3) = 0 [pid 7670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7670] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7670] memfd_create("syzkaller", 0) = 3 [pid 7670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7670] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7670] close(3) = 0 [pid 7670] mkdir("./file0", 0777) = 0 [ 102.541807][ T7670] loop0: detected capacity change from 0 to 32768 [ 102.552026][ T7670] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7670) [ 102.567408][ T7670] _btrfs_printk: 12 callbacks suppressed [ 102.567421][ T7670] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.581813][ T7670] BTRFS info (device loop0): setting nodatacow, compression disabled [ 102.589968][ T7670] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 102.600626][ T7670] BTRFS info (device loop0): trying to use backup root at mount time [ 102.608752][ T7670] BTRFS info (device loop0): disabling tree log [ 102.615024][ T7670] BTRFS info (device loop0): enabling auto defrag [ 102.621505][ T7670] BTRFS info (device loop0): using free space tree [pid 7670] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7670] chdir("./file0") = 0 [pid 7670] ioctl(4, LOOP_CLR_FD) = 0 [pid 7670] close(4) = 0 [pid 7670] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7670] getpid() = 7670 [pid 7670] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7670] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7670] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7670] exit_group(0) = ? [pid 7670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7670, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 [ 102.637370][ T7670] BTRFS info (device loop0): enabling ssd optimizations [ 102.644339][ T7670] BTRFS info (device loop0): auto enabling async discard umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7687 ./strace-static-x86_64: Process 7687 attached [pid 7687] set_robust_list(0x5555573f6660, 24) = 0 [pid 7687] chdir("./155") = 0 [pid 7687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7687] setpgid(0, 0) = 0 [pid 7687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7687] write(3, "1000", 4) = 4 [pid 7687] close(3) = 0 [pid 7687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7687] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7687] memfd_create("syzkaller", 0) = 3 [pid 7687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7687] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7687] close(3) = 0 [pid 7687] mkdir("./file0", 0777) = 0 [ 102.913746][ T7687] loop0: detected capacity change from 0 to 32768 [ 102.922882][ T7687] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7687) [ 102.937291][ T7687] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.946019][ T7687] BTRFS info (device loop0): setting nodatacow, compression disabled [ 102.954184][ T7687] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 102.964820][ T7687] BTRFS info (device loop0): trying to use backup root at mount time [ 102.972951][ T7687] BTRFS info (device loop0): disabling tree log [ 102.979245][ T7687] BTRFS info (device loop0): enabling auto defrag [ 102.985678][ T7687] BTRFS info (device loop0): using free space tree [ 103.001349][ T7687] BTRFS info (device loop0): enabling ssd optimizations [pid 7687] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7687] chdir("./file0") = 0 [pid 7687] ioctl(4, LOOP_CLR_FD) = 0 [pid 7687] close(4) = 0 [pid 7687] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7687] getpid() = 7687 [pid 7687] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7687] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7687] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7687] exit_group(0) = ? [pid 7687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7687, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 [ 103.008401][ T7687] BTRFS info (device loop0): auto enabling async discard umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7704 ./strace-static-x86_64: Process 7704 attached [pid 7704] set_robust_list(0x5555573f6660, 24) = 0 [pid 7704] chdir("./156") = 0 [pid 7704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7704] setpgid(0, 0) = 0 [pid 7704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7704] write(3, "1000", 4) = 4 [pid 7704] close(3) = 0 [pid 7704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7704] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7704] memfd_create("syzkaller", 0) = 3 [pid 7704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7704] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7704] close(3) = 0 [pid 7704] mkdir("./file0", 0777) = 0 [ 103.285115][ T7704] loop0: detected capacity change from 0 to 32768 [ 103.296084][ T7704] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7704) [ 103.311551][ T7704] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.320374][ T7704] BTRFS info (device loop0): setting nodatacow, compression disabled [ 103.328542][ T7704] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 103.339182][ T7704] BTRFS info (device loop0): trying to use backup root at mount time [ 103.347365][ T7704] BTRFS info (device loop0): disabling tree log [ 103.353650][ T7704] BTRFS info (device loop0): enabling auto defrag [ 103.360142][ T7704] BTRFS info (device loop0): using free space tree [ 103.375778][ T7704] BTRFS info (device loop0): enabling ssd optimizations [pid 7704] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7704] chdir("./file0") = 0 [pid 7704] ioctl(4, LOOP_CLR_FD) = 0 [pid 7704] close(4) = 0 [pid 7704] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7704] getpid() = 7704 [pid 7704] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7704] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7704] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7704] exit_group(0) = ? [pid 7704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7704, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 [ 103.382810][ T7704] BTRFS info (device loop0): auto enabling async discard umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7721 ./strace-static-x86_64: Process 7721 attached [pid 7721] set_robust_list(0x5555573f6660, 24) = 0 [pid 7721] chdir("./157") = 0 [pid 7721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7721] setpgid(0, 0) = 0 [pid 7721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7721] write(3, "1000", 4) = 4 [pid 7721] close(3) = 0 [pid 7721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7721] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7721] memfd_create("syzkaller", 0) = 3 [pid 7721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7721] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7721] close(3) = 0 [pid 7721] mkdir("./file0", 0777) = 0 [ 103.660381][ T7721] loop0: detected capacity change from 0 to 32768 [ 103.670145][ T7721] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7721) [ 103.685738][ T7721] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.694502][ T7721] BTRFS info (device loop0): setting nodatacow, compression disabled [ 103.702745][ T7721] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 103.713400][ T7721] BTRFS info (device loop0): trying to use backup root at mount time [ 103.721550][ T7721] BTRFS info (device loop0): disabling tree log [ 103.727859][ T7721] BTRFS info (device loop0): enabling auto defrag [ 103.734284][ T7721] BTRFS info (device loop0): using free space tree [ 103.749729][ T7721] BTRFS info (device loop0): enabling ssd optimizations [pid 7721] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7721] chdir("./file0") = 0 [pid 7721] ioctl(4, LOOP_CLR_FD) = 0 [pid 7721] close(4) = 0 [pid 7721] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7721] getpid() = 7721 [pid 7721] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7721] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7721] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7721] exit_group(0) = ? [pid 7721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7721, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 [ 103.756761][ T7721] BTRFS info (device loop0): auto enabling async discard umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7738 ./strace-static-x86_64: Process 7738 attached [pid 7738] set_robust_list(0x5555573f6660, 24) = 0 [pid 7738] chdir("./158") = 0 [pid 7738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7738] setpgid(0, 0) = 0 [pid 7738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7738] write(3, "1000", 4) = 4 [pid 7738] close(3) = 0 [pid 7738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7738] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7738] memfd_create("syzkaller", 0) = 3 [pid 7738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7738] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7738] close(3) = 0 [pid 7738] mkdir("./file0", 0777) = 0 [ 104.032285][ T7738] loop0: detected capacity change from 0 to 32768 [ 104.040981][ T7738] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7738) [ 104.055741][ T7738] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.064679][ T7738] BTRFS info (device loop0): setting nodatacow, compression disabled [ 104.072926][ T7738] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 104.083578][ T7738] BTRFS info (device loop0): trying to use backup root at mount time [ 104.091825][ T7738] BTRFS info (device loop0): disabling tree log [ 104.098148][ T7738] BTRFS info (device loop0): enabling auto defrag [ 104.104590][ T7738] BTRFS info (device loop0): using free space tree [ 104.120131][ T7738] BTRFS info (device loop0): enabling ssd optimizations [pid 7738] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7738] chdir("./file0") = 0 [pid 7738] ioctl(4, LOOP_CLR_FD) = 0 [pid 7738] close(4) = 0 [pid 7738] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7738] getpid() = 7738 [pid 7738] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7738] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7738] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7738] exit_group(0) = ? [pid 7738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7738, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 104.127142][ T7738] BTRFS info (device loop0): auto enabling async discard umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7755 ./strace-static-x86_64: Process 7755 attached [pid 7755] set_robust_list(0x5555573f6660, 24) = 0 [pid 7755] chdir("./159") = 0 [pid 7755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7755] setpgid(0, 0) = 0 [pid 7755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7755] write(3, "1000", 4) = 4 [pid 7755] close(3) = 0 [pid 7755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7755] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7755] memfd_create("syzkaller", 0) = 3 [pid 7755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7755] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7755] close(3) = 0 [pid 7755] mkdir("./file0", 0777) = 0 [ 104.395041][ T7755] loop0: detected capacity change from 0 to 32768 [ 104.405322][ T7755] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7755) [ 104.420574][ T7755] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.429379][ T7755] BTRFS info (device loop0): setting nodatacow, compression disabled [ 104.437533][ T7755] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 104.448270][ T7755] BTRFS info (device loop0): trying to use backup root at mount time [ 104.456421][ T7755] BTRFS info (device loop0): disabling tree log [ 104.462685][ T7755] BTRFS info (device loop0): enabling auto defrag [ 104.469219][ T7755] BTRFS info (device loop0): using free space tree [ 104.484723][ T7755] BTRFS info (device loop0): enabling ssd optimizations [pid 7755] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7755] chdir("./file0") = 0 [pid 7755] ioctl(4, LOOP_CLR_FD) = 0 [pid 7755] close(4) = 0 [pid 7755] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7755] getpid() = 7755 [pid 7755] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7755] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7755] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7755] exit_group(0) = ? [pid 7755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7755, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 [ 104.491860][ T7755] BTRFS info (device loop0): auto enabling async discard umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7772 ./strace-static-x86_64: Process 7772 attached [pid 7772] set_robust_list(0x5555573f6660, 24) = 0 [pid 7772] chdir("./160") = 0 [pid 7772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7772] setpgid(0, 0) = 0 [pid 7772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7772] write(3, "1000", 4) = 4 [pid 7772] close(3) = 0 [pid 7772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7772] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7772] memfd_create("syzkaller", 0) = 3 [pid 7772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7772] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7772] close(3) = 0 [pid 7772] mkdir("./file0", 0777) = 0 [ 104.765038][ T7772] loop0: detected capacity change from 0 to 32768 [ 104.774588][ T7772] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7772) [ 104.789711][ T7772] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.798608][ T7772] BTRFS info (device loop0): setting nodatacow, compression disabled [ 104.806750][ T7772] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 104.817468][ T7772] BTRFS info (device loop0): trying to use backup root at mount time [ 104.825575][ T7772] BTRFS info (device loop0): disabling tree log [ 104.831966][ T7772] BTRFS info (device loop0): enabling auto defrag [ 104.838451][ T7772] BTRFS info (device loop0): using free space tree [ 104.854424][ T7772] BTRFS info (device loop0): enabling ssd optimizations [pid 7772] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7772] chdir("./file0") = 0 [pid 7772] ioctl(4, LOOP_CLR_FD) = 0 [pid 7772] close(4) = 0 [pid 7772] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7772] getpid() = 7772 [pid 7772] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7772] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7772] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7772] exit_group(0) = ? [pid 7772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7772, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 104.861528][ T7772] BTRFS info (device loop0): auto enabling async discard unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7789 ./strace-static-x86_64: Process 7789 attached [pid 7789] set_robust_list(0x5555573f6660, 24) = 0 [pid 7789] chdir("./161") = 0 [pid 7789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7789] setpgid(0, 0) = 0 [pid 7789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7789] write(3, "1000", 4) = 4 [pid 7789] close(3) = 0 [pid 7789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7789] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7789] memfd_create("syzkaller", 0) = 3 [pid 7789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7789] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7789] close(3) = 0 [pid 7789] mkdir("./file0", 0777) = 0 [ 105.132027][ T7789] loop0: detected capacity change from 0 to 32768 [ 105.140705][ T7789] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7789) [ 105.155374][ T7789] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.164256][ T7789] BTRFS info (device loop0): setting nodatacow, compression disabled [ 105.172445][ T7789] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 105.183091][ T7789] BTRFS info (device loop0): trying to use backup root at mount time [ 105.191281][ T7789] BTRFS info (device loop0): disabling tree log [ 105.197589][ T7789] BTRFS info (device loop0): enabling auto defrag [ 105.204036][ T7789] BTRFS info (device loop0): using free space tree [ 105.219766][ T7789] BTRFS info (device loop0): enabling ssd optimizations [pid 7789] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7789] chdir("./file0") = 0 [pid 7789] ioctl(4, LOOP_CLR_FD) = 0 [pid 7789] close(4) = 0 [pid 7789] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7789] getpid() = 7789 [pid 7789] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7789] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7789] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7789] exit_group(0) = ? [pid 7789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7789, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 [ 105.226809][ T7789] BTRFS info (device loop0): auto enabling async discard umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7806 ./strace-static-x86_64: Process 7806 attached [pid 7806] set_robust_list(0x5555573f6660, 24) = 0 [pid 7806] chdir("./162") = 0 [pid 7806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7806] setpgid(0, 0) = 0 [pid 7806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7806] write(3, "1000", 4) = 4 [pid 7806] close(3) = 0 [pid 7806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7806] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7806] memfd_create("syzkaller", 0) = 3 [pid 7806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7806] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7806] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7806] close(3) = 0 [pid 7806] mkdir("./file0", 0777) = 0 [ 105.507597][ T7806] loop0: detected capacity change from 0 to 32768 [ 105.517251][ T7806] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7806) [ 105.532166][ T7806] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.541319][ T7806] BTRFS info (device loop0): setting nodatacow, compression disabled [ 105.549458][ T7806] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 105.560154][ T7806] BTRFS info (device loop0): trying to use backup root at mount time [ 105.568303][ T7806] BTRFS info (device loop0): disabling tree log [ 105.574554][ T7806] BTRFS info (device loop0): enabling auto defrag [ 105.581452][ T7806] BTRFS info (device loop0): using free space tree [ 105.596929][ T7806] BTRFS info (device loop0): enabling ssd optimizations [pid 7806] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7806] chdir("./file0") = 0 [pid 7806] ioctl(4, LOOP_CLR_FD) = 0 [pid 7806] close(4) = 0 [pid 7806] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7806] getpid() = 7806 [pid 7806] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7806] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7806] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7806] exit_group(0) = ? [pid 7806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7806, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 [ 105.603982][ T7806] BTRFS info (device loop0): auto enabling async discard umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7823 ./strace-static-x86_64: Process 7823 attached [pid 7823] set_robust_list(0x5555573f6660, 24) = 0 [pid 7823] chdir("./163") = 0 [pid 7823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7823] setpgid(0, 0) = 0 [pid 7823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7823] write(3, "1000", 4) = 4 [pid 7823] close(3) = 0 [pid 7823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7823] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7823] memfd_create("syzkaller", 0) = 3 [pid 7823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7823] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7823] close(3) = 0 [pid 7823] mkdir("./file0", 0777) = 0 [ 105.871192][ T7823] loop0: detected capacity change from 0 to 32768 [ 105.880778][ T7823] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7823) [ 105.895808][ T7823] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.904574][ T7823] BTRFS info (device loop0): setting nodatacow, compression disabled [ 105.912685][ T7823] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 105.923301][ T7823] BTRFS info (device loop0): trying to use backup root at mount time [ 105.931413][ T7823] BTRFS info (device loop0): disabling tree log [ 105.937691][ T7823] BTRFS info (device loop0): enabling auto defrag [ 105.944141][ T7823] BTRFS info (device loop0): using free space tree [ 105.960111][ T7823] BTRFS info (device loop0): enabling ssd optimizations [pid 7823] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7823] chdir("./file0") = 0 [pid 7823] ioctl(4, LOOP_CLR_FD) = 0 [pid 7823] close(4) = 0 [pid 7823] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7823] getpid() = 7823 [pid 7823] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7823] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7823] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7823] exit_group(0) = ? [pid 7823] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7823, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 [ 105.967148][ T7823] BTRFS info (device loop0): auto enabling async discard umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7840 ./strace-static-x86_64: Process 7840 attached [pid 7840] set_robust_list(0x5555573f6660, 24) = 0 [pid 7840] chdir("./164") = 0 [pid 7840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7840] setpgid(0, 0) = 0 [pid 7840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7840] write(3, "1000", 4) = 4 [pid 7840] close(3) = 0 [pid 7840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7840] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7840] memfd_create("syzkaller", 0) = 3 [pid 7840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7840] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7840] close(3) = 0 [pid 7840] mkdir("./file0", 0777) = 0 [ 106.231569][ T7840] loop0: detected capacity change from 0 to 32768 [ 106.241387][ T7840] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7840) [ 106.257172][ T7840] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.265907][ T7840] BTRFS info (device loop0): setting nodatacow, compression disabled [ 106.274079][ T7840] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 106.284840][ T7840] BTRFS info (device loop0): trying to use backup