./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1342611385 <...> Warning: Permanently added '10.128.1.163' (ED25519) to the list of known hosts. execve("./syz-executor1342611385", ["./syz-executor1342611385"], 0x7ffe46acdc50 /* 10 vars */) = 0 brk(NULL) = 0x55558aa90000 brk(0x55558aa90d00) = 0x55558aa90d00 arch_prctl(ARCH_SET_FS, 0x55558aa90380) = 0 set_tid_address(0x55558aa90650) = 5847 set_robust_list(0x55558aa90660, 24) = 0 rseq(0x55558aa90ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1342611385", 4096) = 28 getrandom("\x19\x41\xbe\x00\xe7\x39\x99\xb0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558aa90d00 brk(0x55558aab1d00) = 0x55558aab1d00 brk(0x55558aab2000) = 0x55558aab2000 mprotect(0x7f3634447000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached [pid 5848] set_robust_list(0x55558aa90660, 24 [pid 5847] <... clone resumed>, child_tidptr=0x55558aa90650) = 5848 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] mkdir("./syzkaller.r5RZEn", 0700./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x55558aa90660, 24 [pid 5847] <... clone resumed>, child_tidptr=0x55558aa90650) = 5849 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... mkdir resumed>) = 0 [pid 5848] chmod("./syzkaller.r5RZEn", 0777 [pid 5849] mkdir("./syzkaller.LkwKUH", 0700 [pid 5848] <... chmod resumed>) = 0 [pid 5848] chdir("./syzkaller.r5RZEn"./strace-static-x86_64: Process 5850 attached [pid 5849] <... mkdir resumed>) = 0 [pid 5847] <... clone resumed>, child_tidptr=0x55558aa90650) = 5850 [pid 5849] chmod("./syzkaller.LkwKUH", 0777 [pid 5848] <... chdir resumed>) = 0 [pid 5850] set_robust_list(0x55558aa90660, 24 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... set_robust_list resumed>) = 0 [pid 5848] mkdir("./0", 0777 [pid 5850] mkdir("./syzkaller.vW9rlu", 0700./strace-static-x86_64: Process 5851 attached [pid 5849] <... chmod resumed>) = 0 [pid 5851] set_robust_list(0x55558aa90660, 24) = 0 [pid 5847] <... clone resumed>, child_tidptr=0x55558aa90650) = 5851 [pid 5849] chdir("./syzkaller.LkwKUH" [pid 5848] <... mkdir resumed>) = 0 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] mkdir("./syzkaller.eyMIg9", 0700 [pid 5849] <... chdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] mkdir("./0", 0777 [pid 5848] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5852 attached [pid 5851] <... mkdir resumed>) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5852] set_robust_list(0x55558aa90660, 24 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] chmod("./syzkaller.vW9rlu", 0777 [pid 5847] <... clone resumed>, child_tidptr=0x55558aa90650) = 5852 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5850] <... chmod resumed>) = 0 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] chmod("./syzkaller.eyMIg9", 0777 [pid 5850] chdir("./syzkaller.vW9rlu" [pid 5851] <... chmod resumed>) = 0 [pid 5850] <... chdir resumed>) = 0 [pid 5852] mkdir("./syzkaller.MrEcB6", 0700 [pid 5848] close(3 [pid 5851] chdir("./syzkaller.eyMIg9" [pid 5850] mkdir("./0", 0777 [pid 5849] <... openat resumed>) = 3 [pid 5851] <... chdir resumed>) = 0 [pid 5851] mkdir("./0", 0777 [pid 5852] <... mkdir resumed>) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] <... close resumed>) = 0 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] chmod("./syzkaller.MrEcB6", 0777 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached [pid 5852] <... chmod resumed>) = 0 [pid 5851] <... mkdir resumed>) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5852] chdir("./syzkaller.MrEcB6" [pid 5850] <... openat resumed>) = 3 [pid 5852] <... chdir resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5854 attached [pid 5853] set_robust_list(0x55558aa90660, 24 [pid 5852] mkdir("./0", 0777 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5853] <... set_robust_list resumed>) = 0 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5854] set_robust_list(0x55558aa90660, 24 [pid 5853] chdir("./0" [pid 5852] <... mkdir resumed>) = 0 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] close(3 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 5853 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 5854 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] <... chdir resumed>) = 0 [pid 5851] close(3 [pid 5850] <... close resumed>) = 0 [pid 5854] chdir("./0" [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] <... close resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5854] <... chdir resumed>) = 0 [pid 5853] <... prctl resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5856 attached ./strace-static-x86_64: Process 5855 attached [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5853] setpgid(0, 0 [pid 5856] set_robust_list(0x55558aa90660, 24 [pid 5855] set_robust_list(0x55558aa90660, 24 [pid 5854] <... prctl resumed>) = 0 [pid 5853] <... setpgid resumed>) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 5855 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 5856 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] setpgid(0, 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5856] chdir("./0" [pid 5855] chdir("./0" [pid 5854] <... setpgid resumed>) = 0 [pid 5853] <... openat resumed>) = 3 [pid 5852] close(3 [pid 5856] <... chdir resumed>) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program executing program [pid 5853] write(3, "1000", 4 [pid 5852] <... close resumed>) = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5856] <... prctl resumed>) = 0 [pid 5855] <... prctl resumed>) = 0 [pid 5854] <... openat resumed>) = 3 [pid 5853] <... write resumed>) = 4 [pid 5856] setpgid(0, 0 [pid 5855] setpgid(0, 0 [pid 5856] <... setpgid resumed>) = 0 [pid 5855] <... setpgid resumed>) = 0 [pid 5854] write(3, "1000", 4 [pid 5853] close(3./strace-static-x86_64: Process 5858 attached [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5854] <... write resumed>) = 4 [pid 5853] <... close resumed>) = 0 [pid 5856] <... openat resumed>) = 3 [pid 5854] close(3 [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5855] <... openat resumed>) = 3 [pid 5853] <... symlink resumed>) = 0 [pid 5856] write(3, "1000", 4 [pid 5855] write(3, "1000", 4 [pid 5854] <... close resumed>) = 0 [pid 5855] <... write resumed>) = 4 [pid 5854] symlink("/dev/binderfs", "./binderfs" [pid 5856] <... write resumed>) = 4 [pid 5855] close(3 [pid 5854] <... symlink resumed>) = 0 [pid 5856] close(3 [pid 5855] <... close resumed>) = 0 [pid 5853] write(1, "executing program\n", 18 [pid 5856] <... close resumed>) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs" [pid 5856] symlink("/dev/binderfs", "./binderfs" [pid 5855] <... symlink resumed>) = 0 [pid 5853] <... write resumed>) = 18 [pid 5856] <... symlink resumed>) = 0 [pid 5854] write(1, "executing program\n", 18) = 18 [pid 5854] memfd_create("syzkaller", 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 5858 [pid 5858] set_robust_list(0x55558aa90660, 24 [pid 5853] memfd_create("syzkaller", 0 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5854] <... memfd_create resumed>) = 3 executing program [pid 5856] write(1, "executing program\n", 18 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5853] <... memfd_create resumed>) = 3 [pid 5858] chdir("./0" [pid 5856] <... write resumed>) = 18 executing program [pid 5855] write(1, "executing program\n", 18 [pid 5854] <... mmap resumed>) = 0x7f362be00000 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] <... chdir resumed>) = 0 [pid 5856] memfd_create("syzkaller", 0 [pid 5855] <... write resumed>) = 18 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5853] <... mmap resumed>) = 0x7f362be00000 [pid 5858] <... prctl resumed>) = 0 [pid 5855] memfd_create("syzkaller", 0 [pid 5858] setpgid(0, 0 [pid 5856] <... memfd_create resumed>) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5858] <... setpgid resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] <... memfd_create resumed>) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] write(1, "executing program\n", 18executing program ) = 18 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5858] <... write resumed>) = 16777216 [pid 5858] munmap(0x7f362be00000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [pid 5858] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5854] <... write resumed>) = 16777216 [pid 5854] munmap(0x7f362be00000, 138412032) = 0 [ 119.903473][ T5858] loop4: detected capacity change from 0 to 32768 [ 119.936967][ T5858] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (5858) [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3 [pid 5853] <... write resumed>) = 16777216 [pid 5854] <... ioctl resumed>) = 0 [pid 5853] munmap(0x7f362be00000, 138412032 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./file0", 0777) = 0 [pid 5854] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5856] <... write resumed>) = 16777216 [ 119.992838][ T5854] loop0: detected capacity change from 0 to 32768 [ 120.023239][ T5858] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5856] munmap(0x7f362be00000, 138412032 [pid 5855] <... write resumed>) = 16777216 [pid 5855] munmap(0x7f362be00000, 138412032 [pid 5853] <... munmap resumed>) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5856] <... munmap resumed>) = 0 [pid 5853] <... openat resumed>) = 4 [ 120.035890][ T5854] BTRFS: device /dev/loop0 (7:0) using temp-fsid 77a8fd16-6a43-4b03-ab49-8fec9d9044b0 [ 120.053736][ T5858] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 120.065205][ T5858] BTRFS info (device loop4): using free-space-tree [ 120.079481][ T5854] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (5854) [pid 5855] <... munmap resumed>) = 0 [pid 5853] ioctl(4, LOOP_SET_FD, 3 [pid 5856] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3 [pid 5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] <... ioctl resumed>) = 0 [pid 5853] <... ioctl resumed>) = 0 [pid 5855] close(3 [pid 5856] close(3 [pid 5855] <... close resumed>) = 0 [ 120.099680][ T5854] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 120.111422][ T5854] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 120.124779][ T5853] loop1: detected capacity change from 0 to 32768 [ 120.133420][ T5855] loop3: detected capacity change from 0 to 32768 [ 120.141757][ T5856] loop2: detected capacity change from 0 to 32768 [pid 5853] close(3 [pid 5855] close(4) = 0 [pid 5853] <... close resumed>) = 0 [pid 5855] mkdir("./file0", 0777 [pid 5853] close(4 [pid 5855] <... mkdir resumed>) = 0 [pid 5853] <... close resumed>) = 0 [pid 5853] mkdir("./file0", 0777) = 0 [pid 5855] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5853] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5856] <... close resumed>) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file0", 0777) = 0 [ 120.148731][ T5854] BTRFS info (device loop0): using free-space-tree [ 120.166947][ T5853] BTRFS: device /dev/loop1 (7:1) using temp-fsid d46cda76-ce0a-4118-8cd8-37a76ed2a0a1 [ 120.201977][ T5853] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (5853) [ 120.255497][ T5855] BTRFS: device /dev/loop3 (7:3) using temp-fsid f51dd7d7-16e8-401d-932a-67c524571a0d [ 120.277963][ T5853] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 120.316676][ T5855] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (5855) [ 120.329269][ T5853] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 120.339535][ T5853] BTRFS info (device loop1): using free-space-tree [ 120.350002][ T5856] BTRFS: device /dev/loop2 (7:2) using temp-fsid e9ab7e91-96fc-4436-9d4e-783572f3d1d4 [ 120.360420][ T5856] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (5856) [ 120.377809][ T5855] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 120.390476][ T5855] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 120.405206][ T5855] BTRFS info (device loop3): using free-space-tree [pid 5856] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5858] <... mount resumed>) = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 120.439911][ T5856] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5858] ioctl(4, LOOP_CLR_FD) = 0 [pid 5858] close(4) = 0 [pid 5854] <... mount resumed>) = 0 [pid 5858] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file0") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5853] <... mount resumed>) = 0 [pid 5853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file0") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_CLR_FD) = 0 [pid 5853] close(4) = 0 [pid 5853] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5854] <... openat resumed>) = 4 [ 120.494990][ T5856] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 5853] <... openat resumed>) = 4 [pid 5858] <... openat resumed>) = 4 [pid 5854] ioctl(4, LOOP_CLR_FD) = 0 [pid 5858] ioctl(-1, SIOCGIFINDEX, NULL [pid 5854] close(4 [pid 5853] ioctl(-1, SIOCGIFINDEX, NULL [pid 5858] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5854] <... close resumed>) = 0 [pid 