root at mount time [ 106.293082][ T7840] BTRFS info (device loop0): disabling tree log [ 106.299381][ T7840] BTRFS info (device loop0): enabling auto defrag [ 106.305812][ T7840] BTRFS info (device loop0): using free space tree [ 106.321230][ T7840] BTRFS info (device loop0): enabling ssd optimizations [pid 7840] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7840] chdir("./file0") = 0 [pid 7840] ioctl(4, LOOP_CLR_FD) = 0 [pid 7840] close(4) = 0 [pid 7840] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7840] getpid() = 7840 [pid 7840] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7840] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7840] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7840] exit_group(0) = ? [pid 7840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7840, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 [ 106.328300][ T7840] BTRFS info (device loop0): auto enabling async discard umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7857 ./strace-static-x86_64: Process 7857 attached [pid 7857] set_robust_list(0x5555573f6660, 24) = 0 [pid 7857] chdir("./165") = 0 [pid 7857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7857] setpgid(0, 0) = 0 [pid 7857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7857] write(3, "1000", 4) = 4 [pid 7857] close(3) = 0 [pid 7857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7857] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7857] memfd_create("syzkaller", 0) = 3 [pid 7857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7857] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7857] close(3) = 0 [pid 7857] mkdir("./file0", 0777) = 0 [ 106.593879][ T7857] loop0: detected capacity change from 0 to 32768 [ 106.604026][ T7857] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7857) [ 106.619859][ T7857] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.628649][ T7857] BTRFS info (device loop0): setting nodatacow, compression disabled [ 106.636839][ T7857] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 106.647523][ T7857] BTRFS info (device loop0): trying to use backup root at mount time [ 106.655607][ T7857] BTRFS info (device loop0): disabling tree log [ 106.662025][ T7857] BTRFS info (device loop0): enabling auto defrag [ 106.668482][ T7857] BTRFS info (device loop0): using free space tree [ 106.685154][ T7857] BTRFS info (device loop0): enabling ssd optimizations [pid 7857] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7857] chdir("./file0") = 0 [pid 7857] ioctl(4, LOOP_CLR_FD) = 0 [pid 7857] close(4) = 0 [pid 7857] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7857] getpid() = 7857 [pid 7857] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7857] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7857] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7857] exit_group(0) = ? [pid 7857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7857, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 [ 106.692295][ T7857] BTRFS info (device loop0): auto enabling async discard umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7874 ./strace-static-x86_64: Process 7874 attached [pid 7874] set_robust_list(0x5555573f6660, 24) = 0 [pid 7874] chdir("./166") = 0 [pid 7874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7874] setpgid(0, 0) = 0 [pid 7874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7874] write(3, "1000", 4) = 4 [pid 7874] close(3) = 0 [pid 7874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7874] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7874] memfd_create("syzkaller", 0) = 3 [pid 7874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7874] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7874] close(3) = 0 [pid 7874] mkdir("./file0", 0777) = 0 [ 106.960776][ T7874] loop0: detected capacity change from 0 to 32768 [ 106.969395][ T7874] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7874) [ 106.984370][ T7874] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.993253][ T7874] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 7874] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7874] chdir("./file0") = 0 [pid 7874] ioctl(4, LOOP_CLR_FD) = 0 [pid 7874] close(4) = 0 [pid 7874] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7874] getpid() = 7874 [pid 7874] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7874] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7874] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7874] exit_group(0) = ? [pid 7874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7874, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 [ 107.001453][ T7874] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 107.012089][ T7874] BTRFS info (device loop0): trying to use backup root at mount time [ 107.020513][ T7874] BTRFS info (device loop0): disabling tree log umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7891 ./strace-static-x86_64: Process 7891 attached [pid 7891] set_robust_list(0x5555573f6660, 24) = 0 [pid 7891] chdir("./167") = 0 [pid 7891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7891] setpgid(0, 0) = 0 [pid 7891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7891] write(3, "1000", 4) = 4 [pid 7891] close(3) = 0 [pid 7891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7891] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7891] memfd_create("syzkaller", 0) = 3 [pid 7891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7891] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7891] close(3) = 0 [pid 7891] mkdir("./file0", 0777) = 0 [pid 7891] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7891] chdir("./file0") = 0 [pid 7891] ioctl(4, LOOP_CLR_FD) = 0 [pid 7891] close(4) = 0 [pid 7891] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7891] getpid() = 7891 [pid 7891] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7891] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7891] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7891] exit_group(0) = ? [pid 7891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7891, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 107.310653][ T7891] loop0: detected capacity change from 0 to 32768 [ 107.320641][ T7891] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7891) [ 107.335923][ T7891] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7908 ./strace-static-x86_64: Process 7908 attached [pid 7908] set_robust_list(0x5555573f6660, 24) = 0 [pid 7908] chdir("./168") = 0 [pid 7908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7908] setpgid(0, 0) = 0 [pid 7908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7908] write(3, "1000", 4) = 4 [pid 7908] close(3) = 0 [pid 7908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7908] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7908] memfd_create("syzkaller", 0) = 3 [pid 7908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7908] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7908] close(3) = 0 [pid 7908] mkdir("./file0", 0777) = 0 [ 107.616195][ T7908] loop0: detected capacity change from 0 to 32768 [ 107.624962][ T7908] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7908) [ 107.640186][ T7908] _btrfs_printk: 12 callbacks suppressed [ 107.640196][ T7908] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.654953][ T7908] BTRFS info (device loop0): setting nodatacow, compression disabled [ 107.663168][ T7908] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 107.673818][ T7908] BTRFS info (device loop0): trying to use backup root at mount time [ 107.682013][ T7908] BTRFS info (device loop0): disabling tree log [ 107.688353][ T7908] BTRFS info (device loop0): enabling auto defrag [ 107.694789][ T7908] BTRFS info (device loop0): using free space tree [pid 7908] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7908] chdir("./file0") = 0 [pid 7908] ioctl(4, LOOP_CLR_FD) = 0 [pid 7908] close(4) = 0 [pid 7908] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7908] getpid() = 7908 [pid 7908] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7908] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7908] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7908] exit_group(0) = ? [pid 7908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7908, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 [ 107.710605][ T7908] BTRFS info (device loop0): enabling ssd optimizations [ 107.717687][ T7908] BTRFS info (device loop0): auto enabling async discard umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7925 ./strace-static-x86_64: Process 7925 attached [pid 7925] set_robust_list(0x5555573f6660, 24) = 0 [pid 7925] chdir("./169") = 0 [pid 7925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7925] setpgid(0, 0) = 0 [pid 7925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7925] write(3, "1000", 4) = 4 [pid 7925] close(3) = 0 [pid 7925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7925] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7925] memfd_create("syzkaller", 0) = 3 [pid 7925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7925] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7925] close(3) = 0 [pid 7925] mkdir("./file0", 0777) = 0 [ 107.994951][ T7925] loop0: detected capacity change from 0 to 32768 [ 108.004913][ T7925] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7925) [ 108.019786][ T7925] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.028660][ T7925] BTRFS info (device loop0): setting nodatacow, compression disabled [ 108.036839][ T7925] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 108.047474][ T7925] BTRFS info (device loop0): trying to use backup root at mount time [ 108.055562][ T7925] BTRFS info (device loop0): disabling tree log [ 108.061906][ T7925] BTRFS info (device loop0): enabling auto defrag [ 108.068413][ T7925] BTRFS info (device loop0): using free space tree [ 108.085127][ T7925] BTRFS info (device loop0): enabling ssd optimizations [pid 7925] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7925] chdir("./file0") = 0 [pid 7925] ioctl(4, LOOP_CLR_FD) = 0 [pid 7925] close(4) = 0 [pid 7925] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7925] getpid() = 7925 [pid 7925] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7925] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7925] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7925] exit_group(0) = ? [pid 7925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7925, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 108.092259][ T7925] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7942 attached , child_tidptr=0x5555573f6650) = 7942 [pid 7942] set_robust_list(0x5555573f6660, 24) = 0 [pid 7942] chdir("./170") = 0 [pid 7942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7942] setpgid(0, 0) = 0 [pid 7942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7942] write(3, "1000", 4) = 4 [pid 7942] close(3) = 0 [pid 7942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7942] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7942] memfd_create("syzkaller", 0) = 3 [pid 7942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7942] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7942] close(3) = 0 [pid 7942] mkdir("./file0", 0777) = 0 [ 108.382941][ T7942] loop0: detected capacity change from 0 to 32768 [ 108.392281][ T7942] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7942) [ 108.407307][ T7942] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.416539][ T7942] BTRFS info (device loop0): setting nodatacow, compression disabled [ 108.424661][ T7942] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 108.435395][ T7942] BTRFS info (device loop0): trying to use backup root at mount time [ 108.443568][ T7942] BTRFS info (device loop0): disabling tree log [ 108.449872][ T7942] BTRFS info (device loop0): enabling auto defrag [ 108.456324][ T7942] BTRFS info (device loop0): using free space tree [ 108.472078][ T7942] BTRFS info (device loop0): enabling ssd optimizations [pid 7942] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7942] chdir("./file0") = 0 [pid 7942] ioctl(4, LOOP_CLR_FD) = 0 [pid 7942] close(4) = 0 [pid 7942] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7942] getpid() = 7942 [pid 7942] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7942] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7942] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7942] exit_group(0) = ? [pid 7942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7942, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 [ 108.479195][ T7942] BTRFS info (device loop0): auto enabling async discard umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7959 ./strace-static-x86_64: Process 7959 attached [pid 7959] set_robust_list(0x5555573f6660, 24) = 0 [pid 7959] chdir("./171") = 0 [pid 7959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7959] setpgid(0, 0) = 0 [pid 7959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7959] write(3, "1000", 4) = 4 [pid 7959] close(3) = 0 [pid 7959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7959] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7959] memfd_create("syzkaller", 0) = 3 [pid 7959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7959] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7959] close(3) = 0 [pid 7959] mkdir("./file0", 0777) = 0 [ 108.757691][ T7959] loop0: detected capacity change from 0 to 32768 [ 108.767817][ T7959] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7959) [ 108.783012][ T7959] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.791817][ T7959] BTRFS info (device loop0): setting nodatacow, compression disabled [ 108.799969][ T7959] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 108.810582][ T7959] BTRFS info (device loop0): trying to use backup root at mount time [ 108.818707][ T7959] BTRFS info (device loop0): disabling tree log [ 108.824958][ T7959] BTRFS info (device loop0): enabling auto defrag [ 108.831404][ T7959] BTRFS info (device loop0): using free space tree [ 108.847697][ T7959] BTRFS info (device loop0): enabling ssd optimizations [pid 7959] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7959] chdir("./file0") = 0 [pid 7959] ioctl(4, LOOP_CLR_FD) = 0 [pid 7959] close(4) = 0 [pid 7959] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7959] getpid() = 7959 [pid 7959] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7959] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7959] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7959] exit_group(0) = ? [pid 7959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7959, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 [ 108.854686][ T7959] BTRFS info (device loop0): auto enabling async discard umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7976 ./strace-static-x86_64: Process 7976 attached [pid 7976] set_robust_list(0x5555573f6660, 24) = 0 [pid 7976] chdir("./172") = 0 [pid 7976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7976] setpgid(0, 0) = 0 [pid 7976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7976] write(3, "1000", 4) = 4 [pid 7976] close(3) = 0 [pid 7976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7976] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7976] memfd_create("syzkaller", 0) = 3 [pid 7976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7976] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7976] close(3) = 0 [pid 7976] mkdir("./file0", 0777) = 0 [ 109.115575][ T7976] loop0: detected capacity change from 0 to 32768 [ 109.124919][ T7976] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7976) [ 109.139287][ T7976] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.148054][ T7976] BTRFS info (device loop0): setting nodatacow, compression disabled [ 109.156144][ T7976] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 109.166837][ T7976] BTRFS info (device loop0): trying to use backup root at mount time [ 109.174911][ T7976] BTRFS info (device loop0): disabling tree log [ 109.181218][ T7976] BTRFS info (device loop0): enabling auto defrag [ 109.187700][ T7976] BTRFS info (device loop0): using free space tree [ 109.203645][ T7976] BTRFS info (device loop0): enabling ssd optimizations [pid 7976] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7976] chdir("./file0") = 0 [pid 7976] ioctl(4, LOOP_CLR_FD) = 0 [pid 7976] close(4) = 0 [pid 7976] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7976] getpid() = 7976 [pid 7976] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7976] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7976] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7976] exit_group(0) = ? [pid 7976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7976, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=18 /* 0.18 s */} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 109.210711][ T7976] BTRFS info (device loop0): auto enabling async discard unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 7993 ./strace-static-x86_64: Process 7993 attached [pid 7993] set_robust_list(0x5555573f6660, 24) = 0 [pid 7993] chdir("./173") = 0 [pid 7993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7993] setpgid(0, 0) = 0 [pid 7993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7993] write(3, "1000", 4) = 4 [pid 7993] close(3) = 0 [pid 7993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7993] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 7993] memfd_create("syzkaller", 0) = 3 [pid 7993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 7993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7993] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 7993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7993] close(3) = 0 [pid 7993] mkdir("./file0", 0777) = 0 [ 109.484989][ T7993] loop0: detected capacity change from 0 to 32768 [ 109.494869][ T7993] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (7993) [ 109.510101][ T7993] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.518945][ T7993] BTRFS info (device loop0): setting nodatacow, compression disabled [ 109.527088][ T7993] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 109.537707][ T7993] BTRFS info (device loop0): trying to use backup root at mount time [ 109.545791][ T7993] BTRFS info (device loop0): disabling tree log [ 109.552110][ T7993] BTRFS info (device loop0): enabling auto defrag [ 109.558573][ T7993] BTRFS info (device loop0): using free space tree [ 109.574145][ T7993] BTRFS info (device loop0): enabling ssd optimizations [pid 7993] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 7993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7993] chdir("./file0") = 0 [pid 7993] ioctl(4, LOOP_CLR_FD) = 0 [pid 7993] close(4) = 0 [pid 7993] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 7993] getpid() = 7993 [pid 7993] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 7993] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7993] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 7993] exit_group(0) = ? [pid 7993] +++ exited with 0 +++ [ 109.581330][ T7993] BTRFS info (device loop0): auto enabling async discard --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7993, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8010 ./strace-static-x86_64: Process 8010 attached [pid 8010] set_robust_list(0x5555573f6660, 24) = 0 [pid 8010] chdir("./174") = 0 [pid 8010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8010] setpgid(0, 0) = 0 [pid 8010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8010] write(3, "1000", 4) = 4 [pid 8010] close(3) = 0 [pid 8010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8010] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8010] memfd_create("syzkaller", 0) = 3 [pid 8010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8010] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8010] close(3) = 0 [pid 8010] mkdir("./file0", 0777) = 0 [ 109.856650][ T8010] loop0: detected capacity change from 0 to 32768 [ 109.865310][ T8010] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8010) [ 109.880270][ T8010] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.889057][ T8010] BTRFS info (device loop0): setting nodatacow, compression disabled [ 109.897154][ T8010] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 109.907788][ T8010] BTRFS info (device loop0): trying to use backup root at mount time [ 109.915889][ T8010] BTRFS info (device loop0): disabling tree log [ 109.922198][ T8010] BTRFS info (device loop0): enabling auto defrag [ 109.928678][ T8010] BTRFS info (device loop0): using free space tree [ 109.944204][ T8010] BTRFS info (device loop0): enabling ssd optimizations [pid 8010] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8010] chdir("./file0") = 0 [pid 8010] ioctl(4, LOOP_CLR_FD) = 0 [pid 8010] close(4) = 0 [pid 8010] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8010] getpid() = 8010 [pid 8010] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8010] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8010] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8010] exit_group(0) = ? [pid 8010] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8010, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 [ 109.951297][ T8010] BTRFS info (device loop0): auto enabling async discard umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8027 ./strace-static-x86_64: Process 8027 attached [pid 8027] set_robust_list(0x5555573f6660, 24) = 0 [pid 8027] chdir("./175") = 0 [pid 8027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8027] setpgid(0, 0) = 0 [pid 8027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8027] write(3, "1000", 4) = 4 [pid 8027] close(3) = 0 [pid 8027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8027] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8027] memfd_create("syzkaller", 0) = 3 [pid 8027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8027] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8027] close(3) = 0 [pid 8027] mkdir("./file0", 0777) = 0 [ 