5853] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5858] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5854] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5853] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5858] <... write resumed>) = 280 [pid 5854] <... openat resumed>) = 4 [pid 5853] <... write resumed>) = 280 [pid 5858] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5853] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5858] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5854] ioctl(-1, SIOCGIFINDEX, NULL [pid 5853] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5858] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5854] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5853] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5858] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5854] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5853] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5858] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5854] <... write resumed>) = 280 [pid 5853] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5858] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5854] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5853] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5853] exit_group(0 [pid 5858] exit_group(0 [pid 5854] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5853] <... exit_group resumed>) = ? [pid 5858] <... exit_group resumed>) = ? [pid 5854] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5853] +++ exited with 0 +++ [pid 5858] +++ exited with 0 +++ [pid 5854] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5854] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=23 /* 0.23 s */} --- [pid 5854] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5854] exit_group(0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5854] <... exit_group resumed>) = ? [pid 5852] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5854] +++ exited with 0 +++ [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 120.570457][ T5856] BTRFS info (device loop2): using free-space-tree [pid 5852] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... openat resumed>) = 3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5852] newfstatat(3, "", [pid 5849] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5855] <... mount resumed>) = 0 [pid 5852] getdents64(3, [pid 5849] newfstatat(3, "", [pid 5855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5852] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] getdents64(3, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5849] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] <... openat resumed>) = 3 [pid 5852] unlink("./0/binderfs") = 0 [pid 5849] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5855] chdir("./file0" [pid 5849] unlink("./0/binderfs" [pid 5848] <... openat resumed>) = 3 [pid 5855] <... chdir resumed>) = 0 [pid 5849] <... unlink resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5855] <... openat resumed>) = 4 [pid 5848] getdents64(3, [pid 5855] ioctl(4, LOOP_CLR_FD [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5855] <... ioctl resumed>) = 0 [pid 5848] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5855] close(4 [pid 5848] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5855] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5855] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] unlink("./0/binderfs" [pid 5855] <... openat resumed>) = 4 [pid 5848] <... unlink resumed>) = 0 [pid 5848] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5855] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5855] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5855] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5855] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5855] exit_group(0) = ? [pid 5855] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./0/binderfs") = 0 [ 120.788118][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 120.811557][ T5849] BTRFS info (device loop1): last unmount of filesystem d46cda76-ce0a-4118-8cd8-37a76ed2a0a1 [ 120.828876][ T5851] BTRFS info (device loop3): last unmount of filesystem f51dd7d7-16e8-401d-932a-67c524571a0d [ 120.849118][ T5848] BTRFS info (device loop0): last unmount of filesystem 77a8fd16-6a43-4b03-ab49-8fec9d9044b0 [pid 5851] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5856] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] <... umount2 resumed>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] newfstatat(AT_FDCWD, "./0/file0", [pid 5856] chdir("./file0" [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5856] <... chdir resumed>) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./0/file0", [pid 5856] <... openat resumed>) = 4 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5856] ioctl(4, LOOP_CLR_FD [pid 5852] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5856] <... ioctl resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... openat resumed>) = 4 [pid 5856] close(4 [pid 5852] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 5848] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] newfstatat(4, "", [pid 5856] <... close resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5856] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] getdents64(4, [pid 5849] getdents64(4, [pid 5848] newfstatat(AT_FDCWD, "./0/file0", [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] getdents64(4, [pid 5848] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5856] <... openat resumed>) = 4 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./0/file0") = 0 [pid 5852] close(4 [pid 5848] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./0/file0" [pid 5848] <... openat resumed>) = 4 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./0" [pid 5852] <... rmdir resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 5856] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] getdents64(3, [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5856] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] getdents64(4, [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5856] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] close(3 [pid 5848] getdents64(4, [pid 5856] <... write resumed>) = 280 [pid 5852] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] rmdir("./0" [pid 5848] close(4 [pid 5856] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] mkdir("./1", 0777 [pid 5848] <... close resumed>) = 0 [pid 5856] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... mkdir resumed>) = 0 [pid 5848] rmdir("./0/file0" [pid 5856] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5856] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5848] <... rmdir resumed>) = 0 [pid 5856] exit_group(0 [pid 5848] getdents64(3, [pid 5856] <... exit_group resumed>) = ? [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5856] +++ exited with 0 +++ [pid 5848] close(3 [pid 5852] <... rmdir resumed>) = 0 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5848] <... close resumed>) = 0 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5848] rmdir("./0" [pid 5850] <... restart_syscall resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./1", 0777 [pid 5850] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... mkdir resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] mkdir("./1", 0777 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5852] <... mkdir resumed>) = 0 [pid 5850] getdents64(3, [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] <... ioctl resumed>) = 0 [pid 5850] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] close(3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... close resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5946 attached [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./0/binderfs" [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 5946 [pid 5852] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 3 [pid 5850] <... unlink resumed>) = 0 [pid 5850] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5947 attached , child_tidptr=0x55558aa90650) = 5947 [pid 5947] set_robust_list(0x55558aa90660, 24) = 0 [pid 5947] chdir("./1" [pid 5946] set_robust_list(0x55558aa90660, 24 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5946] <... set_robust_list resumed>) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5947] <... chdir resumed>) = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0) = 0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] write(3, "1000", 4) = 4 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] chdir("./1" [pid 5852] close(3 [pid 5947] write(1, "executing program\n", 18executing program ) = 18 [pid 5947] memfd_create("syzkaller", 0) = 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... close resumed>) = 0 [pid 5946] <... chdir resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5949 attached ) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 5949 [pid 5949] set_robust_list(0x55558aa90660, 24) = 0 [pid 5949] chdir("./1" [pid 5946] setpgid(0, 0 [pid 5949] <... chdir resumed>) = 0 [pid 5946] <... setpgid resumed>) = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5949] <... prctl resumed>) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5946] <... openat resumed>) = 3 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4 [pid 5946] write(3, "1000", 4 [pid 5949] <... write resumed>) = 4 [pid 5949] close(3 [pid 5946] <... write resumed>) = 4 [pid 5949] <... close resumed>) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5949] write(1, "executing program\n", 18 [pid 5946] close(3 [pid 5949] <... write resumed>) = 18 [pid 5946] <... close resumed>) = 0 [pid 5949] memfd_create("syzkaller", 0 [pid 5946] symlink("/dev/binderfs", "./binderfs" [pid 5949] <... memfd_create resumed>) = 3 [pid 5946] <... symlink resumed>) = 0 [pid 5946] write(1, "executing program\n", 18executing program [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5946] <... write resumed>) = 18 [pid 5949] <... mmap resumed>) = 0x7f362be00000 [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 121.159876][ T5850] BTRFS info (device loop2): last unmount of filesystem e9ab7e91-96fc-4436-9d4e-783572f3d1d4 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] newfstatat(AT_FDCWD, "./0/file0", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] newfstatat(AT_FDCWD, "./0/file0", [pid 5851] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... openat resumed>) = 4 [pid 5850] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", [pid 5850] newfstatat(4, "", [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 5851] getdents64(4, [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 5851] getdents64(4, [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4 [pid 5851] close(4 [pid 5850] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5850] rmdir("./0/file0" [pid 5851] rmdir("./0/file0" [pid 5850] <... rmdir resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./0" [pid 5851] getdents64(3, [pid 5850] <... rmdir resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] mkdir("./1", 0777) = 0 [pid 5851] close(3) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] rmdir("./0" [pid 5850] <... openat resumed>) = 3 [pid 5851] <... rmdir resumed>) = 0 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5851] mkdir("./1", 0777 [pid 5850] <... ioctl resumed>) = 0 [pid 5851] <... mkdir resumed>) = 0 [pid 5850] close(3) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached [pid 5851] <... openat resumed>) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 5950 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5950] set_robust_list(0x55558aa90660, 24) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 5951 [pid 5950] chdir("./1"executing program ./strace-static-x86_64: Process 5951 attached ) = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5950] write(3, "1000", 4) = 4 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5950] write(1, "executing program\n", 18) = 18 [pid 5950] memfd_create("syzkaller", 0) = 3 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5951] set_robust_list(0x55558aa90660, 24) = 0 [pid 5951] chdir("./1") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5951] write(1, "executing program\n", 18) = 18 [pid 5951] memfd_create("syzkaller", 0) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5949] <... write resumed>) = 16777216 [pid 5949] munmap(0x7f362be00000, 138412032) = 0 [pid 5947] <... write resumed>) = 16777216 [pid 5949] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5947] munmap(0x7f362be00000, 138412032 [pid 5949] <... openat resumed>) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5946] <... write resumed>) = 16777216 [pid 5949] <... ioctl resumed>) = 0 [pid 5947] <... munmap resumed>) = 0 [pid 5946] munmap(0x7f362be00000, 138412032 [pid 5949] close(3 [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5949] <... close resumed>) = 0 [pid 5949] close(4 [pid 5947] <... openat resumed>) = 4 [pid 5949] <... close resumed>) = 0 [pid 5947] ioctl(4, LOOP_SET_FD, 3 [pid 5949] mkdir("./file0", 0777) = 0 [pid 5946] <... munmap resumed>) = 0 [pid 5949] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [ 122.241027][ T5949] loop4: detected capacity change from 0 to 32768 [ 122.279563][ T5947] loop1: detected capacity change from 0 to 32768 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5947] <... ioctl resumed>) = 0 [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5947] close(3) = 0 [pid 5947] close(4) = 0 [pid 5947] mkdir("./file0", 0777) = 0 [ 122.302039][ T5949] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (5949) [ 122.309936][ T5946] loop0: detected capacity change from 0 to 32768 [pid 5947] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5950] <... write resumed>) = 16777216 [pid 5946] <... ioctl resumed>) = 0 [pid 5950] munmap(0x7f362be00000, 138412032 [pid 5946] close(3) = 0 [pid 5946] close(4) = 0 [pid 5946] mkdir("./file0", 0777) = 0 [pid 5946] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5950] <... munmap resumed>) = 0 [ 122.348290][ T5947] BTRFS: device /dev/loop1 (7:1) using temp-fsid a1e3fd13-3e94-4dc2-ae9f-3a0608060f90 [ 122.369552][ T5949] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5950] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 122.396826][ T5947] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (5947) [ 122.409295][ T5949] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 122.420411][ T5949] BTRFS info (device loop4): using free-space-tree [pid 5950] ioctl(4, LOOP_SET_FD, 3 [pid 5951] <... write resumed>) = 16777216 [pid 5951] munmap(0x7f362be00000, 138412032) = 0 [pid 5950] <... ioctl resumed>) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5950] close(3) = 0 [pid 5950] close(4 [pid 5951] <... openat resumed>) = 4 [pid 5950] <... close resumed>) = 0 [pid 5951] ioctl(4, LOOP_SET_FD, 3 [pid 5950] mkdir("./file0", 0777) = 0 [ 122.443992][ T5950] loop2: detected capacity change from 0 to 32768 [ 122.460722][ T5946] BTRFS: device /dev/loop0 (7:0) using temp-fsid daa3a56b-70c5-4e32-ac75-876d4666035f [ 122.473002][ T5946] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (5946) [pid 5950] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5951] <... ioctl resumed>) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./file0", 0777) = 0 [ 122.501332][ T5951] loop3: detected capacity change from 0 to 32768 [ 122.508301][ T5947] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 122.539095][ T5950] BTRFS: device /dev/loop2 (7:2) using temp-fsid 089fab1f-2c1f-434a-99cd-5e8337c64c43 [ 122.560964][ T5947] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 122.578237][ T5950] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (5950) [ 122.578269][ T5946] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 122.609658][ T5947] BTRFS info (device loop1): using free-space-tree [ 122.623791][ T5946] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 122.633667][ T5946] BTRFS info (device loop0): using free-space-tree [ 122.671120][ T5950] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 122.674984][ T5951] BTRFS: device /dev/loop3 (7:3) using temp-fsid 51c2e979-62f7-437e-a4c9-2c606ad39736 [ 122.700807][ T5950] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 5951] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5949] <... mount resumed>) = 0 [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file0") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_CLR_FD) = 0 [ 122.719897][ T5950] BTRFS info (device loop2): using free-space-tree [pid 5949] close(4) = 0 [pid 5949] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5949] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5949] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5949] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 122.772052][ T5951] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (5951) [pid 5949] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5949] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5949] exit_group(0) = ? [pid 5949] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [ 122.861094][ T5951] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./1/binderfs") = 0 [ 122.912637][ T5951] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 122.943989][ T5951] BTRFS info (device loop3): using free-space-tree [pid 5852] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] <... mount resumed>) = 0 [pid 5950] <... mount resumed>) = 0 [pid 5947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5947] <... openat resumed>) = 3 [pid 5950] <... openat resumed>) = 3 [pid 5947] chdir("./file0" [pid 5950] chdir("./file0" [pid 5947] <... chdir resumed>) = 0 [pid 5950] <... chdir resumed>) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5950] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5947] <... openat resumed>) = 4 [pid 5950] <... openat resumed>) = 4 [pid 5947] ioctl(4, LOOP_CLR_FD) = 0 [pid 5950] ioctl(4, LOOP_CLR_FD [pid 5947] close(4) = 0 [pid 5947] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5950] <... ioctl resumed>) = 0 [pid 5947] <... openat resumed>) = 4 [pid 5950] close(4) = 0 [pid 5947] ioctl(-1, SIOCGIFINDEX, NULL [pid 5950] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5947] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5947] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5950] <... openat resumed>) = 4 [pid 5947] <... write resumed>) = 280 [pid 5950] ioctl(-1, SIOCGIFINDEX, NULL [pid 5947] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5950] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5947] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5950] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5947] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5950] <... write resumed>) = 280 [pid 5947] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5950] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5947] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5950] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5947] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5947] exit_group(0 [pid 5950] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5947] <... exit_group resumed>) = ? [pid 5950] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5947] +++ exited with 0 +++ [pid 5950] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=24 /* 0.24 s */} --- [pid 5950] exit_group(0 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5950] <... exit_group resumed>) = ? [pid 5849] <... restart_syscall resumed>) = 0 [pid 5950] +++ exited with 0 +++ [pid 5946] <... mount resumed>) = 0 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5849] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5946] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 3 [ 123.032203][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5946] chdir("./file0") = 0 [pid 5849] getdents64(3, [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5946] <... openat resumed>) = 4 [pid 5849] unlink("./1/binderfs") = 0 [pid 5849] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5946] ioctl(4, LOOP_CLR_FD [pid 5850] newfstatat(3, "", [pid 5946] <... ioctl resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5946] close(4) = 0 [pid 5946] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5850] getdents64(3, [pid 5946] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5946] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5850] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] <... write resumed>) = 280 [pid 5850] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5946] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5850] unlink("./1/binderfs" [pid 5946] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... unlink resumed>) = 0 [pid 5946] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5850] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5946] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5946] exit_group(0) = ? [pid 5946] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=37 /* 0.37 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5951] <... mount resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", [pid 5951] chdir("./file0" [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5951] <... chdir resumed>) = 0 [pid 5848] getdents64(3, [pid 5951] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5951] <... openat resumed>) = 4 [pid 5951] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5951] close(4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5951] <... close resumed>) = 0 [pid 5951] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 123.207816][ T5849] BTRFS info (device loop1): last unmount of filesystem a1e3fd13-3e94-4dc2-ae9f-3a0608060f90 [pid 5848] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5951] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./1/binderfs") = 0 [pid 5848] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5951] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5951] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5951] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5951] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5951] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5951] exit_group(0) = ? [pid 5951] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./1/binderfs") = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5851] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./1/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [ 123.290261][ T5850] BTRFS info (device loop2): last unmount of filesystem 089fab1f-2c1f-434a-99cd-5e8337c64c43 [ 123.311674][ T5848] BTRFS info (device loop0): last unmount of filesystem daa3a56b-70c5-4e32-ac75-876d4666035f [pid 5849] close(3) = 0 [pid 5849] rmdir("./1") = 0 [pid 5849] mkdir("./2", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6035 attached [pid 6035] set_robust_list(0x55558aa90660, 24) = 0 [pid 6035] chdir("./2") = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6035] setpgid(0, 0) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6035 [pid 6035] <... openat resumed>) = 3 [pid 6035] write(3, "1000", 4) = 4 [pid 6035] close(3executing program ) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6035] write(1, "executing program\n", 18) = 18 [pid 6035] memfd_create("syzkaller", 0) = 3 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 123.440098][ T5851] BTRFS info (device loop3): last unmount of filesystem 51c2e979-62f7-437e-a4c9-2c606ad39736 [pid 5848] newfstatat(4, "", [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] getdents64(4, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] newfstatat(4, "", [pid 5848] close(4 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, [pid 5848] <... close resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./1/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./1") = 0 [pid 5848] rmdir("./1/file0" [pid 5852] mkdir("./2", 0777 [pid 5848] <... rmdir resumed>) = 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./1") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] mkdir("./2", 0777 [pid 5852] <... openat resumed>) = 3 [pid 5848] <... mkdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5848] <... close resumed>) = 0 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6036 ./strace-static-x86_64: Process 6037 attached ./strace-static-x86_64: Process 6036 attached [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6037 [pid 6036] set_robust_list(0x55558aa90660, 24) = 0 [pid 6037] set_robust_list(0x55558aa90660, 24 [pid 6036] chdir("./2") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0 [pid 6037] <... set_robust_list resumed>) = 0 [pid 6036] <... setpgid resumed>) = 0 [pid 6037] chdir("./2" [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6037] <... chdir resumed>) = 0 [pid 6036] <... openat resumed>) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6036] <... close resumed>) = 0 [pid 6037] <... prctl resumed>) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs" [pid 6037] setpgid(0, 0 [pid 6036] <... symlink resumed>) = 0 [pid 6037] <... setpgid resumed>) = 0 executing program [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] write(1, "executing program\n", 18 [pid 6037] <... openat resumed>) = 3 [pid 6036] <... write resumed>) = 18 [pid 6037] write(3, "1000", 4 [pid 6036] memfd_create("syzkaller", 0 [pid 6037] <... write resumed>) = 4 [pid 6036] <... memfd_create resumed>) = 3 [pid 6037] close(3 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6037] <... close resumed>) = 0 [pid 6036] <... mmap resumed>) = 0x7f362be00000 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6037] write(1, "executing program\n", 18) = 18 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./1/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./1") = 0 [pid 5851] mkdir("./2", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5850] <... umount2 resumed>) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6038 ./strace-static-x86_64: Process 6038 attached [pid 6038] set_robust_list(0x55558aa90660, 24 [pid 5850] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] <... set_robust_list resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] chdir("./2" [pid 5850] newfstatat(AT_FDCWD, "./1/file0", [pid 6038] <... chdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] <... prctl resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] setpgid(0, 0 [pid 5850] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6038] <... setpgid resumed>) = 0 [pid 5850] <... openat resumed>) = 4 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] newfstatat(4, "", [pid 6038] <... openat resumed>) = 3 [pid 6038] write(3, "1000", 4 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] <... write resumed>) = 4 [pid 5850] getdents64(4, [pid 6038] close(3 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6038] <... close resumed>) = 0 [pid 5850] getdents64(4, [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 executing program [pid 6038] <... symlink resumed>) = 0 [pid 5850] close(4 [pid 6038] write(1, "executing program\n", 18 [pid 5850] <... close resumed>) = 0 [pid 6038] <... write resumed>) = 18 [pid 5850] rmdir("./1/file0" [pid 6038] memfd_create("syzkaller", 0 [pid 5850] <... rmdir resumed>) = 0 [pid 6038] <... memfd_create resumed>) = 3 [pid 5850] getdents64(3, [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6038] <... mmap resumed>) = 0x7f362be00000 [pid 5850] close(3) = 0 [pid 5850] rmdir("./1") = 0 [pid 5850] mkdir("./2", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... openat resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6039 attached , child_tidptr=0x55558aa90650) = 6039 [pid 6039] set_robust_list(0x55558aa90660, 24) = 0 [pid 6039] chdir("./2") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6039] write(1, "executing program\n", 18) = 18 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6035] <... write resumed>) = 16777216 [pid 6035] munmap(0x7f362be00000, 138412032) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6035] close(3) = 0 [pid 6035] close(4) = 0 [pid 6035] mkdir("./file0", 0777) = 0 [ 124.519306][ T6035] loop1: detected capacity change from 0 to 32768 [pid 6036] <... write resumed>) = 16777216 [pid 6035] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6036] munmap(0x7f362be00000, 138412032) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6036] ioctl(4, LOOP_SET_FD, 3 [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6036] <... ioctl resumed>) = 0 [pid 6036] close(3) = 0 [pid 6036] close(4) = 0 [ 124.589898][ T6035] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6035) [ 124.617140][ T6036] loop4: detected capacity change from 0 to 32768 [pid 6036] mkdir("./file0", 0777) = 0 [pid 6036] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6037] <... write resumed>) = 16777216 [ 124.659284][ T6035] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 124.690749][ T6036] BTRFS: device /dev/loop4 (7:4) using temp-fsid 90a32bbf-137e-440e-8f4c-dc893f78154d [pid 6037] munmap(0x7f362be00000, 138412032) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [ 124.700494][ T6035] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 124.729324][ T6035] BTRFS info (device loop1): using free-space-tree [ 124.737916][ T6036] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6036) [ 124.741306][ T6037] loop0: detected capacity change from 0 to 32768 [pid 6037] close(4) = 0 [pid 6037] mkdir("./file0", 0777) = 0 [pid 6037] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6038] <... write resumed>) = 16777216 [ 124.809449][ T6036] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 124.824396][ T6036] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 124.834398][ T6036] BTRFS info (device loop4): using free-space-tree [ 124.843925][ T6037] BTRFS: device /dev/loop0 (7:0) using temp-fsid 7a39e4b9-a84e-4a75-a7f9-bb3178fcfecd [pid 6038] munmap(0x7f362be00000, 138412032) = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6038] close(3) = 0 [pid 6038] close(4) = 0 [pid 6038] mkdir("./file0", 0777) = 0 [ 124.879306][ T6037] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6037) [ 124.915643][ T6038] loop3: detected capacity change from 0 to 32768 [ 124.974228][ T6037] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 124.991862][ T6038] BTRFS: device /dev/loop3 (7:3) using temp-fsid 93cadb0f-a658-4ab4-9057-3f90dbd73e2f [pid 6038] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6039] <... write resumed>) = 16777216 [ 125.064843][ T6037] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 125.074621][ T6038] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6038) [pid 6039] munmap(0x7f362be00000, 138412032) = 0 [pid 6036] <... mount resumed>) = 0 [pid 6035] <... mount resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6039] <... openat resumed>) = 4 [pid 6036] <... openat resumed>) = 3 [pid 6035] <... openat resumed>) = 3 [pid 6039] ioctl(4, LOOP_SET_FD, 3 [pid 6036] chdir("./file0" [pid 6035] chdir("./file0" [pid 6036] <... chdir resumed>) = 0 [pid 6035] <... chdir resumed>) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6035] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6036] <... openat resumed>) = 4 [pid 6035] <... openat resumed>) = 4 [ 125.122707][ T6037] BTRFS info (device loop0): using free-space-tree [ 125.136351][ T6039] loop2: detected capacity change from 0 to 32768 [pid 6036] ioctl(4, LOOP_CLR_FD) = 0 [pid 6035] ioctl(4, LOOP_CLR_FD) = 0 [pid 6039] <... ioctl resumed>) = 0 [pid 6039] close(3) = 0 [pid 6039] close(4) = 0 [pid 6036] close(4 [pid 6035] close(4) = 0 [pid 6036] <... close resumed>) = 0 [pid 6039] mkdir("./file0", 0777) = 0 [pid 6036] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6035] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6039] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6036] <... openat resumed>) = 4 [pid 6035] <... openat resumed>) = 4 [ 125.169396][ T6038] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 125.200239][ T6039] BTRFS: device /dev/loop2 (7:2) using temp-fsid 59d2f24b-9b94-42fd-9209-269c48f21bfb [pid 6035] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6035] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6035] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6035] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6036] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6035] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6036] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [ 125.215734][ T6038] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 125.225973][ T6038] BTRFS info (device loop3): using free-space-tree [ 125.228932][ T6039] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6039) [pid 6035] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 6036] <... write resumed>) = 280 [pid 6036] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6036] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6036] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6036] exit_group(0) = ? [pid 6036] +++ exited with 0 +++ [pid 6035] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6035] exit_group(0) = ? [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=36 /* 0.36 s */} --- [pid 6035] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=21 /* 0.21 s */} --- [pid 5849] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./2/binderfs") = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./2/binderfs") = 0 [ 125.271844][ T6039] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 125.284487][ T6039] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 125.295027][ T6039] BTRFS info (device loop2): using free-space-tree [ 125.373453][ T5852] BTRFS info (device loop4): last unmount of filesystem 90a32bbf-137e-440e-8f4c-dc893f78154d [ 125.391723][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6037] <... mount resumed>) = 0 [pid 6037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./file0") = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_CLR_FD) = 0 [pid 6037] close(4) = 0 [pid 6037] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6037] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6037] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6037] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6037] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6037] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6037] exit_group(0) = ? [pid 6037] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", [pid 6038] <... mount resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./2/binderfs") = 0 [pid 5848] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] <... openat resumed>) = 3 [pid 6038] chdir("./file0") = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6038] ioctl(4, LOOP_CLR_FD) = 0 [pid 6038] close(4) = 0 [pid 6038] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6038] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6038] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6038] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6038] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6038] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6038] exit_group(0) = ? [pid 6038] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./2/binderfs" [pid 6039] <... mount resumed>) = 0 [pid 5851] <... unlink resumed>) = 0 [pid 6039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5851] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6039] <... openat resumed>) = 3 [pid 6039] chdir("./file0") = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_CLR_FD) = 0 [ 125.612585][ T5848] BTRFS info (device loop0): last unmount of filesystem 7a39e4b9-a84e-4a75-a7f9-bb3178fcfecd [pid 6039] close(4) = 0 [pid 6039] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6039] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6039] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6039] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6039] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6039] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6039] exit_group(0) = ? [pid 6039] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5850] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./2/binderfs") = 0 [ 125.686892][ T5851] BTRFS info (device loop3): last unmount of filesystem 93cadb0f-a658-4ab4-9057-3f90dbd73e2f [pid 5850] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./2/file0", [pid 5849] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... openat resumed>) = 4 [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 5849] newfstatat(4, "", [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 5849] getdents64(4, [pid 5848] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] rmdir("./2/file0" [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4 [pid 5848] <... rmdir resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] rmdir("./2/file0" [pid 5848] getdents64(3, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./2/file0", [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] getdents64(3, [pid 5848] close(3 [pid 5852] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] close(3 [pid 5848] <... close resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5848] rmdir("./2" [pid 5849] rmdir("./2") = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5849] mkdir("./3", 0777 [pid 5848] mkdir("./3", 0777 [pid 5849] <... mkdir resumed>) = 0 [pid 5852] <... openat resumed>) = 4 [ 125.801628][ T5850] BTRFS info (device loop2): last unmount of filesystem 59d2f24b-9b94-42fd-9209-269c48f21bfb [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] <... mkdir resumed>) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./2/file0") = 0 [pid 5849] <... openat resumed>) = 3 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./2") = 0 [pid 5852] mkdir("./3", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... umount2 resumed>) = 0 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5848] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6122 attached [pid 5849] close(3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5849] <... close resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 6122] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6122 [pid 5850] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] close(3 [pid 6122] <... set_robust_list resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... close resumed>) = 0 [pid 6122] chdir("./3" [pid 5850] newfstatat(AT_FDCWD, "./2/file0", [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6122] <... chdir resumed>) = 0 [pid 5850] <... openat resumed>) = 4 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] newfstatat(4, "", [pid 6122] <... prctl resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6122] setpgid(0, 0 [pid 5850] getdents64(4, [pid 6122] <... setpgid resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] getdents64(4, [pid 6122] <... openat resumed>) = 3 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 6122] write(3, "1000", 4 [pid 5850] rmdir("./2/file0" [pid 6122] <... write resumed>) = 4 [pid 5850] <... rmdir resumed>) = 0 [pid 6122] close(3 [pid 5850] getdents64(3, [pid 6122] <... close resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs" [pid 5850] close(3executing program [pid 6122] <... symlink resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 6122] write(1, "executing program\n", 18 [pid 5850] rmdir("./2" [pid 6122] <... write resumed>) = 18 [pid 5850] <... rmdir resumed>) = 0 [pid 6122] memfd_create("syzkaller", 0 [pid 5850] mkdir("./3", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6124 attached [pid 6122] <... memfd_create resumed>) = 3 [pid 5850] <... openat resumed>) = 3 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6124 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... ioctl resumed>) = 0 [pid 6122] <... mmap resumed>) = 0x7f362be00000 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6125 attached , child_tidptr=0x55558aa90650) = 6125 [pid 6125] set_robust_list(0x55558aa90660, 24 [pid 6124] set_robust_list(0x55558aa90660, 24 [pid 6125] <... set_robust_list resumed>) = 0 [pid 6124] <... set_robust_list resumed>) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6123 [pid 6125] chdir("./3") = 0 [pid 6124] chdir("./3" [pid 6125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6125] setpgid(0, 0) = 0 [pid 6125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6125] write(3, "1000", 4) = 4 [pid 6125] close(3) = 0 [pid 6125] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6123 attached ) = 0 [pid 6124] <... chdir resumed>) = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6123] set_robust_list(0x55558aa90660, 24 [pid 6124] <... prctl resumed>) = 0 [pid 6123] <... set_robust_list resumed>) = 0 executing program [pid 6125] write(1, "executing program\n", 18 [pid 6123] chdir("./3" [pid 6124] setpgid(0, 0 [pid 6125] <... write resumed>) = 18 [pid 6125] memfd_create("syzkaller", 0 [pid 6124] <... setpgid resumed>) = 0 [pid 6123] <... chdir resumed>) = 0 [pid 6125] <... memfd_create resumed>) = 3 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6124] <... openat resumed>) = 3 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6124] write(3, "1000", 4 [pid 6123] <... openat resumed>) = 3 [pid 6124] <... write resumed>) = 4 [pid 6123] write(3, "1000", 4) = 4 [pid 6123] close(3 [pid 6124] close(3 [pid 6123] <... close resumed>) = 0 [pid 6123] symlink("/dev/binderfs", "./binderfs" [pid 6124] <... close resumed>) = 0 [pid 6124] symlink("/dev/binderfs", "./binderfs" [pid 6123] <... symlink resumed>) = 0 [pid 6123] write(1, "executing program\n", 18executing program [pid 6124] <... symlink resumed>) = 0 [pid 6123] <... write resumed>) = 18 [pid 6123] memfd_create("syzkaller", 0executing program [pid 6124] write(1, "executing program\n", 18 [pid 6123] <... memfd_create resumed>) = 3 [pid 6124] <... write resumed>) = 18 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6124] memfd_create("syzkaller", 0 [pid 6123] <... mmap resumed>) = 0x7f362be00000 [pid 6124] <... memfd_create resumed>) = 3 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./2/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./2") = 0 [pid 5851] mkdir("./3", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6126 ./strace-static-x86_64: Process 6126 attached [pid 6126] set_robust_list(0x55558aa90660, 24) = 0 [pid 6126] chdir("./3") = 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6126] setpgid(0, 0) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6126] write(1, "executing program\n", 18) = 18 [pid 6126] memfd_create("syzkaller", 0) = 3 [pid 6126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6125] <... write resumed>) = 16777216 [pid 6124] <... write resumed>) = 16777216 [pid 6125] munmap(0x7f362be00000, 138412032 [pid 6124] munmap(0x7f362be00000, 138412032 [pid 6122] <... write resumed>) = 16777216 [pid 6124] <... munmap resumed>) = 0 [pid 6122] munmap(0x7f362be00000, 138412032 [pid 6125] <... munmap resumed>) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6125] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6124] <... openat resumed>) = 4 [pid 6125] <... openat resumed>) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3 [pid 6125] ioctl(4, LOOP_SET_FD, 3 [pid 6122] <... munmap resumed>) = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6122] ioctl(4, LOOP_SET_FD, 3 [pid 6124] <... ioctl resumed>) = 0 [pid 6124] close(3) = 0 [pid 6124] close(4 [pid 6125] <... ioctl resumed>) = 0 [pid 6125] close(3 [pid 6124] <... close resumed>) = 0 [pid 6125] <... close resumed>) = 0 [pid 6124] mkdir("./file0", 0777 [pid 6125] close(4 [pid 6124] <... mkdir resumed>) = 0 [pid 6125] <... close resumed>) = 0 [pid 6125] mkdir("./file0", 0777) = 0 [pid 6124] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6122] <... ioctl resumed>) = 0 [ 127.065636][ T6124] loop0: detected capacity change from 0 to 32768 [ 127.073469][ T6125] loop2: detected capacity change from 0 to 32768 [ 127.084283][ T6122] loop4: detected capacity change from 0 to 32768 [pid 6125] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6122] close(3) = 0 [pid 6122] close(4) = 0 [pid 6122] mkdir("./file0", 0777) = 0 [ 127.122964][ T6124] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6124) [pid 6122] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6123] <... write resumed>) = 16777216 [ 127.173212][ T6125] BTRFS: device /dev/loop2 (7:2) using temp-fsid aea83786-d4e5-4ba6-a628-fc3009b3c9c3 [ 127.188369][ T6124] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6123] munmap(0x7f362be00000, 138412032) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_SET_FD, 3) = 0 [ 127.229698][ T6125] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6125) [ 127.247466][ T6124] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 127.259711][ T6124] BTRFS info (device loop0): using free-space-tree [ 127.267299][ T6123] loop1: detected capacity change from 0 to 32768 [pid 6123] close(3) = 0 [pid 6123] close(4) = 0 [pid 6123] mkdir("./file0", 0777) = 0 [ 127.277145][ T6122] BTRFS: device /dev/loop4 (7:4) using temp-fsid 0ac92da1-a6c4-4c81-ad55-9ace47bf1304 [ 127.289593][ T6122] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6122) [ 127.303591][ T6125] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6123] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6126] <... write resumed>) = 16777216 [ 127.349021][ T6122] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 127.360455][ T6123] BTRFS: device /dev/loop1 (7:1) using temp-fsid 74f04413-a9ed-423e-a025-28d13cff0f0d [ 127.389472][ T6125] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 127.409246][ T6123] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6123) [ 127.419519][ T6122] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 6126] munmap(0x7f362be00000, 138412032) = 0 [pid 6126] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 127.459521][ T6125] BTRFS info (device loop2): using free-space-tree [ 127.472680][ T6123] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 127.491158][ T6126] loop3: detected capacity change from 0 to 32768 [ 127.499420][ T6123] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 6126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6126] close(3) = 0 [pid 6126] close(4) = 0 [pid 6124] <... mount resumed>) = 0 [pid 6126] mkdir("./file0", 0777) = 0 [pid 6126] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 127.510325][ T6123] BTRFS info (device loop1): using free-space-tree [ 127.518425][ T6122] BTRFS info (device loop4): using free-space-tree [pid 6124] chdir("./file0") = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6124] ioctl(4, LOOP_CLR_FD) = 0 [pid 6124] close(4) = 0 [pid 6124] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6124] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6124] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6124] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6124] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6124] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6124] exit_group(0) = ? [pid 6124] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=27 /* 0.27 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./3/binderfs") = 0 [ 127.568003][ T6126] BTRFS: device /dev/loop3 (7:3) using temp-fsid 69af57b9-a8b2-41a0-832c-40c7acd83cbc [ 127.591255][ T6126] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6126) [ 127.632963][ T6126] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 127.642133][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 127.679967][ T6126] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 127.691328][ T6126] BTRFS info (device loop3): using free-space-tree [pid 5848] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6125] <... mount resumed>) = 0 [pid 6125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6125] chdir("./file0") = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6125] ioctl(4, LOOP_CLR_FD) = 0 [pid 6125] close(4) = 0 [pid 6125] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6125] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6125] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6125] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6125] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6125] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6125] exit_group(0) = ? [pid 6125] +++ exited with 0 +++ [pid 6123] <... mount resumed>) = 0 [pid 6123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6125, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=20 /* 0.20 s */} --- [pid 6123] <... openat resumed>) = 3 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 6123] chdir("./file0") = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_CLR_FD) = 0 [pid 6123] close(4) = 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 6123] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5850] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6123] <... openat resumed>) = 4 [pid 5850] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6123] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6123] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5850] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./3/binderfs") = 0 [pid 5850] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6123] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6123] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6123] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6123] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6123] exit_group(0) = ? [pid 6123] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./3/binderfs") = 0 [pid 5849] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6122] <... mount resumed>) = 0 [pid 6126] <... mount resumed>) = 0 [pid 6122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6122] <... openat resumed>) = 3 [pid 6126] chdir("./file0" [pid 6122] chdir("./file0" [pid 6126] <... chdir resumed>) = 0 [pid 6126] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6122] <... chdir resumed>) = 0 [pid 6126] <... openat resumed>) = 4 [pid 6122] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6126] ioctl(4, LOOP_CLR_FD [pid 6122] <... openat resumed>) = 4 [pid 6126] <... ioctl resumed>) = 0 [pid 6122] ioctl(4, LOOP_CLR_FD [pid 6126] close(4 [pid 6122] <... ioctl resumed>) = 0 [pid 6126] <... close resumed>) = 0 [pid 6122] close(4 [pid 6126] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6122] <... close resumed>) = 0 [pid 6122] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6126] <... openat resumed>) = 4 [pid 6122] <... openat resumed>) = 4 [pid 6126] ioctl(-1, SIOCGIFINDEX, NULL [pid 6122] ioctl(-1, SIOCGIFINDEX, NULL [pid 6126] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6122] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6126] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6122] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6122] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6126] <... write resumed>) = 280 [pid 6122] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6126] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6122] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6126] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6122] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6126] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6122] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 6126] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6122] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6126] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6126] exit_group(0) = ? [pid 6122] exit_group(0) = ? [ 127.984433][ T5850] BTRFS info (device loop2): last unmount of filesystem aea83786-d4e5-4ba6-a628-fc3009b3c9c3 [pid 