110.220550][ T8027] loop0: detected capacity change from 0 to 32768 [ 110.230910][ T8027] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8027) [ 110.246416][ T8027] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.255134][ T8027] BTRFS info (device loop0): setting nodatacow, compression disabled [ 110.263335][ T8027] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 110.274007][ T8027] BTRFS info (device loop0): trying to use backup root at mount time [ 110.282154][ T8027] BTRFS info (device loop0): disabling tree log [ 110.288549][ T8027] BTRFS info (device loop0): enabling auto defrag [ 110.294998][ T8027] BTRFS info (device loop0): using free space tree [ 110.310858][ T8027] BTRFS info (device loop0): enabling ssd optimizations [pid 8027] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8027] chdir("./file0") = 0 [pid 8027] ioctl(4, LOOP_CLR_FD) = 0 [pid 8027] close(4) = 0 [pid 8027] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8027] getpid() = 8027 [pid 8027] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8027] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8027] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8027] exit_group(0) = ? [pid 8027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8027, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 [ 110.317931][ T8027] BTRFS info (device loop0): auto enabling async discard umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8044 ./strace-static-x86_64: Process 8044 attached [pid 8044] set_robust_list(0x5555573f6660, 24) = 0 [pid 8044] chdir("./176") = 0 [pid 8044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8044] setpgid(0, 0) = 0 [pid 8044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8044] write(3, "1000", 4) = 4 [pid 8044] close(3) = 0 [pid 8044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8044] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8044] memfd_create("syzkaller", 0) = 3 [pid 8044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8044] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8044] close(3) = 0 [pid 8044] mkdir("./file0", 0777) = 0 [ 110.597434][ T8044] loop0: detected capacity change from 0 to 32768 [ 110.606589][ T8044] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8044) [ 110.622191][ T8044] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.631048][ T8044] BTRFS info (device loop0): setting nodatacow, compression disabled [ 110.639251][ T8044] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 110.649900][ T8044] BTRFS info (device loop0): trying to use backup root at mount time [ 110.658050][ T8044] BTRFS info (device loop0): disabling tree log [ 110.664323][ T8044] BTRFS info (device loop0): enabling auto defrag [ 110.670806][ T8044] BTRFS info (device loop0): using free space tree [ 110.687090][ T8044] BTRFS info (device loop0): enabling ssd optimizations [pid 8044] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8044] chdir("./file0") = 0 [pid 8044] ioctl(4, LOOP_CLR_FD) = 0 [pid 8044] close(4) = 0 [pid 8044] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8044] getpid() = 8044 [pid 8044] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8044] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8044] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8044] exit_group(0) = ? [pid 8044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8044, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 [ 110.694077][ T8044] BTRFS info (device loop0): auto enabling async discard umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8061 attached , child_tidptr=0x5555573f6650) = 8061 [pid 8061] set_robust_list(0x5555573f6660, 24) = 0 [pid 8061] chdir("./177") = 0 [pid 8061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8061] setpgid(0, 0) = 0 [pid 8061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8061] write(3, "1000", 4) = 4 [pid 8061] close(3) = 0 [pid 8061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8061] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8061] memfd_create("syzkaller", 0) = 3 [pid 8061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8061] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8061] close(3) = 0 [pid 8061] mkdir("./file0", 0777) = 0 [ 110.969384][ T8061] loop0: detected capacity change from 0 to 32768 [ 110.979828][ T8061] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8061) [ 110.995345][ T8061] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.004357][ T8061] BTRFS info (device loop0): setting nodatacow, compression disabled [ 111.012491][ T8061] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 111.023140][ T8061] BTRFS info (device loop0): trying to use backup root at mount time [ 111.031278][ T8061] BTRFS info (device loop0): disabling tree log [ 111.037595][ T8061] BTRFS info (device loop0): enabling auto defrag [ 111.044030][ T8061] BTRFS info (device loop0): using free space tree [ 111.059932][ T8061] BTRFS info (device loop0): enabling ssd optimizations [pid 8061] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8061] chdir("./file0") = 0 [pid 8061] ioctl(4, LOOP_CLR_FD) = 0 [pid 8061] close(4) = 0 [pid 8061] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8061] getpid() = 8061 [pid 8061] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8061] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8061] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8061] exit_group(0) = ? [pid 8061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8061, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 [ 111.067035][ T8061] BTRFS info (device loop0): auto enabling async discard umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8078 ./strace-static-x86_64: Process 8078 attached [pid 8078] set_robust_list(0x5555573f6660, 24) = 0 [pid 8078] chdir("./178") = 0 [pid 8078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8078] setpgid(0, 0) = 0 [pid 8078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8078] write(3, "1000", 4) = 4 [pid 8078] close(3) = 0 [pid 8078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8078] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8078] memfd_create("syzkaller", 0) = 3 [pid 8078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8078] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8078] close(3) = 0 [pid 8078] mkdir("./file0", 0777) = 0 [ 111.339680][ T8078] loop0: detected capacity change from 0 to 32768 [ 111.349772][ T8078] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8078) [ 111.364928][ T8078] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.373850][ T8078] BTRFS info (device loop0): setting nodatacow, compression disabled [ 111.382248][ T8078] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 111.392969][ T8078] BTRFS info (device loop0): trying to use backup root at mount time [ 111.401086][ T8078] BTRFS info (device loop0): disabling tree log [ 111.407353][ T8078] BTRFS info (device loop0): enabling auto defrag [ 111.413779][ T8078] BTRFS info (device loop0): using free space tree [ 111.429519][ T8078] BTRFS info (device loop0): enabling ssd optimizations [pid 8078] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8078] chdir("./file0") = 0 [pid 8078] ioctl(4, LOOP_CLR_FD) = 0 [pid 8078] close(4) = 0 [pid 8078] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8078] getpid() = 8078 [pid 8078] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8078] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8078] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8078] exit_group(0) = ? [pid 8078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8078, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 [ 111.436510][ T8078] BTRFS info (device loop0): auto enabling async discard umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8095 ./strace-static-x86_64: Process 8095 attached [pid 8095] set_robust_list(0x5555573f6660, 24) = 0 [pid 8095] chdir("./179") = 0 [pid 8095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8095] setpgid(0, 0) = 0 [pid 8095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8095] write(3, "1000", 4) = 4 [pid 8095] close(3) = 0 [pid 8095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8095] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8095] memfd_create("syzkaller", 0) = 3 [pid 8095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8095] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8095] close(3) = 0 [pid 8095] mkdir("./file0", 0777) = 0 [ 111.709388][ T8095] loop0: detected capacity change from 0 to 32768 [ 111.718132][ T8095] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8095) [ 111.733148][ T8095] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.742007][ T8095] BTRFS info (device loop0): setting nodatacow, compression disabled [ 111.750164][ T8095] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 111.760837][ T8095] BTRFS info (device loop0): trying to use backup root at mount time [ 111.768953][ T8095] BTRFS info (device loop0): disabling tree log [ 111.775247][ T8095] BTRFS info (device loop0): enabling auto defrag [ 111.781711][ T8095] BTRFS info (device loop0): using free space tree [ 111.796850][ T8095] BTRFS info (device loop0): enabling ssd optimizations [pid 8095] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8095] chdir("./file0") = 0 [pid 8095] ioctl(4, LOOP_CLR_FD) = 0 [pid 8095] close(4) = 0 [pid 8095] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8095] getpid() = 8095 [pid 8095] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8095] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8095] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8095] exit_group(0) = ? [pid 8095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8095, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 111.803810][ T8095] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8112 ./strace-static-x86_64: Process 8112 attached [pid 8112] set_robust_list(0x5555573f6660, 24) = 0 [pid 8112] chdir("./180") = 0 [pid 8112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8112] setpgid(0, 0) = 0 [pid 8112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8112] write(3, "1000", 4) = 4 [pid 8112] close(3) = 0 [pid 8112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8112] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8112] memfd_create("syzkaller", 0) = 3 [pid 8112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8112] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8112] close(3) = 0 [pid 8112] mkdir("./file0", 0777) = 0 [ 112.079035][ T8112] loop0: detected capacity change from 0 to 32768 [ 112.088650][ T8112] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8112) [ 112.104154][ T8112] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.113125][ T8112] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 8112] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8112] chdir("./file0") = 0 [pid 8112] ioctl(4, LOOP_CLR_FD) = 0 [pid 8112] close(4) = 0 [pid 8112] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8112] getpid() = 8112 [pid 8112] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8112] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8112] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [ 112.121299][ T8112] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 112.131944][ T8112] BTRFS info (device loop0): trying to use backup root at mount time [ 112.140097][ T8112] BTRFS info (device loop0): disabling tree log [pid 8112] exit_group(0) = ? [pid 8112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8112, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8129 ./strace-static-x86_64: Process 8129 attached [pid 8129] set_robust_list(0x5555573f6660, 24) = 0 [pid 8129] chdir("./181") = 0 [pid 8129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8129] setpgid(0, 0) = 0 [pid 8129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8129] write(3, "1000", 4) = 4 [pid 8129] close(3) = 0 [pid 8129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8129] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8129] memfd_create("syzkaller", 0) = 3 [pid 8129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8129] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8129] close(3) = 0 [pid 8129] mkdir("./file0", 0777) = 0 [pid 8129] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8129] chdir("./file0") = 0 [pid 8129] ioctl(4, LOOP_CLR_FD) = 0 [pid 8129] close(4) = 0 [pid 8129] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8129] getpid() = 8129 [pid 8129] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8129] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8129] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8129] exit_group(0) = ? [pid 8129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8129, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 [ 112.423078][ T8129] loop0: detected capacity change from 0 to 32768 [ 112.431745][ T8129] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8129) [ 112.446722][ T8129] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8146 ./strace-static-x86_64: Process 8146 attached [pid 8146] set_robust_list(0x5555573f6660, 24) = 0 [pid 8146] chdir("./182") = 0 [pid 8146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8146] setpgid(0, 0) = 0 [pid 8146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8146] write(3, "1000", 4) = 4 [pid 8146] close(3) = 0 [pid 8146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8146] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8146] memfd_create("syzkaller", 0) = 3 [pid 8146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8146] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8146] close(3) = 0 [pid 8146] mkdir("./file0", 0777) = 0 [ 112.727448][ T8146] loop0: detected capacity change from 0 to 32768 [ 112.737277][ T8146] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8146) [ 112.751647][ T8146] _btrfs_printk: 12 callbacks suppressed [ 112.751661][ T8146] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.766160][ T8146] BTRFS info (device loop0): setting nodatacow, compression disabled [ 112.774307][ T8146] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 112.784991][ T8146] BTRFS info (device loop0): trying to use backup root at mount time [ 112.793140][ T8146] BTRFS info (device loop0): disabling tree log [ 112.799477][ T8146] BTRFS info (device loop0): enabling auto defrag [ 112.805911][ T8146] BTRFS info (device loop0): using free space tree [pid 8146] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8146] chdir("./file0") = 0 [pid 8146] ioctl(4, LOOP_CLR_FD) = 0 [pid 8146] close(4) = 0 [pid 8146] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8146] getpid() = 8146 [pid 8146] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8146] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8146] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8146] exit_group(0) = ? [pid 8146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8146, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 [ 112.821557][ T8146] BTRFS info (device loop0): enabling ssd optimizations [ 112.828628][ T8146] BTRFS info (device loop0): auto enabling async discard umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8163 ./strace-static-x86_64: Process 8163 attached [pid 8163] set_robust_list(0x5555573f6660, 24) = 0 [pid 8163] chdir("./183") = 0 [pid 8163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8163] setpgid(0, 0) = 0 [pid 8163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8163] write(3, "1000", 4) = 4 [pid 8163] close(3) = 0 [pid 8163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8163] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8163] memfd_create("syzkaller", 0) = 3 [pid 8163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8163] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8163] close(3) = 0 [pid 8163] mkdir("./file0", 0777) = 0 [ 113.113743][ T8163] loop0: detected capacity change from 0 to 32768 [ 113.124029][ T8163] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8163) [ 113.140072][ T8163] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.148863][ T8163] BTRFS info (device loop0): setting nodatacow, compression disabled [ 113.157016][ T8163] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 113.167674][ T8163] BTRFS info (device loop0): trying to use backup root at mount time [ 113.175756][ T8163] BTRFS info (device loop0): disabling tree log [ 113.182096][ T8163] BTRFS info (device loop0): enabling auto defrag [ 113.188558][ T8163] BTRFS info (device loop0): using free space tree [ 113.204727][ T8163] BTRFS info (device loop0): enabling ssd optimizations [pid 8163] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8163] chdir("./file0") = 0 [pid 8163] ioctl(4, LOOP_CLR_FD) = 0 [pid 8163] close(4) = 0 [pid 8163] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8163] getpid() = 8163 [pid 8163] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8163] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8163] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8163] exit_group(0) = ? [pid 8163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8163, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 113.211822][ T8163] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8180 ./strace-static-x86_64: Process 8180 attached [pid 8180] set_robust_list(0x5555573f6660, 24) = 0 [pid 8180] chdir("./184") = 0 [pid 8180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8180] setpgid(0, 0) = 0 [pid 8180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8180] write(3, "1000", 4) = 4 [pid 8180] close(3) = 0 [pid 8180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8180] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8180] memfd_create("syzkaller", 0) = 3 [pid 8180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8180] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8180] close(3) = 0 [pid 8180] mkdir("./file0", 0777) = 0 [ 113.486560][ T8180] loop0: detected capacity change from 0 to 32768 [ 113.495584][ T8180] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8180) [ 113.510415][ T8180] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.519181][ T8180] BTRFS info (device loop0): setting nodatacow, compression disabled [ 113.527333][ T8180] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 113.538162][ T8180] BTRFS info (device loop0): trying to use backup root at mount time [ 113.546237][ T8180] BTRFS info (device loop0): disabling tree log [ 113.552519][ T8180] BTRFS info (device loop0): enabling auto defrag [ 113.559012][ T8180] BTRFS info (device loop0): using free space tree [ 113.574539][ T8180] BTRFS info (device loop0): enabling ssd optimizations [pid 8180] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8180] chdir("./file0") = 0 [pid 8180] ioctl(4, LOOP_CLR_FD) = 0 [pid 8180] close(4) = 0 [pid 8180] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8180] getpid() = 8180 [pid 8180] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8180] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8180] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [ 113.581562][ T8180] BTRFS info (device loop0): auto enabling async discard [pid 8180] exit_group(0) = ? [pid 8180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8180, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8197 ./strace-static-x86_64: Process 8197 attached [pid 8197] set_robust_list(0x5555573f6660, 24) = 0 [pid 8197] chdir("./185") = 0 [pid 8197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8197] setpgid(0, 0) = 0 [pid 8197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8197] write(3, "1000", 4) = 4 [pid 8197] close(3) = 0 [pid 8197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8197] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8197] memfd_create("syzkaller", 0) = 3 [pid 8197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8197] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8197] close(3) = 0 [pid 8197] mkdir("./file0", 0777) = 0 [ 113.851533][ T8197] loop0: detected capacity change from 0 to 32768 [ 113.860716][ T8197] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8197) [ 113.876266][ T8197] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.885093][ T8197] BTRFS info (device loop0): setting nodatacow, compression disabled [ 113.893385][ T8197] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 113.904065][ T8197] BTRFS info (device loop0): trying to use backup root at mount time [ 113.912257][ T8197] BTRFS info (device loop0): disabling tree log [ 113.918582][ T8197] BTRFS info (device loop0): enabling auto defrag [ 113.925020][ T8197] BTRFS info (device loop0): using free space tree [ 113.940907][ T8197] BTRFS info (device loop0): enabling ssd optimizations [pid 8197] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8197] chdir("./file0") = 0 [pid 8197] ioctl(4, LOOP_CLR_FD) = 0 [pid 8197] close(4) = 0 [pid 8197] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8197] getpid() = 8197 [pid 8197] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8197] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8197] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8197] exit_group(0) = ? [pid 8197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8197, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 113.948062][ T8197] BTRFS info (device loop0): auto enabling async discard unlink("./185/binderfs") = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8214 ./strace-static-x86_64: Process 8214 attached [pid 8214] set_robust_list(0x5555573f6660, 24) = 0 [pid 8214] chdir("./186") = 0 [pid 8214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8214] setpgid(0, 0) = 0 [pid 8214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8214] write(3, "1000", 4) = 4 [pid 8214] close(3) = 0 [pid 8214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8214] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8214] memfd_create("syzkaller", 0) = 3 [pid 8214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8214] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8214] close(3) = 