6126] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 5852] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6126, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./3/binderfs") = 0 [pid 5852] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./3/binderfs") = 0 [ 128.040089][ T5849] BTRFS info (device loop1): last unmount of filesystem 74f04413-a9ed-423e-a025-28d13cff0f0d [ 128.095361][ T5852] BTRFS info (device loop4): last unmount of filesystem 0ac92da1-a6c4-4c81-ad55-9ace47bf1304 [ 128.131243][ T5851] BTRFS info (device loop3): last unmount of filesystem 69af57b9-a8b2-41a0-832c-40c7acd83cbc [pid 5851] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 5849] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./3/file0", [pid 5849] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 5852] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] getdents64(4, [pid 5852] <... openat resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] newfstatat(4, "", [pid 5849] getdents64(4, [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] getdents64(4, [pid 5849] close(4 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... close resumed>) = 0 [pid 5852] getdents64(4, [pid 5849] rmdir("./3/file0" [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5852] close(4 [pid 5849] getdents64(3, [pid 5852] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] rmdir("./3/file0" [pid 5849] close(3 [pid 5852] <... rmdir resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5852] getdents64(3, [pid 5849] rmdir("./3" [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5852] close(3 [pid 5849] mkdir("./4", 0777 [pid 5852] <... close resumed>) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5852] rmdir("./3") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5852] mkdir("./4", 0777 [pid 5849] <... openat resumed>) = 3 [pid 5852] <... mkdir resumed>) = 0 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3 [pid 5848] <... umount2 resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5849] <... close resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6211 attached , child_tidptr=0x55558aa90650) = 6211 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6210 [pid 6211] set_robust_list(0x55558aa90660, 24) = 0 [pid 6211] chdir("./4") = 0 [pid 6211] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 6210 attached ) = 0 [pid 5848] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6211] setpgid(0, 0) = 0 [pid 6211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6210] set_robust_list(0x55558aa90660, 24 [pid 5848] newfstatat(AT_FDCWD, "./3/file0", [pid 6210] <... set_robust_list resumed>) = 0 [pid 6211] <... openat resumed>) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6210] chdir("./4") = 0 [pid 6211] write(3, "1000", 4) = 4 [pid 6211] close(3) = 0 [pid 6211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6211] write(1, "executing program\n", 18 [pid 6210] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 6211] <... write resumed>) = 18 [pid 6211] memfd_create("syzkaller", 0 [pid 6210] <... prctl resumed>) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 6210] setpgid(0, 0 [pid 5851] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6211] <... memfd_create resumed>) = 3 [pid 5848] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6211] <... mmap resumed>) = 0x7f362be00000 [pid 5848] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 6210] <... setpgid resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 6210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6210] <... openat resumed>) = 3 [pid 5851] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./3/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./3" [pid 6210] write(3, "1000", 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./4", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5851] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6210] <... write resumed>) = 4 [pid 6210] close(3 [pid 5851] <... openat resumed>) = 4 [pid 6210] <... close resumed>) = 0 [pid 5851] newfstatat(4, "", [pid 6210] symlink("/dev/binderfs", "./binderfs" [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6210] <... symlink resumed>) = 0 [pid 5851] getdents64(4, [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6210] write(1, "executing program\n", 18 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6210] <... write resumed>) = 18 [pid 5851] getdents64(4, [pid 6210] memfd_create("syzkaller", 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6210] <... memfd_create resumed>) = 3 [pid 5851] close(4./strace-static-x86_64: Process 6212 attached ) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6212 [pid 5851] rmdir("./3/file0" [pid 6210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... rmdir resumed>) = 0 [pid 6210] <... mmap resumed>) = 0x7f362be00000 [pid 5851] getdents64(3, [pid 6212] set_robust_list(0x55558aa90660, 24 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6212] <... set_robust_list resumed>) = 0 [pid 6212] chdir("./4") = 0 [pid 6212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6212] setpgid(0, 0) = 0 [pid 6212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6212] write(3, "1000", 4) = 4 [pid 6212] close(3) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./3" [pid 6212] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6212] write(1, "executing program\n", 18) = 18 [pid 6212] memfd_create("syzkaller", 0) = 3 [pid 5851] <... rmdir resumed>) = 0 [pid 6212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] mkdir("./4", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6213 ./strace-static-x86_64: Process 6213 attached [pid 6213] set_robust_list(0x55558aa90660, 24) = 0 [pid 6213] chdir("./4") = 0 [pid 6213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6213] setpgid(0, 0) = 0 [pid 6213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6213] write(3, "1000", 4) = 4 [pid 6213] close(3) = 0 [pid 6213] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6213] write(1, "executing program\n", 18) = 18 [pid 6213] memfd_create("syzkaller", 0) = 3 [pid 6213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./3/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./3") = 0 [pid 5850] mkdir("./4", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6214 attached , child_tidptr=0x55558aa90650) = 6214 [pid 6214] set_robust_list(0x55558aa90660, 24) = 0 [pid 6214] chdir("./4") = 0 [pid 6214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6214] setpgid(0, 0) = 0 [pid 6214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6214] write(3, "1000", 4) = 4 [pid 6214] close(3) = 0 [pid 6214] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6214] write(1, "executing program\n", 18) = 18 [pid 6214] memfd_create("syzkaller", 0) = 3 [pid 6214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6210] <... write resumed>) = 16777216 [pid 6210] munmap(0x7f362be00000, 138412032) = 0 [pid 6212] <... write resumed>) = 16777216 [pid 6210] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6212] munmap(0x7f362be00000, 138412032 [pid 6210] <... openat resumed>) = 4 [pid 6210] ioctl(4, LOOP_SET_FD, 3 [pid 6211] <... write resumed>) = 16777216 [pid 6211] munmap(0x7f362be00000, 138412032) = 0 [pid 6210] <... ioctl resumed>) = 0 [pid 6212] <... munmap resumed>) = 0 [pid 6210] close(3 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6210] <... close resumed>) = 0 [pid 6212] <... openat resumed>) = 4 [pid 6210] close(4 [pid 6212] ioctl(4, LOOP_SET_FD, 3 [pid 6211] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6210] <... close resumed>) = 0 [pid 6211] <... openat resumed>) = 4 [pid 6211] ioctl(4, LOOP_SET_FD, 3 [pid 6210] mkdir("./file0", 0777) = 0 [ 129.379749][ T6210] loop1: detected capacity change from 0 to 32768 [ 129.410173][ T6212] loop0: detected capacity change from 0 to 32768 [ 129.411630][ T6211] loop4: detected capacity change from 0 to 32768 [pid 6210] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6211] <... ioctl resumed>) = 0 [pid 6211] close(3) = 0 [pid 6211] close(4) = 0 [pid 6211] mkdir("./file0", 0777 [pid 6212] <... ioctl resumed>) = 0 [pid 6211] <... mkdir resumed>) = 0 [pid 6212] close(3 [pid 6211] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6212] <... close resumed>) = 0 [pid 6212] close(4) = 0 [pid 6212] mkdir("./file0", 0777) = 0 [pid 6212] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6213] <... write resumed>) = 16777216 [ 129.440270][ T6210] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6210) [ 129.487025][ T6211] BTRFS: device /dev/loop4 (7:4) using temp-fsid bcb956f5-e3e4-44db-9ec0-2af22ae102c2 [ 129.500842][ T6210] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 129.521810][ T6211] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6211) [pid 6213] munmap(0x7f362be00000, 138412032) = 0 [pid 6213] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6213] close(3) = 0 [pid 6213] close(4) = 0 [pid 6213] mkdir("./file0", 0777) = 0 [ 129.535600][ T6210] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 129.546827][ T6213] loop3: detected capacity change from 0 to 32768 [ 129.562281][ T6210] BTRFS info (device loop1): using free-space-tree [pid 6213] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6214] <... write resumed>) = 16777216 [pid 6214] munmap(0x7f362be00000, 138412032) = 0 [ 129.592230][ T6212] BTRFS: device /dev/loop0 (7:0) using temp-fsid adf79390-b213-4866-8952-6189acde8a60 [ 129.611882][ T6211] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6214] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6214] close(3) = 0 [pid 6214] close(4) = 0 [ 129.651797][ T6212] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6212) [ 129.666334][ T6214] loop2: detected capacity change from 0 to 32768 [ 129.668524][ T6211] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 6214] mkdir("./file0", 0777) = 0 [ 129.700002][ T6211] BTRFS info (device loop4): using free-space-tree [ 129.709694][ T6213] BTRFS: device /dev/loop3 (7:3) using temp-fsid 71adcae9-b287-410a-993e-ff365a25d114 [ 129.729496][ T6212] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 129.732271][ T6213] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6213) [ 129.759327][ T6212] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 129.780355][ T6214] BTRFS: device /dev/loop2 (7:2) using temp-fsid c54ae2eb-af26-4bc1-830d-f695288e07a0 [pid 6214] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6210] <... mount resumed>) = 0 [pid 6210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6210] chdir("./file0") = 0 [pid 6210] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6210] ioctl(4, LOOP_CLR_FD) = 0 [pid 6210] close(4) = 0 [pid 6210] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 129.799659][ T6212] BTRFS info (device loop0): using free-space-tree [ 129.811717][ T6214] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6214) [pid 6210] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6210] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6210] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6210] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6210] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6210] exit_group(0) = ? [ 129.860491][ T6213] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 129.875318][ T6214] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 129.897464][ T6214] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 6210] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6210, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=32 /* 0.32 s */} --- [pid 5849] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./4/binderfs") = 0 [ 129.943784][ T6214] BTRFS info (device loop2): using free-space-tree [ 129.969307][ T6213] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 129.979031][ T6213] BTRFS info (device loop3): using free-space-tree [pid 5849] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6211] <... mount resumed>) = 0 [pid 6211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6211] chdir("./file0") = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6211] ioctl(4, LOOP_CLR_FD) = 0 [pid 6211] close(4) = 0 [pid 6211] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6211] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6211] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6211] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6211] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6211] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6211] exit_group(0) = ? [pid 6211] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6211, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=26 /* 0.26 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./4/binderfs") = 0 [ 130.124677][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6212] <... mount resumed>) = 0 [pid 6212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6212] chdir("./file0") = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6212] ioctl(4, LOOP_CLR_FD) = 