0 [pid 8214] mkdir("./file0", 0777) = 0 [ 114.223003][ T8214] loop0: detected capacity change from 0 to 32768 [ 114.232309][ T8214] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8214) [ 114.247575][ T8214] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.256271][ T8214] BTRFS info (device loop0): setting nodatacow, compression disabled [ 114.264387][ T8214] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 114.275047][ T8214] BTRFS info (device loop0): trying to use backup root at mount time [ 114.283184][ T8214] BTRFS info (device loop0): disabling tree log [ 114.289646][ T8214] BTRFS info (device loop0): enabling auto defrag [ 114.296083][ T8214] BTRFS info (device loop0): using free space tree [ 114.312113][ T8214] BTRFS info (device loop0): enabling ssd optimizations [pid 8214] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8214] chdir("./file0") = 0 [pid 8214] ioctl(4, LOOP_CLR_FD) = 0 [pid 8214] close(4) = 0 [pid 8214] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8214] getpid() = 8214 [pid 8214] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8214] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8214] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8214] exit_group(0) = ? [pid 8214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8214, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 [ 114.319257][ T8214] BTRFS info (device loop0): auto enabling async discard umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8231 ./strace-static-x86_64: Process 8231 attached [pid 8231] set_robust_list(0x5555573f6660, 24) = 0 [pid 8231] chdir("./187") = 0 [pid 8231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8231] setpgid(0, 0) = 0 [pid 8231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8231] write(3, "1000", 4) = 4 [pid 8231] close(3) = 0 [pid 8231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8231] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8231] memfd_create("syzkaller", 0) = 3 [pid 8231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8231] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8231] close(3) = 0 [pid 8231] mkdir("./file0", 0777) = 0 [ 114.578831][ T8231] loop0: detected capacity change from 0 to 32768 [ 114.589013][ T8231] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8231) [ 114.604035][ T8231] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.612903][ T8231] BTRFS info (device loop0): setting nodatacow, compression disabled [ 114.621113][ T8231] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 114.631787][ T8231] BTRFS info (device loop0): trying to use backup root at mount time [ 114.639935][ T8231] BTRFS info (device loop0): disabling tree log [ 114.646180][ T8231] BTRFS info (device loop0): enabling auto defrag [ 114.652666][ T8231] BTRFS info (device loop0): using free space tree [ 114.667816][ T8231] BTRFS info (device loop0): enabling ssd optimizations [pid 8231] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8231] chdir("./file0") = 0 [pid 8231] ioctl(4, LOOP_CLR_FD) = 0 [pid 8231] close(4) = 0 [pid 8231] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8231] getpid() = 8231 [pid 8231] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8231] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8231] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8231] exit_group(0) = ? [pid 8231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8231, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 [ 114.674757][ T8231] BTRFS info (device loop0): auto enabling async discard umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8248 ./strace-static-x86_64: Process 8248 attached [pid 8248] set_robust_list(0x5555573f6660, 24) = 0 [pid 8248] chdir("./188") = 0 [pid 8248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8248] setpgid(0, 0) = 0 [pid 8248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8248] write(3, "1000", 4) = 4 [pid 8248] close(3) = 0 [pid 8248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8248] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8248] memfd_create("syzkaller", 0) = 3 [pid 8248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8248] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8248] close(3) = 0 [pid 8248] mkdir("./file0", 0777) = 0 [ 114.953047][ T8248] loop0: detected capacity change from 0 to 32768 [ 114.961950][ T8248] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8248) [ 114.976921][ T8248] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.985770][ T8248] BTRFS info (device loop0): setting nodatacow, compression disabled [ 114.993926][ T8248] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 115.004535][ T8248] BTRFS info (device loop0): trying to use backup root at mount time [ 115.012641][ T8248] BTRFS info (device loop0): disabling tree log [ 115.018924][ T8248] BTRFS info (device loop0): enabling auto defrag [ 115.025341][ T8248] BTRFS info (device loop0): using free space tree [ 115.041055][ T8248] BTRFS info (device loop0): enabling ssd optimizations [pid 8248] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8248] chdir("./file0") = 0 [pid 8248] ioctl(4, LOOP_CLR_FD) = 0 [pid 8248] close(4) = 0 [pid 8248] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8248] getpid() = 8248 [pid 8248] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8248] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8248] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8248] exit_group(0) = ? [pid 8248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8248, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 115.048146][ T8248] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8265 ./strace-static-x86_64: Process 8265 attached [pid 8265] set_robust_list(0x5555573f6660, 24) = 0 [pid 8265] chdir("./189") = 0 [pid 8265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8265] setpgid(0, 0) = 0 [pid 8265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8265] write(3, "1000", 4) = 4 [pid 8265] close(3) = 0 [pid 8265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8265] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8265] memfd_create("syzkaller", 0) = 3 [pid 8265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8265] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8265] close(3) = 0 [pid 8265] mkdir("./file0", 0777) = 0 [ 115.316554][ T8265] loop0: detected capacity change from 0 to 32768 [ 115.326632][ T8265] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8265) [ 115.341401][ T8265] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.350221][ T8265] BTRFS info (device loop0): setting nodatacow, compression disabled [ 115.358393][ T8265] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 115.369005][ T8265] BTRFS info (device loop0): trying to use backup root at mount time [ 115.377131][ T8265] BTRFS info (device loop0): disabling tree log [ 115.383388][ T8265] BTRFS info (device loop0): enabling auto defrag [ 115.389861][ T8265] BTRFS info (device loop0): using free space tree [ 115.405726][ T8265] BTRFS info (device loop0): enabling ssd optimizations [pid 8265] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8265] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8265] chdir("./file0") = 0 [pid 8265] ioctl(4, LOOP_CLR_FD) = 0 [pid 8265] close(4) = 0 [pid 8265] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8265] getpid() = 8265 [pid 8265] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8265] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8265] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8265] exit_group(0) = ? [pid 8265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8265, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 [ 115.412880][ T8265] BTRFS info (device loop0): auto enabling async discard umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8282 ./strace-static-x86_64: Process 8282 attached [pid 8282] set_robust_list(0x5555573f6660, 24) = 0 [pid 8282] chdir("./190") = 0 [pid 8282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8282] setpgid(0, 0) = 0 [pid 8282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8282] write(3, "1000", 4) = 4 [pid 8282] close(3) = 0 [pid 8282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8282] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8282] memfd_create("syzkaller", 0) = 3 [pid 8282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8282] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8282] close(3) = 0 [pid 8282] mkdir("./file0", 0777) = 0 [ 115.688713][ T8282] loop0: detected capacity change from 0 to 32768 [ 115.698240][ T8282] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8282) [ 115.713134][ T8282] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.721929][ T8282] BTRFS info (device loop0): setting nodatacow, compression disabled [ 115.730042][ T8282] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 115.740696][ T8282] BTRFS info (device loop0): trying to use backup root at mount time [ 115.748832][ T8282] BTRFS info (device loop0): disabling tree log [ 115.755084][ T8282] BTRFS info (device loop0): enabling auto defrag [ 115.761563][ T8282] BTRFS info (device loop0): using free space tree [ 115.777926][ T8282] BTRFS info (device loop0): enabling ssd optimizations [pid 8282] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8282] chdir("./file0") = 0 [pid 8282] ioctl(4, LOOP_CLR_FD) = 0 [pid 8282] close(4) = 0 [pid 8282] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8282] getpid() = 8282 [pid 8282] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8282] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8282] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8282] exit_group(0) = ? [pid 8282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8282, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 [ 115.784914][ T8282] BTRFS info (device loop0): auto enabling async discard umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8299 attached , child_tidptr=0x5555573f6650) = 8299 [pid 8299] set_robust_list(0x5555573f6660, 24) = 0 [pid 8299] chdir("./191") = 0 [pid 8299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8299] setpgid(0, 0) = 0 [pid 8299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8299] write(3, "1000", 4) = 4 [pid 8299] close(3) = 0 [pid 8299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8299] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8299] memfd_create("syzkaller", 0) = 3 [pid 8299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8299] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8299] close(3) = 0 [pid 8299] mkdir("./file0", 0777) = 0 [ 116.072509][ T8299] loop0: detected capacity change from 0 to 32768 [ 116.082062][ T8299] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8299) [ 116.096533][ T8299] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.105230][ T8299] BTRFS info (device loop0): setting nodatacow, compression disabled [ 116.113345][ T8299] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 116.123983][ T8299] BTRFS info (device loop0): trying to use backup root at mount time [ 116.132098][ T8299] BTRFS info (device loop0): disabling tree log [ 116.138409][ T8299] BTRFS info (device loop0): enabling auto defrag [ 116.144848][ T8299] BTRFS info (device loop0): using free space tree [ 116.160705][ T8299] BTRFS info (device loop0): enabling ssd optimizations [pid 8299] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8299] chdir("./file0") = 0 [pid 8299] ioctl(4, LOOP_CLR_FD) = 0 [pid 8299] close(4) = 0 [pid 8299] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8299] getpid() = 8299 [pid 8299] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8299] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8299] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8299] exit_group(0) = ? [pid 8299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8299, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 [ 116.167725][ T8299] BTRFS info (device loop0): auto enabling async discard umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8316 ./strace-static-x86_64: Process 8316 attached [pid 8316] set_robust_list(0x5555573f6660, 24) = 0 [pid 8316] chdir("./192") = 0 [pid 8316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8316] setpgid(0, 0) = 0 [pid 8316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8316] write(3, "1000", 4) = 4 [pid 8316] close(3) = 0 [pid 8316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8316] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8316] memfd_create("syzkaller", 0) = 3 [pid 8316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8316] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8316] close(3) = 0 [pid 8316] mkdir("./file0", 0777) = 0 [ 116.435161][ T8316] loop0: detected capacity change from 0 to 32768 [ 116.444326][ T8316] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8316) [ 116.459739][ T8316] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.468590][ T8316] BTRFS info (device loop0): setting nodatacow, compression disabled [ 116.476765][ T8316] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 116.487448][ T8316] BTRFS info (device loop0): trying to use backup root at mount time [ 116.495542][ T8316] BTRFS info (device loop0): disabling tree log [ 116.501886][ T8316] BTRFS info (device loop0): enabling auto defrag [ 116.508374][ T8316] BTRFS info (device loop0): using free space tree [ 116.524625][ T8316] BTRFS info (device loop0): enabling ssd optimizations [pid 8316] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8316] chdir("./file0") = 0 [pid 8316] ioctl(4, LOOP_CLR_FD) = 0 [pid 8316] close(4) = 0 [pid 8316] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8316] getpid() = 8316 [pid 8316] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8316] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8316] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8316] exit_group(0) = ? [pid 8316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8316, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 116.531669][ T8316] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8333 ./strace-static-x86_64: Process 8333 attached [pid 8333] set_robust_list(0x5555573f6660, 24) = 0 [pid 8333] chdir("./193") = 0 [pid 8333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8333] setpgid(0, 0) = 0 [pid 8333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8333] write(3, "1000", 4) = 4 [pid 8333] close(3) = 0 [pid 8333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8333] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8333] memfd_create("syzkaller", 0) = 3 [pid 8333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8333] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8333] close(3) = 0 [pid 8333] mkdir("./file0", 0777) = 0 [ 116.810447][ T8333] loop0: detected capacity change from 0 to 32768 [ 116.819573][ T8333] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8333) [ 116.834431][ T8333] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.843356][ T8333] BTRFS info (device loop0): setting nodatacow, compression disabled [ 116.851660][ T8333] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 116.862309][ T8333] BTRFS info (device loop0): trying to use backup root at mount time [ 116.870462][ T8333] BTRFS info (device loop0): disabling tree log [ 116.876737][ T8333] BTRFS info (device loop0): enabling auto defrag [ 116.883161][ T8333] BTRFS info (device loop0): using free space tree [ 116.899254][ T8333] BTRFS info (device loop0): enabling ssd optimizations [pid 8333] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8333] chdir("./file0") = 0 [pid 8333] ioctl(4, LOOP_CLR_FD) = 0 [pid 8333] close(4) = 0 [pid 8333] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8333] getpid() = 8333 [pid 8333] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8333] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8333] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8333] exit_group(0) = ? [pid 8333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8333, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 [ 116.906439][ T8333] BTRFS info (device loop0): auto enabling async discard umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8350 ./strace-static-x86_64: Process 8350 attached [pid 8350] set_robust_list(0x5555573f6660, 24) = 0 [pid 8350] chdir("./194") = 0 [pid 8350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8350] setpgid(0, 0) = 0 [pid 8350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8350] write(3, "1000", 4) = 4 [pid 8350] close(3) = 0 [pid 8350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8350] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8350] memfd_create("syzkaller", 0) = 3 [pid 8350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8350] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8350] close(3) = 0 [pid 8350] mkdir("./file0", 0777) = 0 [ 117.171215][ T8350] loop0: detected capacity change from 0 to 32768 [ 117.181061][ T8350] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8350) [ 117.197447][ T8350] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.206149][ T8350] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 8350] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8350] chdir("./file0") = 0 [pid 8350] ioctl(4, LOOP_CLR_FD) = 0 [pid 8350] close(4) = 0 [pid 8350] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8350] getpid() = 8350 [pid 8350] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8350] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8350] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8350] exit_group(0) = ? [pid 8350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8350, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 117.214285][ T8350] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 117.224907][ T8350] BTRFS info (device loop0): trying to use backup root at mount time [ 117.233018][ T8350] BTRFS info (device loop0): disabling tree log unlink("./194/binderfs") = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8367 ./strace-static-x86_64: Process 8367 attached [pid 8367] set_robust_list(0x5555573f6660, 24) = 0 [pid 8367] chdir("./195") = 0 [pid 8367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8367] setpgid(0, 0) = 0 [pid 8367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8367] write(3, "1000", 4) = 4 [pid 8367] close(3) = 0 [pid 8367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8367] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8367] memfd_create("syzkaller", 0) = 3 [pid 8367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8367] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8367] close(3) = 0 [pid 8367] mkdir("./file0", 0777) = 0 [pid 8367] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8367] chdir("./file0") = 0 [pid 8367] ioctl(4, LOOP_CLR_FD) = 0 [pid 8367] close(4) = 0 [pid 8367] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8367] getpid() = 8367 [pid 8367] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8367] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8367] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [ 117.518255][ T8367] loop0: detected capacity change from 0 to 32768 [ 117.527561][ T8367] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8367) [ 117.542339][ T8367] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 8367] exit_group(0) = ? [pid 8367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8367, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8384 attached [pid 8384] set_robust_list(0x5555573f6660, 24) = 0 [pid 8384] chdir("./196") = 0 [pid 8384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8384] setpgid(0, 0) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x5555573f6650) = 8384 [pid 8384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8384] write(3, "1000", 4) = 4 [pid 8384] close(3) = 0 [pid 8384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8384] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8384] memfd_create("syzkaller", 0) = 3 [pid 8384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8384] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8384] close(3) = 0 [pid 8384] mkdir("./file0", 0777) = 0 [ 117.830596][ T8384] loop0: detected capacity change from 0 to 32768 [ 117.840579][ T8384] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8384) [ 117.855640][ T8384] _btrfs_printk: 12 callbacks suppressed [ 117.855652][ T8384] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.870274][ T8384] BTRFS info (device loop0): setting nodatacow, compression disabled [ 117.878445][ T8384] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 117.889114][ T8384] BTRFS info (device loop0): trying to use backup root at mount time [ 117.897267][ T8384] BTRFS info (device loop0): disabling tree log [ 117.903533][ T8384] BTRFS info (device loop0): enabling auto defrag [ 117.910113][ T8384] BTRFS info (device loop0): using free space tree [pid 8384] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8384] chdir("./file0") = 0 [pid 8384] ioctl(4, LOOP_CLR_FD) = 0 [pid 8384] close(4) = 0 [pid 8384] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8384] getpid() = 8384 [pid 8384] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8384] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8384] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8384] exit_group(0) = ? [pid 8384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8384, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 [ 117.925182][ T8384] BTRFS info (device loop0): enabling ssd optimizations [ 117.932214][ T8384] BTRFS info (device loop0): auto enabling async discard umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8401 ./strace-static-x86_64: Process 8401 attached [pid 8401] set_robust_list(0x5555573f6660, 24) = 0 [pid 8401] chdir("./197") = 0 [pid 8401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8401] setpgid(0, 0) = 0 [pid 8401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8401] write(3, "1000", 4) = 4 [pid 8401] close(3) = 0 [pid 8401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8401] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8401] memfd_create("syzkaller", 0) = 3 [pid 8401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8401] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8401] close(3) = 0 [pid 8401] mkdir("./file0", 0777) = 0 [ 118.201557][ T8401] loop0: detected capacity change from 0 to 32768 [ 118.211319][ T8401] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8401) [ 118.226273][ T8401] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.235508][ T8401] BTRFS info (device loop0): setting nodatacow, compression disabled [ 118.243741][ T8401] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 118.254533][ T8401] BTRFS info (device loop0): trying to use backup root at mount time [ 118.262761][ T8401] BTRFS info (device loop0): disabling tree log [ 118.269042][ T8401] BTRFS info (device loop0): enabling auto defrag [ 118.275447][ T8401] BTRFS info (device loop0): using free space tree [ 118.291343][ T8401] BTRFS info (device loop0): enabling ssd optimizations [pid 8401] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8401] chdir("./file0") = 0 [pid 8401] ioctl(4, LOOP_CLR_FD) = 0 [pid 8401] close(4) = 0 [pid 8401] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8401] getpid() = 8401 [pid 8401] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8401] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8401] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8401] exit_group(0) = ? [pid 8401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8401, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 [ 118.298394][ T8401] BTRFS info (device loop0): auto enabling async discard umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8418 ./strace-static-x86_64: Process 8418 attached [pid 8418] set_robust_list(0x5555573f6660, 24) = 0 [pid 8418] chdir("./198") = 0 [pid 8418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8418] setpgid(0, 0) = 0 [pid 8418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8418] write(3, "1000", 4) = 4 [pid 8418] close(3) = 0 [pid 8418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8418] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8418] memfd_create("syzkaller", 0) = 3 [pid 8418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8418] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8418] close(3) = 0 [pid 8418] mkdir("./file0", 0777) = 0 [ 118.571302][ T8418] loop0: detected capacity change from 0 to 32768 [ 118.579951][ T8418] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8418) [ 118.593943][ T8418] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.602696][ T8418] BTRFS info (device loop0): setting nodatacow, compression disabled [ 118.610872][ T8418] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 8418] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8418] chdir("./file0") = 0 [pid 8418] ioctl(4, LOOP_CLR_FD) = 0 [pid 8418] close(4) = 0 [pid 8418] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8418] getpid() = 8418 [pid 8418] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8418] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8418] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8418] exit_group(0) = ? [pid 8418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8418, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 [ 118.621497][ T8418] BTRFS info (device loop0): trying to use backup root at mount time [ 118.629584][ T8418] BTRFS info (device loop0): disabling tree log [ 118.635821][ T8418] BTRFS info (device loop0): enabling auto defrag [ 118.642352][ T8418] BTRFS info (device loop0): using free space tree [ 118.657873][ T8418] BTRFS info (device loop0): enabling ssd optimizations [ 118.664827][ T8418] BTRFS info (device loop0): auto enabling async discard umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8435 ./strace-static-x86_64: Process 8435 attached [pid 8435] set_robust_list(0x5555573f6660, 24) = 0 [pid 8435] chdir("./199") = 0 [pid 8435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8435] setpgid(0, 0) = 0 [pid 8435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8435] write(3, "1000", 4) = 4 [pid 8435] close(3) = 0 [pid 8435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8435] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8435] memfd_create("syzkaller", 0) = 3 [pid 8435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8435] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8435] close(3) = 0 [pid 8435] mkdir("./file0", 0777) = 0 [ 118.930581][ T8435] loop0: detected capacity change from 0 to 32768 [ 118.939939][ T8435] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8435) [ 118.955266][ T8435] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.964020][ T8435] BTRFS info (device loop0): setting nodatacow, compression disabled [ 118.972126][ T8435] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 118.982776][ T8435] BTRFS info (device loop0): trying to use backup root at mount time [ 118.990918][ T8435] BTRFS info (device loop0): disabling tree log [ 118.997217][ T8435] BTRFS info (device loop0): enabling auto defrag [ 119.003631][ T8435] BTRFS info (device loop0): using free space tree [ 119.019504][ T8435] BTRFS info (device loop0): enabling ssd optimizations [pid 8435] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8435] chdir("./file0") = 0 [pid 8435] ioctl(4, LOOP_CLR_FD) = 0 [pid 8435] close(4) = 0 [pid 8435] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8435] getpid() = 8435 [pid 8435] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8435] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8435] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8435] exit_group(0) = ? [pid 8435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8435, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 119.026584][ T8435] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8452 ./strace-static-x86_64: Process 8452 attached [pid 8452] set_robust_list(0x5555573f6660, 24) = 0 [pid 8452] chdir("./200") = 0 [pid 8452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8452] setpgid(0, 0) = 0 [pid 8452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8452] write(3, "1000", 4) = 4 [pid 8452] close(3) = 0 [pid 8452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8452] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8452] memfd_create("syzkaller", 0) = 3 [pid 8452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8452] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8452] close(3) = 0 [pid 8452] mkdir("./file0", 0777) = 0 [ 119.305929][ T8452] loop0: detected capacity change from 0 to 32768 [ 119.315468][ T8452] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8452) [ 119.330536][ T8452] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.339345][ T8452] BTRFS info (device loop0): setting nodatacow, compression disabled [ 119.347458][ T8452] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 119.358075][ T8452] BTRFS info (device loop0): trying to use backup root at mount time [ 119.366142][ T8452] BTRFS info (device loop0): disabling tree log [ 119.372445][ T8452] BTRFS info (device loop0): enabling auto defrag [ 119.378904][ T8452] BTRFS info (device loop0): using free space tree [ 119.395245][ T8452] BTRFS info (device loop0): enabling ssd optimizations [pid 8452] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8452] chdir("./file0") = 0 [pid 8452] ioctl(4, LOOP_CLR_FD) = 0 [pid 8452] close(4) = 0 [pid 8452] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8452] getpid() = 8452 [pid 8452] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8452] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8452] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8452] exit_group(0) = ? [pid 8452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8452, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.402305][ T8452] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8469 ./strace-static-x86_64: Process 8469 attached [pid 8469] set_robust_list(0x5555573f6660, 24) = 0 [pid 8469] chdir("./201") = 0 [pid 8469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8469] setpgid(0, 0) = 0 [pid 8469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8469] write(3, "1000", 4) = 4 [pid 8469] close(3) = 0 [pid 8469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8469] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8469] memfd_create("syzkaller", 0) = 3 [pid 8469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8469] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8469] close(3) = 0 [pid 8469] mkdir("./file0", 0777) = 0 [ 119.682483][ T8469] loop0: detected capacity change from 0 to 32768 [ 119.692102][ T8469] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8469) [ 119.707039][ T8469] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.715786][ T8469] BTRFS info (device loop0): setting nodatacow, compression disabled [ 119.724366][ T8469] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 119.735042][ T8469] BTRFS info (device loop0): trying to use backup root at mount time [ 119.743137][ T8469] BTRFS info (device loop0): disabling tree log [ 119.749426][ T8469] BTRFS info (device loop0): enabling auto defrag [ 119.755888][ T8469] BTRFS info (device loop0): using free space tree [ 119.771624][ T8469] BTRFS info (device loop0): enabling ssd optimizations [pid 8469] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8469] chdir("./file0") = 0 [pid 8469] ioctl(4, LOOP_CLR_FD) = 0 [pid 8469] close(4) = 0 [pid 8469] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8469] getpid() = 8469 [pid 8469] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8469] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8469] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8469] exit_group(0) = ? [pid 8469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8469, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 [ 119.778783][ T8469] BTRFS info (device loop0): auto enabling async discard umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8486 ./strace-static-x86_64: Process 8486 attached [pid 8486] set_robust_list(0x5555573f6660, 24) = 0 [pid 8486] chdir("./202") = 0 [pid 8486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8486] setpgid(0, 0) = 0 [pid 8486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8486] write(3, "1000", 4) = 4 [pid 8486] close(3) = 0 [pid 8486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8486] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8486] memfd_create("syzkaller", 0) = 3 [pid 8486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8486] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8486] close(3) = 0 [pid 8486] mkdir("./file0", 0777) = 0 [ 120.046801][ T8486] loop0: detected capacity change from 0 to 32768 [ 120.055654][ T8486] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8486) [ 120.070381][ T8486] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.079155][ T8486] BTRFS info (device loop0): setting nodatacow, compression disabled [ 120.087308][ T8486] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 120.098020][ T8486] BTRFS info (device loop0): trying to use backup root at mount time [ 120.106122][ T8486] BTRFS info (device loop0): disabling tree log [ 120.112453][ T8486] BTRFS info (device loop0): enabling auto defrag [ 120.118889][ T8486] BTRFS info (device loop0): using free space tree [ 120.134274][ T8486] BTRFS info (device loop0): enabling ssd optimizations [pid 8486] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8486] chdir("./file0") = 0 [pid 8486] ioctl(4, LOOP_CLR_FD) = 0 [pid 8486] close(4) = 0 [pid 8486] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8486] getpid() = 8486 [pid 8486] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8486] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8486] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8486] exit_group(0) = ? [pid 8486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8486, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 [ 120.141372][ T8486] BTRFS info (device loop0): auto enabling async discard umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8503 attached , child_tidptr=0x5555573f6650) = 8503 [pid 8503] set_robust_list(0x5555573f6660, 24) = 0 [pid 8503] chdir("./203") = 0 [pid 8503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8503] setpgid(0, 0) = 0 [pid 8503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8503] write(3, "1000", 4) = 4 [pid 8503] close(3) = 0 [pid 8503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8503] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8503] memfd_create("syzkaller", 0) = 3 [pid 8503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8503] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8503] close(3) = 0 [pid 8503] mkdir("./file0", 0777) = 0 [ 120.409522][ T8503] loop0: detected capacity change from 0 to 32768 [ 120.418842][ T8503] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8503) [ 120.434245][ T8503] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.443286][ T8503] BTRFS info (device loop0): setting nodatacow, compression disabled [ 120.451449][ T8503] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 120.462172][ T8503] BTRFS info (device loop0): trying to use backup root at mount time [ 120.470306][ T8503] BTRFS info (device loop0): disabling tree log [ 120.476602][ T8503] BTRFS info (device loop0): enabling auto defrag [ 120.483032][ T8503] BTRFS info (device loop0): using free space tree [ 120.498512][ T8503] BTRFS info (device loop0): enabling ssd optimizations [pid 8503] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8503] chdir("./file0") = 0 [pid 8503] ioctl(4, LOOP_CLR_FD) = 0 [pid 8503] close(4) = 0 [pid 8503] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8503] getpid() = 8503 [pid 8503] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8503] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8503] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8503] exit_group(0) = ? [pid 8503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8503, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 120.505450][ T8503] BTRFS info (device loop0): auto enabling async discard unlink("./203/binderfs") = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8520 ./strace-static-x86_64: Process 8520 attached [pid 8520] set_robust_list(0x5555573f6660, 24) = 0 [pid 8520] chdir("./204") = 0 [pid 8520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8520] setpgid(0, 0) = 0 [pid 8520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8520] write(3, "1000", 4) = 4 [pid 8520] close(3) = 0 [pid 8520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8520] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8520] memfd_create("syzkaller", 0) = 3 [pid 8520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8520] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8520] close(3) = 0 [pid 8520] mkdir("./file0", 0777) = 0 [ 120.779791][ T8520] loop0: detected capacity change from 0 to 32768 [ 120.789768][ T8520] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8520) [ 120.805109][ T8520] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.813893][ T8520] BTRFS info (device loop0): setting nodatacow, compression disabled [ 120.821994][ T8520] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 120.832635][ T8520] BTRFS info (device loop0): trying to use backup root at mount time [ 120.840746][ T8520] BTRFS info (device loop0): disabling tree log [ 120.847025][ T8520] BTRFS info (device loop0): enabling auto defrag [ 120.853441][ T8520] BTRFS info (device loop0): using free space tree [ 120.868875][ T8520] BTRFS info (device loop0): enabling ssd optimizations [pid 8520] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8520] chdir("./file0") = 0 [pid 8520] ioctl(4, LOOP_CLR_FD) = 0 [pid 8520] close(4) = 0 [pid 8520] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8520] getpid() = 8520 [pid 8520] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8520] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8520] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8520] exit_group(0) = ? [pid 8520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8520, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 [ 120.875859][ T8520] BTRFS info (device loop0): auto enabling async discard umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8537 attached , child_tidptr=0x5555573f6650) = 8537 [pid 8537] set_robust_list(0x5555573f6660, 24) = 0 [pid 8537] chdir("./205") = 0 [pid 8537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8537] setpgid(0, 0) = 0 [pid 8537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8537] write(3, "1000", 4) = 4 [pid 8537] close(3) = 0 [pid 8537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8537] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8537] memfd_create("syzkaller", 0) = 3 [pid 8537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8537] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8537] close(3) = 0 [pid 8537] mkdir("./file0", 0777) = 0 [ 121.155983][ T8537] loop0: detected capacity change from 0 to 32768 [ 121.174806][ T8537] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8537) [ 121.189763][ T8537] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.198570][ T8537] BTRFS info (device loop0): setting nodatacow, compression disabled [ 121.206702][ T8537] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 121.217424][ T8537] BTRFS info (device loop0): trying to use backup root at mount time [ 121.225512][ T8537] BTRFS info (device loop0): disabling tree log [ 121.231824][ T8537] BTRFS info (device loop0): enabling auto defrag [ 121.238292][ T8537] BTRFS info (device loop0): using free space tree [pid 8537] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8537] chdir("./file0") = 0 [pid 8537] ioctl(4, LOOP_CLR_FD) = 0 [pid 8537] close(4) = 0 [pid 8537] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8537] getpid() = 8537 [pid 8537] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8537] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8537] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8537] exit_group(0) = ? [pid 8537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8537, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 [ 121.253980][ T8537] BTRFS info (device loop0): enabling ssd optimizations [ 121.261055][ T8537] BTRFS info (device loop0): auto enabling async discard umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8554 ./strace-static-x86_64: Process 8554 attached [pid 8554] set_robust_list(0x5555573f6660, 24) = 0 [pid 8554] chdir("./206") = 0 [pid 8554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8554] setpgid(0, 0) = 0 [pid 8554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8554] write(3, "1000", 4) = 4 [pid 8554] close(3) = 0 [pid 8554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8554] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8554] memfd_create("syzkaller", 0) = 3 [pid 8554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8554] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8554] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8554] close(3) = 0 [pid 8554] mkdir("./file0", 0777) = 0 [ 121.529665][ T8554] loop0: detected capacity change from 0 to 32768 [ 121.538534][ T8554] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8554) [ 121.553463][ T8554] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.562279][ T8554] BTRFS info (device loop0): setting nodatacow, compression disabled [ 121.570427][ T8554] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 121.581110][ T8554] BTRFS info (device loop0): trying to use backup root at mount time [ 121.589254][ T8554] BTRFS info (device loop0): disabling tree log [ 121.595521][ T8554] BTRFS info (device loop0): enabling auto defrag [ 121.602012][ T8554] BTRFS info (device loop0): using free space tree [ 121.617569][ T8554] BTRFS info (device loop0): enabling ssd optimizations [pid 8554] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8554] chdir("./file0") = 0 [pid 8554] ioctl(4, LOOP_CLR_FD) = 0 [pid 8554] close(4) = 0 [pid 8554] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8554] getpid() = 8554 [pid 8554] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8554] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8554] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8554] exit_group(0) = ? [pid 8554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8554, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 [ 121.624593][ T8554] BTRFS info (device loop0): auto enabling async discard umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8571 ./strace-static-x86_64: Process 8571 attached [pid 8571] set_robust_list(0x5555573f6660, 24) = 0 [pid 8571] chdir("./207") = 0 [pid 8571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8571] setpgid(0, 0) = 0 [pid 8571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8571] write(3, "1000", 4) = 4 [pid 8571] close(3) = 0 [pid 8571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8571] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8571] memfd_create("syzkaller", 0) = 3 [pid 8571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8571] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8571] close(3) = 0 [pid 8571] mkdir("./file0", 0777) = 0 [ 121.895680][ T8571] loop0: detected capacity change from 0 to 32768 [ 121.904779][ T8571] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8571) [ 121.919760][ T8571] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.928568][ T8571] BTRFS info (device loop0): setting nodatacow, compression disabled [ 121.936703][ T8571] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 121.947360][ T8571] BTRFS info (device loop0): trying to use backup root at mount time [ 121.955445][ T8571] BTRFS info (device loop0): disabling tree log [ 121.961726][ T8571] BTRFS info (device loop0): enabling auto defrag [ 121.968217][ T8571] BTRFS info (device loop0): using free space tree [ 121.984448][ T8571] BTRFS info (device loop0): enabling ssd optimizations [pid 8571] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8571] chdir("./file0") = 0 [pid 8571] ioctl(4, LOOP_CLR_FD) = 0 [pid 8571] close(4) = 0 [pid 8571] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8571] getpid() = 8571 [pid 8571] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8571] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8571] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8571] exit_group(0) = ? [pid 8571] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8571, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 [ 121.991506][ T8571] BTRFS info (device loop0): auto enabling async discard umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8588 ./strace-static-x86_64: Process 8588 attached [pid 8588] set_robust_list(0x5555573f6660, 24) = 0 [pid 8588] chdir("./208") = 0 [pid 8588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8588] setpgid(0, 0) = 0 [pid 8588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8588] write(3, "1000", 4) = 4 [pid 8588] close(3) = 0 [pid 8588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8588] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8588] memfd_create("syzkaller", 0) = 3 [pid 8588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8588] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8588] close(3) = 0 [pid 8588] mkdir("./file0", 0777) = 0 [ 122.248769][ T8588] loop0: detected capacity change from 0 to 32768 [ 122.258085][ T8588] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8588) [ 122.272753][ T8588] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.281542][ T8588] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 8588] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8588] chdir("./file0") = 0 [pid 8588] ioctl(4, LOOP_CLR_FD) = 0 [pid 8588] close(4) = 0 [pid 8588] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8588] getpid() = 8588 [pid 8588] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8588] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8588] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8588] exit_group(0) = ? [pid 8588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8588, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 122.290310][ T8588] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 122.300993][ T8588] BTRFS info (device loop0): trying to use backup root at mount time [ 122.309158][ T8588] BTRFS info (device loop0): disabling tree log getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8605 ./strace-static-x86_64: Process 8605 attached [pid 8605] set_robust_list(0x5555573f6660, 24) = 0 [pid 8605] chdir("./209") = 0 [pid 8605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8605] setpgid(0, 0) = 0 [pid 8605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8605] write(3, "1000", 4) = 4 [pid 8605] close(3) = 0 [pid 8605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8605] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8605] memfd_create("syzkaller", 0) = 3 [pid 8605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8605] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8605] close(3) = 0 [pid 8605] mkdir("./file0", 0777) = 0 [pid 8605] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8605] chdir("./file0") = 0 [pid 8605] ioctl(4, LOOP_CLR_FD) = 0 [pid 8605] close(4) = 0 [pid 8605] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8605] getpid() = 8605 [pid 8605] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8605] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8605] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8605] exit_group(0) = ? [pid 8605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8605, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 [ 122.584663][ T8605] loop0: detected capacity change from 0 to 32768 [ 122.593482][ T8605] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8605) [ 122.608583][ T8605] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8622 ./strace-static-x86_64: Process 8622 attached [pid 8622] set_robust_list(0x5555573f6660, 24) = 0 [pid 8622] chdir("./210") = 0 [pid 8622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8622] setpgid(0, 0) = 0 [pid 8622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8622] write(3, "1000", 4) = 4 [pid 8622] close(3) = 0 [pid 8622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8622] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8622] memfd_create("syzkaller", 0) = 3 [pid 8622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8622] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8622] close(3) = 0 [pid 8622] mkdir("./file0", 0777) = 0 [ 122.885913][ T8622] loop0: detected capacity change from 0 to 32768 [ 122.897885][ T8622] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8622) [ 122.912877][ T8622] _btrfs_printk: 12 callbacks suppressed [ 122.912890][ T8622] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.927348][ T8622] BTRFS info (device loop0): setting nodatacow, compression disabled [ 122.935409][ T8622] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 122.946069][ T8622] BTRFS info (device loop0): trying to use backup root at mount time [ 122.954192][ T8622] BTRFS info (device loop0): disabling tree log [ 122.960491][ T8622] BTRFS info (device loop0): enabling auto defrag [ 122.966974][ T8622] BTRFS info (device loop0): using free space tree [pid 8622] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8622] chdir("./file0") = 0 [pid 8622] ioctl(4, LOOP_CLR_FD) = 0 [pid 8622] close(4) = 0 [pid 8622] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8622] getpid() = 8622 [pid 8622] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8622] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8622] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8622] exit_group(0) = ? [pid 8622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8622, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 [ 122.982789][ T8622] BTRFS info (device loop0): enabling ssd optimizations [ 122.989819][ T8622] BTRFS info (device loop0): auto enabling async discard umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8639 ./strace-static-x86_64: Process 8639 attached [pid 8639] set_robust_list(0x5555573f6660, 24) = 0 [pid 8639] chdir("./211") = 0 [pid 8639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8639] setpgid(0, 0) = 0 [pid 8639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8639] write(3, "1000", 4) = 4 [pid 8639] close(3) = 0 [pid 8639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8639] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8639] memfd_create("syzkaller", 0) = 3 [pid 8639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8639] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8639] close(3) = 0 [pid 8639] mkdir("./file0", 0777) = 0 [ 123.260894][ T8639] loop0: detected capacity change from 0 to 32768 [ 123.270329][ T8639] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8639) [ 123.284906][ T8639] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.293701][ T8639] BTRFS info (device loop0): setting nodatacow, compression disabled [ 123.301889][ T8639] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 123.312515][ T8639] BTRFS info (device loop0): trying to use backup root at mount time [ 123.320646][ T8639] BTRFS info (device loop0): disabling tree log [ 123.326955][ T8639] BTRFS info (device loop0): enabling auto defrag [ 123.333424][ T8639] BTRFS info (device loop0): using free space tree [ 123.349351][ T8639] BTRFS info (device loop0): enabling ssd optimizations [pid 8639] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8639] chdir("./file0") = 0 [pid 8639] ioctl(4, LOOP_CLR_FD) = 0 [pid 8639] close(4) = 0 [pid 8639] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8639] getpid() = 8639 [pid 8639] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8639] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8639] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8639] exit_group(0) = ? [pid 8639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8639, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 [ 123.356463][ T8639] BTRFS info (device loop0): auto enabling async discard umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8656 ./strace-static-x86_64: Process 8656 attached [pid 8656] set_robust_list(0x5555573f6660, 24) = 0 [pid 8656] chdir("./212") = 0 [pid 8656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8656] setpgid(0, 0) = 0 [pid 8656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8656] write(3, "1000", 4) = 4 [pid 8656] close(3) = 0 [pid 8656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8656] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8656] memfd_create("syzkaller", 0) = 3 [pid 8656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8656] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8656] close(3) = 0 [pid 8656] mkdir("./file0", 0777) = 0 [ 123.626495][ T8656] loop0: detected capacity change from 0 to 32768 [ 123.645617][ T8656] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8656) [ 123.660396][ T8656] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.669138][ T8656] BTRFS info (device loop0): setting nodatacow, compression disabled [ 123.677283][ T8656] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 123.687918][ T8656] BTRFS info (device loop0): trying to use backup root at mount time [ 123.696012][ T8656] BTRFS info (device loop0): disabling tree log [ 123.702329][ T8656] BTRFS info (device loop0): enabling auto defrag [ 123.708762][ T8656] BTRFS info (device loop0): using free space tree [pid 8656] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8656] chdir("./file0") = 0 [pid 8656] ioctl(4, LOOP_CLR_FD) = 0 [pid 8656] close(4) = 0 [pid 8656] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8656] getpid() = 8656 [pid 8656] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8656] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8656] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8656] exit_group(0) = ? [pid 8656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8656, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 [ 123.724791][ T8656] BTRFS info (device loop0): enabling ssd optimizations [ 123.732064][ T8656] BTRFS info (device loop0): auto enabling async discard umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8673 attached , child_tidptr=0x5555573f6650) = 8673 [pid 8673] set_robust_list(0x5555573f6660, 24) = 0 [pid 8673] chdir("./213") = 0 [pid 8673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8673] setpgid(0, 0) = 0 [pid 8673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8673] write(3, "1000", 4) = 4 [pid 8673] close(3) = 0 [pid 8673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8673] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8673] memfd_create("syzkaller", 0) = 3 [pid 8673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8673] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8673] close(3) = 0 [pid 8673] mkdir("./file0", 0777) = 0 [ 124.002074][ T8673] loop0: detected capacity change from 0 to 32768 [ 124.011900][ T8673] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8673) [ 124.026933][ T8673] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.035680][ T8673] BTRFS info (device loop0): setting nodatacow, compression disabled [ 124.044083][ T8673] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 124.054728][ T8673] BTRFS info (device loop0): trying to use backup root at mount time [ 124.062900][ T8673] BTRFS info (device loop0): disabling tree log [ 124.069168][ T8673] BTRFS info (device loop0): enabling auto defrag [ 124.075587][ T8673] BTRFS info (device loop0): using free space tree [ 124.091096][ T8673] BTRFS info (device loop0): enabling ssd optimizations [pid 8673] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8673] chdir("./file0") = 0 [pid 8673] ioctl(4, LOOP_CLR_FD) = 0 [pid 8673] close(4) = 0 [pid 8673] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8673] getpid() = 8673 [pid 8673] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8673] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8673] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8673] exit_group(0) = ? [pid 8673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8673, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 [ 124.098110][ T8673] BTRFS info (device loop0): auto enabling async discard umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8690 ./strace-static-x86_64: Process 8690 attached [pid 8690] set_robust_list(0x5555573f6660, 24) = 0 [pid 8690] chdir("./214") = 0 [pid 8690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8690] setpgid(0, 0) = 0 [pid 8690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8690] write(3, "1000", 4) = 4 [pid 8690] close(3) = 0 [pid 8690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8690] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8690] memfd_create("syzkaller", 0) = 3 [pid 8690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8690] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8690] close(3) = 0 [pid 8690] mkdir("./file0", 0777) = 0 [ 124.361572][ T8690] loop0: detected capacity change from 0 to 32768 [ 124.371421][ T8690] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8690) [ 124.387021][ T8690] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.395726][ T8690] BTRFS info (device loop0): setting nodatacow, compression disabled [ 124.403919][ T8690] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 124.414568][ T8690] BTRFS info (device loop0): trying to use backup root at mount time [ 124.422696][ T8690] BTRFS info (device loop0): disabling tree log [ 124.429028][ T8690] BTRFS info (device loop0): enabling auto defrag [ 124.435474][ T8690] BTRFS info (device loop0): using free space tree [ 124.450989][ T8690] BTRFS info (device loop0): enabling ssd optimizations [pid 8690] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8690] chdir("./file0") = 0 [pid 8690] ioctl(4, LOOP_CLR_FD) = 0 [pid 8690] close(4) = 0 [pid 8690] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8690] getpid() = 8690 [pid 8690] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8690] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8690] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8690] exit_group(0) = ? [pid 8690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8690, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 [ 124.457996][ T8690] BTRFS info (device loop0): auto enabling async discard umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8707 ./strace-static-x86_64: Process 8707 attached [pid 8707] set_robust_list(0x5555573f6660, 24) = 0 [pid 8707] chdir("./215") = 0 [pid 8707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8707] setpgid(0, 0) = 0 [pid 8707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8707] write(3, "1000", 4) = 4 [pid 8707] close(3) = 0 [pid 8707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8707] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8707] memfd_create("syzkaller", 0) = 3 [pid 8707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8707] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8707] close(3) = 0 [pid 8707] mkdir("./file0", 0777) = 0 [ 124.737558][ T8707] loop0: detected capacity change from 0 to 32768 [ 124.747690][ T8707] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8707) [ 124.763136][ T8707] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.772000][ T8707] BTRFS info (device loop0): setting nodatacow, compression disabled [ 124.780122][ T8707] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 124.790770][ T8707] BTRFS info (device loop0): trying to use backup root at mount time [ 124.798930][ T8707] BTRFS info (device loop0): disabling tree log [ 124.805203][ T8707] BTRFS info (device loop0): enabling auto defrag [ 124.811673][ T8707] BTRFS info (device loop0): using free space tree [ 124.827850][ T8707] BTRFS info (device loop0): enabling ssd optimizations [pid 8707] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8707] chdir("./file0") = 0 [pid 8707] ioctl(4, LOOP_CLR_FD) = 0 [pid 8707] close(4) = 0 [pid 8707] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8707] getpid() = 8707 [pid 8707] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8707] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [ 124.834884][ T8707] BTRFS info (device loop0): auto enabling async discard [pid 8707] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8707] exit_group(0) = ? [pid 8707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8707, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8724 ./strace-static-x86_64: Process 8724 attached [pid 8724] set_robust_list(0x5555573f6660, 24) = 0 [pid 8724] chdir("./216") = 0 [pid 8724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8724] setpgid(0, 0) = 0 [pid 8724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8724] write(3, "1000", 4) = 4 [pid 8724] close(3) = 0 [pid 8724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8724] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8724] memfd_create("syzkaller", 0) = 3 [pid 8724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8724] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8724] close(3) = 0 [pid 8724] mkdir("./file0", 0777) = 0 [ 125.105317][ T8724] loop0: detected capacity change from 0 to 32768 [ 125.114529][ T8724] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8724) [ 125.129023][ T8724] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.137818][ T8724] BTRFS info (device loop0): setting nodatacow, compression disabled [ 125.145898][ T8724] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 125.156573][ T8724] BTRFS info (device loop0): trying to use backup root at mount time [ 125.164667][ T8724] BTRFS info (device loop0): disabling tree log [ 125.170995][ T8724] BTRFS info (device loop0): enabling auto defrag [ 125.177515][ T8724] BTRFS info (device loop0): using free space tree [ 125.193367][ T8724] BTRFS info (device loop0): enabling ssd optimizations [pid 8724] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8724] chdir("./file0") = 0 [pid 8724] ioctl(4, LOOP_CLR_FD) = 0 [pid 8724] close(4) = 0 [pid 8724] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8724] getpid() = 8724 [pid 8724] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8724] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8724] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8724] exit_group(0) = ? [pid 8724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8724, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 [ 125.200379][ T8724] BTRFS info (device loop0): auto enabling async discard umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8741 ./strace-static-x86_64: Process 8741 attached [pid 8741] set_robust_list(0x5555573f6660, 24) = 0 [pid 8741] chdir("./217") = 0 [pid 8741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8741] setpgid(0, 0) = 0 [pid 8741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8741] write(3, "1000", 4) = 4 [pid 8741] close(3) = 0 [pid 8741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8741] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8741] memfd_create("syzkaller", 0) = 3 [pid 8741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8741] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8741] close(3) = 0 [pid 8741] mkdir("./file0", 0777) = 0 [ 125.475215][ T8741] loop0: detected capacity change from 0 to 32768 [ 125.485501][ T8741] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8741) [ 125.501142][ T8741] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.509988][ T8741] BTRFS info (device loop0): setting nodatacow, compression disabled [ 125.518152][ T8741] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 125.528804][ T8741] BTRFS info (device loop0): trying to use backup root at mount time [ 125.536937][ T8741] BTRFS info (device loop0): disabling tree log [ 125.543212][ T8741] BTRFS info (device loop0): enabling auto defrag [ 125.549685][ T8741] BTRFS info (device loop0): using free space tree [ 125.565427][ T8741] BTRFS info (device loop0): enabling ssd optimizations [pid 8741] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8741] chdir("./file0") = 0 [pid 8741] ioctl(4, LOOP_CLR_FD) = 0 [pid 8741] close(4) = 0 [pid 8741] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8741] getpid() = 8741 [pid 8741] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8741] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8741] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8741] exit_group(0) = ? [pid 8741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8741, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 [ 125.572506][ T8741] BTRFS info (device loop0): auto enabling async discard umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8758 attached , child_tidptr=0x5555573f6650) = 8758 [pid 8758] set_robust_list(0x5555573f6660, 24) = 0 [pid 8758] chdir("./218") = 0 [pid 8758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8758] setpgid(0, 0) = 0 [pid 8758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8758] write(3, "1000", 4) = 4 [pid 8758] close(3) = 0 [pid 8758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8758] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8758] memfd_create("syzkaller", 0) = 3 [pid 8758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8758] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8758] close(3) = 0 [pid 8758] mkdir("./file0", 0777) = 0 [ 125.844942][ T8758] loop0: detected capacity change from 0 to 32768 [ 125.855109][ T8758] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8758) [ 125.870419][ T8758] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.879156][ T8758] BTRFS info (device loop0): setting nodatacow, compression disabled [ 125.887293][ T8758] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 125.897924][ T8758] BTRFS info (device loop0): trying to use backup root at mount time [ 125.906018][ T8758] BTRFS info (device loop0): disabling tree log [ 125.912356][ T8758] BTRFS info (device loop0): enabling auto defrag [ 125.918799][ T8758] BTRFS info (device loop0): using free space tree [ 125.934304][ T8758] BTRFS info (device loop0): enabling ssd optimizations [pid 8758] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8758] chdir("./file0") = 0 [pid 8758] ioctl(4, LOOP_CLR_FD) = 0 [pid 8758] close(4) = 0 [pid 8758] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8758] getpid() = 8758 [pid 8758] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8758] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8758] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8758] exit_group(0) = ? [pid 8758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8758, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 [ 125.941366][ T8758] BTRFS info (device loop0): auto enabling async discard umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8775 ./strace-static-x86_64: Process 8775 attached [pid 8775] set_robust_list(0x5555573f6660, 24) = 0 [pid 8775] chdir("./219") = 0 [pid 8775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8775] setpgid(0, 0) = 0 [pid 8775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8775] write(3, "1000", 4) = 4 [pid 8775] close(3) = 0 [pid 8775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8775] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8775] memfd_create("syzkaller", 0) = 3 [pid 8775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8775] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8775] close(3) = 0 [pid 8775] mkdir("./file0", 0777) = 0 [ 126.219370][ T8775] loop0: detected capacity change from 0 to 32768 [ 126.228648][ T8775] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8775) [ 126.244028][ T8775] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 126.252846][ T8775] BTRFS info (device loop0): setting nodatacow, compression disabled [ 126.261003][ T8775] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 126.271660][ T8775] BTRFS info (device loop0): trying to use backup root at mount time [ 126.279807][ T8775] BTRFS info (device loop0): disabling tree log [ 126.286058][ T8775] BTRFS info (device loop0): enabling auto defrag [ 126.292618][ T8775] BTRFS info (device loop0): using free space tree [ 126.308137][ T8775] BTRFS info (device loop0): enabling ssd optimizations [pid 8775] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8775] chdir("./file0") = 0 [pid 8775] ioctl(4, LOOP_CLR_FD) = 0 [pid 8775] close(4) = 0 [pid 8775] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8775] getpid() = 8775 [pid 8775] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8775] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8775] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8775] exit_group(0) = ? [pid 8775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8775, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 [ 126.315148][ T8775] BTRFS info (device loop0): auto enabling async discard umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8792 ./strace-static-x86_64: Process 8792 attached [pid 8792] set_robust_list(0x5555573f6660, 24) = 0 [pid 8792] chdir("./220") = 0 [pid 8792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8792] setpgid(0, 0) = 0 [pid 8792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8792] write(3, "1000", 4) = 4 [pid 8792] close(3) = 0 [pid 8792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8792] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8792] memfd_create("syzkaller", 0) = 3 [pid 8792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8792] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8792] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8792] close(3) = 0 [pid 8792] mkdir("./file0", 0777) = 0 [ 126.597707][ T8792] loop0: detected capacity change from 0 to 32768 [ 126.606800][ T8792] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8792) [ 126.621764][ T8792] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 126.630643][ T8792] BTRFS info (device loop0): setting nodatacow, compression disabled [ 126.638796][ T8792] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 126.649528][ T8792] BTRFS info (device loop0): trying to use backup root at mount time [ 126.657665][ T8792] BTRFS info (device loop0): disabling tree log [ 126.663917][ T8792] BTRFS info (device loop0): enabling auto defrag [ 126.670389][ T8792] BTRFS info (device loop0): using free space tree [ 126.686069][ T8792] BTRFS info (device loop0): enabling ssd optimizations [pid 8792] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8792] chdir("./file0") = 0 [pid 8792] ioctl(4, LOOP_CLR_FD) = 0 [pid 8792] close(4) = 0 [pid 8792] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8792] getpid() = 8792 [pid 8792] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8792] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8792] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8792] exit_group(0) = ? [pid 8792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8792, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 [ 126.693376][ T8792] BTRFS info (device loop0): auto enabling async discard umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8809 ./strace-static-x86_64: Process 8809 attached [pid 8809] set_robust_list(0x5555573f6660, 24) = 0 [pid 8809] chdir("./221") = 0 [pid 8809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8809] setpgid(0, 0) = 0 [pid 8809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8809] write(3, "1000", 4) = 4 [pid 8809] close(3) = 0 [pid 8809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8809] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8809] memfd_create("syzkaller", 0) = 3 [pid 8809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8809] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8809] close(3) = 0 [pid 8809] mkdir("./file0", 0777) = 0 [ 126.967486][ T8809] loop0: detected capacity change from 0 to 32768 [ 126.976125][ T8809] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8809) [ 126.991001][ T8809] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 126.999838][ T8809] BTRFS info (device loop0): setting nodatacow, compression disabled [ 127.008027][ T8809] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 127.018794][ T8809] BTRFS info (device loop0): trying to use backup root at mount time [ 127.026937][ T8809] BTRFS info (device loop0): disabling tree log [ 127.033215][ T8809] BTRFS info (device loop0): enabling auto defrag [ 127.039697][ T8809] BTRFS info (device loop0): using free space tree [ 127.055136][ T8809] BTRFS info (device loop0): enabling ssd optimizations [pid 8809] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8809] chdir("./file0") = 0 [pid 8809] ioctl(4, LOOP_CLR_FD) = 0 [pid 8809] close(4) = 0 [pid 8809] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8809] getpid() = 8809 [pid 8809] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8809] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8809] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8809] exit_group(0) = ? [pid 8809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8809, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 [ 127.062193][ T8809] BTRFS info (device loop0): auto enabling async discard umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8826 ./strace-static-x86_64: Process 8826 attached [pid 8826] set_robust_list(0x5555573f6660, 24) = 0 [pid 8826] chdir("./222") = 0 [pid 8826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8826] setpgid(0, 0) = 0 [pid 8826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8826] write(3, "1000", 4) = 4 [pid 8826] close(3) = 0 [pid 8826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8826] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8826] memfd_create("syzkaller", 0) = 3 [pid 8826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8826] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8826] close(3) = 0 [pid 8826] mkdir("./file0", 0777) = 0 [ 127.346503][ T8826] loop0: detected capacity change from 0 to 32768 [ 127.355260][ T8826] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8826) [ 127.370108][ T8826] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 127.378930][ T8826] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 8826] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8826] chdir("./file0") = 0 [pid 8826] ioctl(4, LOOP_CLR_FD) = 0 [pid 8826] close(4) = 0 [pid 8826] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8826] getpid() = 8826 [pid 8826] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8826] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8826] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8826] exit_group(0) = ? [pid 8826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8826, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 [ 127.387104][ T8826] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 127.397757][ T8826] BTRFS info (device loop0): trying to use backup root at mount time [ 127.405859][ T8826] BTRFS info (device loop0): disabling tree log umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8843 ./strace-static-x86_64: Process 8843 attached [pid 8843] set_robust_list(0x5555573f6660, 24) = 0 [pid 8843] chdir("./223") = 0 [pid 8843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8843] setpgid(0, 0) = 0 [pid 8843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8843] write(3, "1000", 4) = 4 [pid 8843] close(3) = 0 [pid 8843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8843] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8843] memfd_create("syzkaller", 0) = 3 [pid 8843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8843] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8843] close(3) = 0 [pid 8843] mkdir("./file0", 0777) = 0 [pid 8843] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8843] chdir("./file0") = 0 [pid 8843] ioctl(4, LOOP_CLR_FD) = 0 [pid 8843] close(4) = 0 [pid 8843] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8843] getpid() = 8843 [pid 8843] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8843] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8843] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8843] exit_group(0) = ? [ 127.680053][ T8843] loop0: detected capacity change from 0 to 32768 [ 127.690085][ T8843] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8843) [ 127.705160][ T8843] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 8843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8843, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8860 ./strace-static-x86_64: Process 8860 attached [pid 8860] set_robust_list(0x5555573f6660, 24) = 0 [pid 8860] chdir("./224") = 0 [pid 8860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8860] setpgid(0, 0) = 0 [pid 8860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8860] write(3, "1000", 4) = 4 [pid 8860] close(3) = 0 [pid 8860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8860] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8860] memfd_create("syzkaller", 0) = 3 [pid 8860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8860] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8860] close(3) = 0 [pid 8860] mkdir("./file0", 0777) = 0 [ 127.993213][ T8860] loop0: detected capacity change from 0 to 32768 [ 128.002975][ T8860] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8860) [ 128.018300][ T8860] _btrfs_printk: 12 callbacks suppressed [ 128.018315][ T8860] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 128.032770][ T8860] BTRFS info (device loop0): setting nodatacow, compression disabled [ 128.040870][ T8860] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 128.051595][ T8860] BTRFS info (device loop0): trying to use backup root at mount time [ 128.059716][ T8860] BTRFS info (device loop0): disabling tree log [ 128.065966][ T8860] BTRFS info (device loop0): enabling auto defrag [ 128.072455][ T8860] BTRFS info (device loop0): using free space tree [pid 8860] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8860] chdir("./file0") = 0 [pid 8860] ioctl(4, LOOP_CLR_FD) = 0 [pid 8860] close(4) = 0 [pid 8860] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8860] getpid() = 8860 [pid 8860] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8860] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8860] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8860] exit_group(0) = ? [pid 8860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8860, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 [ 128.088065][ T8860] BTRFS info (device loop0): enabling ssd optimizations [ 128.095020][ T8860] BTRFS info (device loop0): auto enabling async discard umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8877 attached , child_tidptr=0x5555573f6650) = 8877 [pid 8877] set_robust_list(0x5555573f6660, 24) = 0 [pid 8877] chdir("./225") = 0 [pid 8877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8877] setpgid(0, 0) = 0 [pid 8877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8877] write(3, "1000", 4) = 4 [pid 8877] close(3) = 0 [pid 8877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8877] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8877] memfd_create("syzkaller", 0) = 3 [pid 8877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8877] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8877] close(3) = 0 [pid 8877] mkdir("./file0", 0777) = 0 [ 128.369965][ T8877] loop0: detected capacity change from 0 to 32768 [ 128.379125][ T8877] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8877) [ 128.394073][ T8877] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 128.402892][ T8877] BTRFS info (device loop0): setting nodatacow, compression disabled [ 128.411069][ T8877] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 128.421737][ T8877] BTRFS info (device loop0): trying to use backup root at mount time [ 128.429872][ T8877] BTRFS info (device loop0): disabling tree log [ 128.436179][ T8877] BTRFS info (device loop0): enabling auto defrag [ 128.442646][ T8877] BTRFS info (device loop0): using free space tree [ 128.458412][ T8877] BTRFS info (device loop0): enabling ssd optimizations [pid 8877] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8877] chdir("./file0") = 0 [pid 8877] ioctl(4, LOOP_CLR_FD) = 0 [pid 8877] close(4) = 0 [pid 8877] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8877] getpid() = 8877 [pid 8877] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8877] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8877] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8877] exit_group(0) = ? [pid 8877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8877, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 [ 128.465370][ T8877] BTRFS info (device loop0): auto enabling async discard umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8894 ./strace-static-x86_64: Process 8894 attached [pid 8894] set_robust_list(0x5555573f6660, 24) = 0 [pid 8894] chdir("./226") = 0 [pid 8894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8894] setpgid(0, 0) = 0 [pid 8894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8894] write(3, "1000", 4) = 4 [pid 8894] close(3) = 0 [pid 8894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8894] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8894] memfd_create("syzkaller", 0) = 3 [pid 8894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8894] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8894] close(3) = 0 [pid 8894] mkdir("./file0", 0777) = 0 [ 128.736793][ T8894] loop0: detected capacity change from 0 to 32768 [ 128.746602][ T8894] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8894) [ 128.761481][ T8894] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 128.770373][ T8894] BTRFS info (device loop0): setting nodatacow, compression disabled [ 128.778505][ T8894] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 128.789141][ T8894] BTRFS info (device loop0): trying to use backup root at mount time [ 128.797268][ T8894] BTRFS info (device loop0): disabling tree log [ 128.803564][ T8894] BTRFS info (device loop0): enabling auto defrag [ 128.810073][ T8894] BTRFS info (device loop0): using free space tree [ 128.825884][ T8894] BTRFS info (device loop0): enabling ssd optimizations [pid 8894] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8894] chdir("./file0") = 0 [pid 8894] ioctl(4, LOOP_CLR_FD) = 0 [pid 8894] close(4) = 0 [pid 8894] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8894] getpid() = 8894 [pid 8894] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8894] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8894] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8894] exit_group(0) = ? [pid 8894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8894, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 [ 128.832936][ T8894] BTRFS info (device loop0): auto enabling async discard umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8911 ./strace-static-x86_64: Process 8911 attached [pid 8911] set_robust_list(0x5555573f6660, 24) = 0 [pid 8911] chdir("./227") = 0 [pid 8911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8911] setpgid(0, 0) = 0 [pid 8911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8911] write(3, "1000", 4) = 4 [pid 8911] close(3) = 0 [pid 8911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8911] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8911] memfd_create("syzkaller", 0) = 3 [pid 8911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8911] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8911] close(3) = 0 [pid 8911] mkdir("./file0", 0777) = 0 [ 129.118490][ T8911] loop0: detected capacity change from 0 to 32768 [ 129.128980][ T8911] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8911) [ 129.144210][ T8911] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 129.153058][ T8911] BTRFS info (device loop0): setting nodatacow, compression disabled [ 129.161157][ T8911] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 129.172009][ T8911] BTRFS info (device loop0): trying to use backup root at mount time [ 129.180132][ T8911] BTRFS info (device loop0): disabling tree log [ 129.186448][ T8911] BTRFS info (device loop0): enabling auto defrag [ 129.192875][ T8911] BTRFS info (device loop0): using free space tree [ 129.208625][ T8911] BTRFS info (device loop0): enabling ssd optimizations [pid 8911] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8911] chdir("./file0") = 0 [pid 8911] ioctl(4, LOOP_CLR_FD) = 0 [pid 8911] close(4) = 0 [pid 8911] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8911] getpid() = 8911 [pid 8911] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8911] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8911] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8911] exit_group(0) = ? [pid 8911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8911, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 129.215663][ T8911] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8928 ./strace-static-x86_64: Process 8928 attached [pid 8928] set_robust_list(0x5555573f6660, 24) = 0 [pid 8928] chdir("./228") = 0 [pid 8928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8928] setpgid(0, 0) = 0 [pid 8928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8928] write(3, "1000", 4) = 4 [pid 8928] close(3) = 0 [pid 8928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8928] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8928] memfd_create("syzkaller", 0) = 3 [pid 8928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8928] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8928] close(3) = 0 [pid 8928] mkdir("./file0", 0777) = 0 [ 129.495803][ T8928] loop0: detected capacity change from 0 to 32768 [ 129.505252][ T8928] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8928) [ 129.520230][ T8928] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 129.529093][ T8928] BTRFS info (device loop0): setting nodatacow, compression disabled [ 129.537296][ T8928] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 129.547950][ T8928] BTRFS info (device loop0): trying to use backup root at mount time [ 129.556013][ T8928] BTRFS info (device loop0): disabling tree log [ 129.562311][ T8928] BTRFS info (device loop0): enabling auto defrag [ 129.568765][ T8928] BTRFS info (device loop0): using free space tree [ 129.584715][ T8928] BTRFS info (device loop0): enabling ssd optimizations [pid 8928] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8928] chdir("./file0") = 0 [pid 8928] ioctl(4, LOOP_CLR_FD) = 0 [pid 8928] close(4) = 0 [pid 8928] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8928] getpid() = 8928 [pid 8928] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8928] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8928] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8928] exit_group(0) = ? [pid 8928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8928, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 [ 129.591835][ T8928] BTRFS info (device loop0): auto enabling async discard umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8945 ./strace-static-x86_64: Process 8945 attached [pid 8945] set_robust_list(0x5555573f6660, 24) = 0 [pid 8945] chdir("./229") = 0 [pid 8945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8945] setpgid(0, 0) = 0 [pid 8945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8945] write(3, "1000", 4) = 4 [pid 8945] close(3) = 0 [pid 8945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8945] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8945] memfd_create("syzkaller", 0) = 3 [pid 8945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8945] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8945] close(3) = 0 [pid 8945] mkdir("./file0", 0777) = 0 [ 129.868502][ T8945] loop0: detected capacity change from 0 to 32768 [ 129.878651][ T8945] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8945) [ 129.893893][ T8945] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 129.902707][ T8945] BTRFS info (device loop0): setting nodatacow, compression disabled [ 129.910896][ T8945] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 129.921538][ T8945] BTRFS info (device loop0): trying to use backup root at mount time [ 129.929651][ T8945] BTRFS info (device loop0): disabling tree log [ 129.935893][ T8945] BTRFS info (device loop0): enabling auto defrag [ 129.942378][ T8945] BTRFS info (device loop0): using free space tree [ 129.957903][ T8945] BTRFS info (device loop0): enabling ssd optimizations [pid 8945] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8945] chdir("./file0") = 0 [pid 8945] ioctl(4, LOOP_CLR_FD) = 0 [pid 8945] close(4) = 0 [pid 8945] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8945] getpid() = 8945 [pid 8945] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8945] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8945] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8945] exit_group(0) = ? [pid 8945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8945, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 129.965008][ T8945] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8962 ./strace-static-x86_64: Process 8962 attached [pid 8962] set_robust_list(0x5555573f6660, 24) = 0 [pid 8962] chdir("./230") = 0 [pid 8962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8962] setpgid(0, 0) = 0 [pid 8962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8962] write(3, "1000", 4) = 4 [pid 8962] close(3) = 0 [pid 8962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8962] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8962] memfd_create("syzkaller", 0) = 3 [pid 8962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8962] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8962] close(3) = 0 [pid 8962] mkdir("./file0", 0777) = 0 [ 130.260802][ T8962] loop0: detected capacity change from 0 to 32768 [ 130.270803][ T8962] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8962) [ 130.285838][ T8962] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 130.294812][ T8962] BTRFS info (device loop0): setting nodatacow, compression disabled [ 130.302955][ T8962] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 130.313636][ T8962] BTRFS info (device loop0): trying to use backup root at mount time [ 130.321769][ T8962] BTRFS info (device loop0): disabling tree log [ 130.328132][ T8962] BTRFS info (device loop0): enabling auto defrag [ 130.334539][ T8962] BTRFS info (device loop0): using free space tree [ 130.350101][ T8962] BTRFS info (device loop0): enabling ssd optimizations [pid 8962] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8962] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8962] chdir("./file0") = 0 [pid 8962] ioctl(4, LOOP_CLR_FD) = 0 [pid 8962] close(4) = 0 [pid 8962] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8962] getpid() = 8962 [pid 8962] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8962] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8962] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8962] exit_group(0) = ? [pid 8962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8962, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.357180][ T8962] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8979 ./strace-static-x86_64: Process 8979 attached [pid 8979] set_robust_list(0x5555573f6660, 24) = 0 [pid 8979] chdir("./231") = 0 [pid 8979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8979] setpgid(0, 0) = 0 [pid 8979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8979] write(3, "1000", 4) = 4 [pid 8979] close(3) = 0 [pid 8979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8979] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8979] memfd_create("syzkaller", 0) = 3 [pid 8979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8979] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8979] close(3) = 0 [pid 8979] mkdir("./file0", 0777) = 0 [ 130.637930][ T8979] loop0: detected capacity change from 0 to 32768 [ 130.647429][ T8979] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8979) [ 130.662588][ T8979] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 130.671456][ T8979] BTRFS info (device loop0): setting nodatacow, compression disabled [ 130.679545][ T8979] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 130.690200][ T8979] BTRFS info (device loop0): trying to use backup root at mount time [ 130.698334][ T8979] BTRFS info (device loop0): disabling tree log [ 130.704577][ T8979] BTRFS info (device loop0): enabling auto defrag [ 130.711065][ T8979] BTRFS info (device loop0): using free space tree [ 130.726302][ T8979] BTRFS info (device loop0): enabling ssd optimizations [pid 8979] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8979] chdir("./file0") = 0 [pid 8979] ioctl(4, LOOP_CLR_FD) = 0 [pid 8979] close(4) = 0 [pid 8979] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8979] getpid() = 8979 [pid 8979] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8979] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8979] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8979] exit_group(0) = ? [pid 8979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8979, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 [ 130.733407][ T8979] BTRFS info (device loop0): auto enabling async discard umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 8996 ./strace-static-x86_64: Process 8996 attached [pid 8996] set_robust_list(0x5555573f6660, 24) = 0 [pid 8996] chdir("./232") = 0 [pid 8996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8996] setpgid(0, 0) = 0 [pid 8996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8996] write(3, "1000", 4) = 4 [pid 8996] close(3) = 0 [pid 8996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8996] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 8996] memfd_create("syzkaller", 0) = 3 [pid 8996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 8996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8996] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 8996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8996] close(3) = 0 [pid 8996] mkdir("./file0", 0777) = 0 [ 131.010673][ T8996] loop0: detected capacity change from 0 to 32768 [ 131.020311][ T8996] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (8996) [ 131.035410][ T8996] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 131.044169][ T8996] BTRFS info (device loop0): setting nodatacow, compression disabled [ 131.052349][ T8996] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 131.062963][ T8996] BTRFS info (device loop0): trying to use backup root at mount time [ 131.071073][ T8996] BTRFS info (device loop0): disabling tree log [ 131.077366][ T8996] BTRFS info (device loop0): enabling auto defrag [ 131.083786][ T8996] BTRFS info (device loop0): using free space tree [ 131.099659][ T8996] BTRFS info (device loop0): enabling ssd optimizations [pid 8996] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 8996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8996] chdir("./file0") = 0 [pid 8996] ioctl(4, LOOP_CLR_FD) = 0 [pid 8996] close(4) = 0 [pid 8996] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 8996] getpid() = 8996 [pid 8996] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 8996] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8996] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 8996] exit_group(0) = ? [pid 8996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8996, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 131.106811][ T8996] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/binderfs") = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 9013 ./strace-static-x86_64: Process 9013 attached [pid 9013] set_robust_list(0x5555573f6660, 24) = 0 [pid 9013] chdir("./233") = 0 [pid 9013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9013] setpgid(0, 0) = 0 [pid 9013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9013] write(3, "1000", 4) = 4 [pid 9013] close(3) = 0 [pid 9013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9013] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 9013] memfd_create("syzkaller", 0) = 3 [pid 9013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 9013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9013] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 9013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9013] close(3) = 0 [pid 9013] mkdir("./file0", 0777) = 0 [ 131.376586][ T9013] loop0: detected capacity change from 0 to 32768 [ 131.386158][ T9013] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (9013) [ 131.401203][ T9013] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 131.410010][ T9013] BTRFS info (device loop0): setting nodatacow, compression disabled [ 131.418148][ T9013] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 131.428779][ T9013] BTRFS info (device loop0): trying to use backup root at mount time [ 131.436965][ T9013] BTRFS info (device loop0): disabling tree log [ 131.443246][ T9013] BTRFS info (device loop0): enabling auto defrag [ 131.449733][ T9013] BTRFS info (device loop0): using free space tree [ 131.465641][ T9013] BTRFS info (device loop0): enabling ssd optimizations [pid 9013] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 9013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9013] chdir("./file0") = 0 [pid 9013] ioctl(4, LOOP_CLR_FD) = 0 [pid 9013] close(4) = 0 [pid 9013] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 9013] getpid() = 9013 [pid 9013] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 9013] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9013] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 9013] exit_group(0) = ? [pid 9013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9013, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 [ 131.472718][ T9013] BTRFS info (device loop0): auto enabling async discard umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 9030 ./strace-static-x86_64: Process 9030 attached [pid 9030] set_robust_list(0x5555573f6660, 24) = 0 [pid 9030] chdir("./234") = 0 [pid 9030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9030] setpgid(0, 0) = 0 [pid 9030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9030] write(3, "1000", 4) = 4 [pid 9030] close(3) = 0 [pid 9030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9030] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 9030] memfd_create("syzkaller", 0) = 3 [pid 9030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 9030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9030] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 9030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9030] close(3) = 0 [pid 9030] mkdir("./file0", 0777) = 0 [ 131.755932][ T9030] loop0: detected capacity change from 0 to 32768 [ 131.764579][ T9030] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (9030) [ 131.778791][ T9030] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 131.787842][ T9030] BTRFS info (device loop0): setting nodatacow, compression disabled [ 131.795928][ T9030] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 131.806673][ T9030] BTRFS info (device loop0): trying to use backup root at mount time [ 131.814769][ T9030] BTRFS info (device loop0): disabling tree log [ 131.821080][ T9030] BTRFS info (device loop0): enabling auto defrag [ 131.827532][ T9030] BTRFS info (device loop0): using free space tree [ 131.843699][ T9030] BTRFS info (device loop0): enabling ssd optimizations [pid 9030] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 9030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9030] chdir("./file0") = 0 [pid 9030] ioctl(4, LOOP_CLR_FD) = 0 [pid 9030] close(4) = 0 [pid 9030] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 9030] getpid() = 9030 [pid 9030] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 9030] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9030] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 9030] exit_group(0) = ? [pid 9030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9030, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 [ 131.850816][ T9030] BTRFS info (device loop0): auto enabling async discard umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 9047 ./strace-static-x86_64: Process 9047 attached [pid 9047] set_robust_list(0x5555573f6660, 24) = 0 [pid 9047] chdir("./235") = 0 [pid 9047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9047] setpgid(0, 0) = 0 [pid 9047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9047] write(3, "1000", 4) = 4 [pid 9047] close(3) = 0 [pid 9047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9047] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 9047] memfd_create("syzkaller", 0) = 3 [pid 9047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 9047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9047] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 9047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9047] close(3) = 0 [pid 9047] mkdir("./file0", 0777) = 0 [ 132.125240][ T9047] loop0: detected capacity change from 0 to 32768 [ 132.134986][ T9047] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (9047) [ 132.149736][ T9047] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 132.158522][ T9047] BTRFS info (device loop0): setting nodatacow, compression disabled [ 132.166653][ T9047] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 132.177284][ T9047] BTRFS info (device loop0): trying to use backup root at mount time [ 132.185447][ T9047] BTRFS info (device loop0): disabling tree log [ 132.191747][ T9047] BTRFS info (device loop0): enabling auto defrag [ 132.198195][ T9047] BTRFS info (device loop0): using free space tree [pid 9047] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 9047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9047] chdir("./file0") = 0 [pid 9047] ioctl(4, LOOP_CLR_FD) = 0 [pid 9047] close(4) = 0 [pid 9047] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 9047] getpid() = 9047 [pid 9047] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 9047] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9047] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 9047] exit_group(0) = ? [pid 9047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9047, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 132.225385][ T9047] BTRFS info (device loop0): enabling ssd optimizations [ 132.232906][ T9047] BTRFS info (device loop0): auto enabling async discard unlink("./235/binderfs") = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555573ff730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555573ff730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file0") = 0 getdents64(3, 0x5555573f76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573f6650) = 9064 ./strace-static-x86_64: Process 9064 attached [pid 9064] set_robust_list(0x5555573f6660, 24) = 0 [pid 9064] chdir("./236") = 0 [pid 9064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9064] setpgid(0, 0) = 0 [pid 9064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9064] write(3, "1000", 4) = 4 [pid 9064] close(3) = 0 [pid 9064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9064] sendmsg(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 9064] memfd_create("syzkaller", 0) = 3 [pid 9064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbbeeae2000 [pid 9064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9064] munmap(0x7fbbeeae2000, 16777216) = 0 [pid 9064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9064] close(3) = 0 [pid 9064] mkdir("./file0", 0777) = 0 [ 132.618164][ T9064] loop0: detected capacity change from 0 to 32768 [ 132.628770][ T9064] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor144 (9064) [ 132.643852][ T9064] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 132.652703][ T9064] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 9064] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 9064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9064] chdir("./file0") = 0 [pid 9064] ioctl(4, LOOP_CLR_FD) = 0 [pid 9064] close(4) = 0 [pid 9064] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 9064] getpid() = 9064 [pid 9064] socketpair(AF_UNIX, SOCK_DGRAM, 0, [5, 6]) = 0 [pid 9064] connect(5, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9064] pwritev2(4, [{iov_base="\xff", iov_len=1}], 1, 21509, 0) = 1 [pid 9064] exit_group(0) = ? [pid 9064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9064, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555573f76f0 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 [ 132.660882][ T9064] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 132.671501][ T9064] BTRFS info (device loop0): trying to use backup root at mount time [ 132.679627][ T9064] BTRFS info (device loop0): disabling tree log [ 132.725747][ T9078] ------------[ cut here ]------------ [ 132.731326][ T9078] kernel BUG at fs/inode.c:624! [ 132.736254][ T9078] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 132.742339][ T9078] CPU: 0 PID: 9078 Comm: btrfs-cleaner Not tainted 6.5.0-rc3-syzkaller-00297-gd31e3792919e #0 [ 132.752596][ T9078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 132.762689][ T9078] RIP: 0010:clear_inode+0x153/0x190 [ 132.767966][ T9078] Code: 48 c7 83 d8 00 00 00 60 00 00 00 5b 5d 41 5c c3 e8 02 ab 95 ff 0f 0b e8 fb aa 95 ff 0f 0b e8 f4 aa 95 ff 0f 0b e8 ed aa 95 ff <0f> 0b e8 e6 aa 95 ff 0f 0b e8 6f b1 e9 ff e9 db fe ff ff e8 65 b1 [ 132.787599][ T9078] RSP: 0018:ffffc9000cc6faf0 EFLAGS: 00010293 [ 132.793664][ T9078] RAX: 0000000000000000 RBX: ffff888077e82980 RCX: 0000000000000000 [ 132.801643][ T9078] RDX: ffff888075669dc0 RSI: ffffffff81f0c663 RDI: 0000000000000007 [ 132.809595][ T9078] RBP: 0000000000000040 R08: 0000000000000007 R09: 0000000000000000 [ 132.817564][ T9078] R10: 0000000000000040 R11: 0000000000000000 R12: 0000000000000020 [ 132.825514][ T9078] R13: ffff88807d9ae000 R14: 0000000000000000 R15: ffff888077e82980 [ 132.833470][ T9078] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 132.842381][ T9078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.848963][ T9078] CR2: 00007fbbeeebb000 CR3: 000000002241a000 CR4: 0000000000350ef0 [ 132.856916][ T9078] Call Trace: [ 132.860173][ T9078] [ 132.863084][ T9078] ? die+0x31/0x80 [ 132.866796][ T9078] ? do_trap+0x1ab/0x3b0 [ 132.871022][ T9078] ? clear_inode+0x153/0x190 [ 132.875589][ T9078] ? do_error_trap+0x9e/0x160 [ 132.880245][ T9078] ? clear_inode+0x153/0x190 [ 132.884810][ T9078] ? handle_invalid_op+0x2c/0x30 [ 132.889729][ T9078] ? clear_inode+0x153/0x190 [ 132.894295][ T9078] ? exc_invalid_op+0x2d/0x40 [ 132.898964][ T9078] ? asm_exc_invalid_op+0x1a/0x20 [ 132.903969][ T9078] ? clear_inode+0x153/0x190 [ 132.908538][ T9078] ? clear_inode+0x153/0x190 [ 132.913112][ T9078] btrfs_evict_inode+0x51d/0xe30 [ 132.918036][ T9078] ? btrfs_rmdir+0x680/0x680 [ 132.922606][ T9078] ? evict+0x2b7/0x6b0 [ 132.926656][ T9078] ? reacquire_held_locks+0x4b0/0x4b0 [ 132.932008][ T9078] ? sugov_init+0x840/0x840 [ 132.936497][ T9078] ? btrfs_rmdir+0x680/0x680 [ 132.941075][ T9078] evict+0x2ed/0x6b0 [ 132.944950][ T9078] iput.part.0+0x55e/0x7a0 [ 132.949348][ T9078] ? btrfs_destroy_inode+0x850/0x850 [ 132.954610][ T9078] iput+0x5c/0x80 [ 132.958250][ T9078] btrfs_run_defrag_inodes+0xa04/0xe00 [ 132.963718][ T9078] ? btrfs_defrag_file+0x37d0/0x37d0 [ 132.968986][ T9078] ? bit_wait_timeout+0x160/0x160 [ 132.973990][ T9078] ? spin_bug+0x1d0/0x1d0 [ 132.978322][ T9078] ? _raw_spin_unlock+0x28/0x40 [ 132.983155][ T9078] ? btrfs_clean_one_deleted_snapshot+0x2b2/0x420 [ 132.989561][ T9078] cleaner_kthread+0x2f0/0x480 [ 132.994328][ T9078] ? btree_invalidate_folio+0x360/0x360 [ 132.999872][ T9078] kthread+0x33a/0x430 [ 133.003936][ T9078] ? kthread_complete_and_exit+0x40/0x40 [ 133.009548][ T9078] ret_from_fork+0x2c/0x70 [ 133.013947][ T9078] ? kthread_complete_and_exit+0x40/0x40 [ 133.019558][ T9078] ret_from_fork_asm+0x11/0x20 [ 133.024308][ T9078] RIP: 0000:0x0 [ 133.027769][ T9078] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 133.035110][ T9078] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 133.043499][ T9078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 133.051449][ T9078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.059397][ T9078] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.067344][ T9078] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 133.075316][ T9078] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.083273][ T9078] [ 133.086269][ T9078] Modules linked in: [ 133.090303][ T9078] ---[ end trace 0000000000000000 ]--- [ 133.095799][ T9078] RIP: 0010:clear_inode+0x153/0x190 [ 133.101029][ T9078] Code: 48 c7 83 d8 00 00 00 60 00 00 00 5b 5d 41 5c c3 e8 02 ab 95 ff 0f 0b e8 fb aa 95 ff 0f 0b e8 f4 aa 95 ff 0f 0b e8 ed aa 95 ff <0f> 0b e8 e6 aa 95 ff 0f 0b e8 6f b1 e9 ff e9 db fe ff ff e8 65 b1 [ 133.120848][ T9078] RSP: 0018:ffffc9000cc6faf0 EFLAGS: 00010293 [ 133.126934][ T9078] RAX: 0000000000000000 RBX: ffff888077e82980 RCX: 0000000000000000 [ 133.134904][ T9078] RDX: ffff888075669dc0 RSI: ffffffff81f0c663 RDI: 0000000000000007 [ 133.142901][ T9078] RBP: 0000000000000040 R08: 0000000000000007 R09: 0000000000000000 [ 133.150898][ T9078] R10: 0000000000000040 R11: 0000000000000000 R12: 0000000000000020 [ 133.158886][ T9078] R13: ffff88807d9ae000 R14: 0000000000000000 R15: ffff888077e82980 [ 133.166875][ T9078] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 133.175789][ T9078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.182398][ T9078] CR2: ffffffffffffffd6 CR3: 000000002241a000 CR4: 0000000000350ef0 [ 133.190403][ T9078] Kernel panic - not syncing: Fatal exception [ 133.197238][ T9078] Kernel Offset: disabled [ 133.201542][ T9078] Rebooting in 86400 seconds..