0 [pid 6212] close(4) = 0 [pid 6212] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6212] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6212] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6212] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6212] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6212] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6212] exit_group(0) = ? [pid 6212] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6212, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=22 /* 0.22 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.214269][ T5852] BTRFS info (device loop4): last unmount of filesystem bcb956f5-e3e4-44db-9ec0-2af22ae102c2 [pid 5848] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./4/binderfs") = 0 [pid 5848] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6214] <... mount resumed>) = 0 [pid 6214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6214] chdir("./file0") = 0 [pid 6214] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6214] ioctl(4, LOOP_CLR_FD) = 0 [pid 6214] close(4) = 0 [pid 6214] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6214] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6214] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6214] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6214] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6214] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6214] exit_group(0) = ? [pid 6214] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6214, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./4/binderfs") = 0 [pid 5850] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6213] <... mount resumed>) = 0 [pid 6213] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6213] chdir("./file0") = 0 [pid 6213] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6213] ioctl(4, LOOP_CLR_FD) = 0 [pid 6213] close(4) = 0 [pid 6213] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 130.371012][ T5848] BTRFS info (device loop0): last unmount of filesystem adf79390-b213-4866-8952-6189acde8a60 [pid 6213] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6213] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6213] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6213] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6213] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6213] exit_group(0) = ? [pid 6213] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6213, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 130.448096][ T5850] BTRFS info (device loop2): last unmount of filesystem c54ae2eb-af26-4bc1-830d-f695288e07a0 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./4/binderfs") = 0 [pid 5851] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./4/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./4") = 0 [pid 5849] mkdir("./5", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6297 ./strace-static-x86_64: Process 6297 attached executing program [pid 6297] set_robust_list(0x55558aa90660, 24) = 0 [pid 6297] chdir("./5") = 0 [pid 6297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6297] setpgid(0, 0) = 0 [pid 6297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6297] write(3, "1000", 4) = 4 [pid 6297] close(3) = 0 [pid 6297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6297] write(1, "executing program\n", 18) = 18 [pid 6297] memfd_create("syzkaller", 0) = 3 [pid 6297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [ 130.604853][ T5851] BTRFS info (device loop3): last unmount of filesystem 71adcae9-b287-410a-993e-ff365a25d114 [pid 5852] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./4/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./4") = 0 [pid 5852] mkdir("./5", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3 [pid 5851] <... umount2 resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5851] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./4/file0", ./strace-static-x86_64: Process 6298 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6298] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6298 [pid 5851] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6298] <... set_robust_list resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6298] chdir("./5" [pid 5851] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6298] <... chdir resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 6298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] newfstatat(4, "", [pid 6298] setpgid(0, 0) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] getdents64(4, [pid 5848] <... umount2 resumed>) = 0 [pid 6298] <... openat resumed>) = 3 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] getdents64(4, [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 5848] newfstatat(AT_FDCWD, "./4/file0", [pid 5851] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] rmdir("./4/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5848] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6298] write(3, "1000", 4 [pid 5851] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6298] <... write resumed>) = 4 [pid 5851] rmdir("./4" [pid 5848] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6298] close(3 [pid 5851] <... rmdir resumed>) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5851] mkdir("./5", 0777 [pid 6298] <... close resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 5851] <... mkdir resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6298] symlink("/dev/binderfs", "./binderfs" [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] getdents64(4, [pid 6298] <... symlink resumed>) = 0 [pid 6298] write(1, "executing program\n", 18 [pid 5851] <... openat resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 executing program [pid 6298] <... write resumed>) = 18 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5848] getdents64(4, [pid 5851] <... ioctl resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6298] memfd_create("syzkaller", 0 [pid 5851] close(3 [pid 5848] close(4 [pid 5851] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6299 attached [pid 5848] rmdir("./4/file0" [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 6299 [pid 5848] <... rmdir resumed>) = 0 [pid 6299] set_robust_list(0x55558aa90660, 24 [pid 6298] <... memfd_create resumed>) = 3 [pid 5848] getdents64(3, [pid 6299] <... set_robust_list resumed>) = 0 [pid 6298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6299] chdir("./5" [pid 6298] <... mmap resumed>) = 0x7f362be00000 [pid 5848] close(3 [pid 6299] <... chdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 6299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] rmdir("./4" [pid 6299] <... prctl resumed>) = 0 [pid 6299] setpgid(0, 0 [pid 5848] <... rmdir resumed>) = 0 [pid 6299] <... setpgid resumed>) = 0 [pid 6299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] mkdir("./5", 0777 [pid 6299] <... openat resumed>) = 3 [pid 6299] write(3, "1000", 4 [pid 5848] <... mkdir resumed>) = 0 [pid 6299] <... write resumed>) = 4 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6299] close(3 [pid 5848] <... openat resumed>) = 3 executing program [pid 6299] <... close resumed>) = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 6299] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6299] <... symlink resumed>) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6300 attached [pid 6299] write(1, "executing program\n", 18 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6300 [pid 5850] <... umount2 resumed>) = 0 [pid 6300] set_robust_list(0x55558aa90660, 24 [pid 6299] <... write resumed>) = 18 [pid 6300] <... set_robust_list resumed>) = 0 [pid 6300] chdir("./5" [pid 6299] memfd_create("syzkaller", 0 [pid 6300] <... chdir resumed>) = 0 [pid 6299] <... memfd_create resumed>) = 3 [pid 6300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6300] setpgid(0, 0) = 0 [pid 5850] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./4/file0", [pid 6300] <... openat resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6300] write(3, "1000", 4 [pid 6299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6300] <... write resumed>) = 4 [pid 6300] close(3) = 0 [pid 6299] <... mmap resumed>) = 0x7f362be00000 [pid 5850] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6300] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./4/file0"executing program [pid 6300] <... symlink resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 6300] write(1, "executing program\n", 18 [pid 5850] getdents64(3, [pid 6300] <... write resumed>) = 18 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6300] memfd_create("syzkaller", 0 [pid 5850] close(3 [pid 6300] <... memfd_create resumed>) = 3 [pid 5850] <... close resumed>) = 0 [pid 6300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] rmdir("./4" [pid 6300] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... rmdir resumed>) = 0 [pid 5850] mkdir("./5", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6301 attached , child_tidptr=0x55558aa90650) = 6301 [pid 6301] set_robust_list(0x55558aa90660, 24) = 0 [pid 6301] chdir("./5") = 0 [pid 6301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6301] setpgid(0, 0) = 0 [pid 6301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6301] write(3, "1000", 4) = 4 [pid 6301] close(3) = 0 [pid 6301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6301] write(1, "executing program\n", 18executing program ) = 18 [pid 6301] memfd_create("syzkaller", 0) = 3 [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6297] <... write resumed>) = 16777216 [pid 6297] munmap(0x7f362be00000, 138412032) = 0 [pid 6297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6297] ioctl(4, LOOP_SET_FD, 3 [pid 6298] <... write resumed>) = 16777216 [pid 6297] <... ioctl resumed>) = 0 [pid 6298] munmap(0x7f362be00000, 138412032 [pid 6297] close(3) = 0 [pid 6297] close(4) = 0 [ 131.605523][ T6297] loop1: detected capacity change from 0 to 32768 [pid 6297] mkdir("./file0", 0777) = 0 [pid 6297] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6298] <... munmap resumed>) = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6298] ioctl(4, LOOP_SET_FD, 3 [pid 6299] <... write resumed>) = 16777216 [pid 6298] <... ioctl resumed>) = 0 [ 131.660467][ T6297] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6297) [ 131.686967][ T6298] loop4: detected capacity change from 0 to 32768 [pid 6298] close(3 [pid 6299] munmap(0x7f362be00000, 138412032 [pid 6298] <... close resumed>) = 0 [pid 6298] close(4) = 0 [pid 6298] mkdir("./file0", 0777 [pid 6299] <... munmap resumed>) = 0 [pid 6298] <... mkdir resumed>) = 0 [ 131.705602][ T6297] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6298] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6299] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 131.741515][ T6298] BTRFS: device /dev/loop4 (7:4) using temp-fsid 13288124-fd23-465a-8f2f-6c3a95771e77 [ 131.763452][ T6297] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 131.773982][ T6299] loop3: detected capacity change from 0 to 32768 [pid 6299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6299] close(3) = 0 [pid 6299] close(4) = 0 [pid 6299] mkdir("./file0", 0777) = 0 [pid 6299] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6300] <... write resumed>) = 16777216 [ 131.781879][ T6298] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6298) [ 131.800481][ T6297] BTRFS info (device loop1): using free-space-tree [ 131.828961][ T6299] BTRFS: device /dev/loop3 (7:3) using temp-fsid 2e7cb0b0-82f8-434a-ab87-2a5d2b2e628d [pid 6300] munmap(0x7f362be00000, 138412032 [pid 6301] <... write resumed>) = 16777216 [pid 6300] <... munmap resumed>) = 0 [pid 6300] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6301] munmap(0x7f362be00000, 138412032 [pid 6300] <... openat resumed>) = 4 [ 131.859561][ T6298] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 131.860872][ T6299] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6299) [pid 6300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6300] close(3) = 0 [pid 6300] close(4) = 0 [pid 6300] mkdir("./file0", 0777 [pid 6301] <... munmap resumed>) = 0 [pid 6300] <... mkdir resumed>) = 0 [pid 6301] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 131.900255][ T6300] loop0: detected capacity change from 0 to 32768 [ 131.917467][ T6298] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 6301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6300] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6301] close(3) = 0 [pid 6301] close(4) = 0 [pid 6301] mkdir("./file0", 0777) = 0 [ 131.950858][ T6301] loop2: detected capacity change from 0 to 32768 [pid 6301] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6297] <... mount resumed>) = 0 [pid 6297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6297] chdir("./file0") = 0 [ 131.994322][ T6298] BTRFS info (device loop4): using free-space-tree [ 132.011757][ T6299] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 132.029666][ T6300] BTRFS: device /dev/loop0 (7:0) using temp-fsid 038a1e05-7715-40d0-bd55-f2e7d03fb8b9 [pid 6297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6297] ioctl(4, LOOP_CLR_FD) = 0 [pid 6297] close(4) = 0 [pid 6297] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6297] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6297] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6297] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6297] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 132.071849][ T6299] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 132.083807][ T6300] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6300) [pid 6297] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6297] exit_group(0) = ? [pid 6297] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6297, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 132.137108][ T6299] BTRFS info (device loop3): using free-space-tree [ 132.137120][ T6301] BTRFS: device /dev/loop2 (7:2) using temp-fsid 1a2380eb-ff4d-4c30-8d21-45e35132288b [ 132.137155][ T6301] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6301) [ 132.171682][ T6300] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./5/binderfs") = 0 [ 132.183630][ T6300] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 132.194480][ T6300] BTRFS info (device loop0): using free-space-tree [ 132.209699][ T6301] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 132.222652][ T6301] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 132.252847][ T6301] BTRFS info (device loop2): using free-space-tree [ 132.270290][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6298] <... mount resumed>) = 0 [pid 6298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6298] chdir("./file0") = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6298] ioctl(4, LOOP_CLR_FD) = 0 [pid 6298] close(4) = 0 [pid 6298] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6298] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6298] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6298] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6298] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6298] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6298] exit_group(0) = ? [pid 6298] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6298, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=38 /* 0.38 s */} --- [pid 5852] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./5/binderfs") = 0 [pid 5852] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6299] <... mount resumed>) = 0 [pid 6299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6299] chdir("./file0") = 0 [pid 6299] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6299] ioctl(4, LOOP_CLR_FD) = 0 [pid 6299] close(4) = 0 [pid 6299] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 132.491519][ T5852] BTRFS info (device loop4): last unmount of filesystem 13288124-fd23-465a-8f2f-6c3a95771e77 [pid 6299] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6299] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6299] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6299] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6299] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6299] exit_group(0) = ? [pid 6299] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6299, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=21 /* 0.21 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./5/binderfs") = 0 [pid 5851] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6300] <... mount resumed>) = 0 [pid 6300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6300] chdir("./file0") = 0 [pid 6300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6300] ioctl(4, LOOP_CLR_FD [pid 6301] <... mount resumed>) = 0 [pid 6301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6301] chdir("./file0") = 0 [pid 6301] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6300] <... ioctl resumed>) = 0 [pid 6300] close(4) = 0 [pid 6301] <... openat resumed>) = 4 [pid 6300] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... umount2 resumed>) = 0 [pid 6300] <... openat resumed>) = 4 [pid 6300] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6300] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6301] ioctl(4, LOOP_CLR_FD [pid 6300] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6301] <... ioctl resumed>) = 0 [pid 6300] <... write resumed>) = 280 [pid 5849] newfstatat(AT_FDCWD, "./5/file0", [pid 6300] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6301] close(4 [pid 6300] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6300] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5849] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6301] <... close resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 132.649221][ T5851] BTRFS info (device loop3): last unmount of filesystem 2e7cb0b0-82f8-434a-ab87-2a5d2b2e628d [pid 6301] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6300] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... umount2 resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6300] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 6301] ioctl(-1, SIOCGIFINDEX, NULL [pid 6300] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 4 [pid 6301] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6300] exit_group(0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(4, "", [pid 6300] <... exit_group resumed>) = ? [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6301] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] newfstatat(AT_FDCWD, "./5/file0", [pid 6301] <... write resumed>) = 280 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6301] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6300] +++ exited with 0 +++ [pid 5852] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] getdents64(4, [pid 6301] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6301] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6300, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=25 /* 0.25 s */} --- [pid 6301] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... openat resumed>) = 4 [pid 5849] getdents64(4, [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 6301] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] newfstatat(4, "", [pid 6301] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6301] exit_group(0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6301] <... exit_group resumed>) = ? [pid 5852] getdents64(4, [pid 6301] +++ exited with 0 +++ [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6301, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5852] close(4 [pid 5849] close(4 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./5/file0" [pid 5849] <... close resumed>) = 0 [pid 5850] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] rmdir("./5/file0" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] close(3 [pid 5850] <... openat resumed>) = 3 [pid 5849] getdents64(3, [pid 5848] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] newfstatat(3, "", [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] close(3 [pid 5848] newfstatat(3, "", [pid 5850] getdents64(3, [pid 5849] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... close resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] rmdir("./5" [pid 5848] getdents64(3, [pid 5852] rmdir("./5" [pid 5850] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... rmdir resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] mkdir("./6", 0777 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] mkdir("./6", 0777 [pid 5848] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... mkdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5849] <... mkdir resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5850] unlink("./5/binderfs" [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5850] <... unlink resumed>) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5850] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] close(3 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] unlink("./5/binderfs"./strace-static-x86_64: Process 6384 attached ) = 0 [pid 5849] <... openat resumed>) = 3 [pid 6384] set_robust_list(0x55558aa90660, 24 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6384] <... set_robust_list resumed>) = 0 [pid 5849] close(3) = 0 [pid 6384] chdir("./6") = 0 [pid 6384] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6384] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 6385 attached [pid 6384] setpgid(0, 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6384 [pid 6385] set_robust_list(0x55558aa90660, 24 [pid 6384] <... setpgid resumed>) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6385 [pid 6385] <... set_robust_list resumed>) = 0 [pid 6385] chdir("./6" [pid 6384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6385] <... chdir resumed>) = 0 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6384] <... openat resumed>) = 3 [pid 6385] <... prctl resumed>) = 0 [pid 6384] write(3, "1000", 4 [pid 6385] setpgid(0, 0 [pid 6384] <... write resumed>) = 4 [pid 6385] <... setpgid resumed>) = 0 [pid 6384] close(3 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6384] <... close resumed>) = 0 executing program [pid 6385] <... openat resumed>) = 3 [pid 6384] symlink("/dev/binderfs", "./binderfs" [pid 6385] write(3, "1000", 4 [pid 6384] <... symlink resumed>) = 0 [pid 6385] <... write resumed>) = 4 [pid 6384] write(1, "executing program\n", 18 [pid 6385] close(3 [pid 6384] <... write resumed>) = 18 [pid 6385] <... close resumed>) = 0 [pid 6384] memfd_create("syzkaller", 0 [pid 6385] symlink("/dev/binderfs", "./binderfs" [pid 6384] <... memfd_create resumed>) = 3 [pid 6385] <... symlink resumed>) = 0 [pid 6384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 executing program [pid 6385] write(1, "executing program\n", 18) = 18 [pid 6385] memfd_create("syzkaller", 0) = 3 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 132.814839][ T5850] BTRFS info (device loop2): last unmount of filesystem 1a2380eb-ff4d-4c30-8d21-45e35132288b [ 132.839362][ T5848] BTRFS info (device loop0): last unmount of filesystem 038a1e05-7715-40d0-bd55-f2e7d03fb8b9 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./5/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./5") = 0 [pid 5851] mkdir("./6", 0777) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... openat resumed>) = 3 [pid 5850] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] close(3) = 0 [pid 5850] <... openat resumed>) = 4 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6387 attached [pid 6387] set_robust_list(0x55558aa90660, 24 [pid 5850] getdents64(4, [pid 6387] <... set_robust_list resumed>) = 0 [pid 6387] chdir("./6") = 0 [pid 6387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6387] setpgid(0, 0) = 0 executing program [pid 6387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 6387 [pid 6387] <... openat resumed>) = 3 [pid 6387] write(3, "1000", 4) = 4 [pid 6387] close(3) = 0 [pid 6387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6387] write(1, "executing program\n", 18) = 18 [pid 6387] memfd_create("syzkaller", 0) = 3 [pid 6387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./5/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./5") = 0 [pid 5850] mkdir("./6", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6388 attached , child_tidptr=0x55558aa90650) = 6388 [pid 6388] set_robust_list(0x55558aa90660, 24) = 0 [pid 6388] chdir("./6") = 0 [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6388] setpgid(0, 0) = 0 [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3) = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6388] write(1, "executing program\n", 18executing program ) = 18 [pid 6388] memfd_create("syzkaller", 0) = 3 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./5/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 6385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] rmdir("./5" [pid 6384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./6", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6389 attached , child_tidptr=0x55558aa90650) = 6389 [pid 6389] set_robust_list(0x55558aa90660, 24) = 0 [pid 6389] chdir("./6") = 0 [pid 6389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6389] setpgid(0, 0) = 0 [pid 6389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6389] write(3, "1000", 4) = 4 [pid 6389] close(3) = 0 [pid 6389] symlink("/dev/binderfs", "./binderfs" [pid 6387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6389] <... symlink resumed>) = 0 [pid 6389] write(1, "executing program\n", 18executing program ) = 18 [pid 6389] memfd_create("syzkaller", 0) = 3 [pid 6389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6384] <... write resumed>) = 16777216 [pid 6384] munmap(0x7f362be00000, 138412032) = 0 [pid 6384] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6384] ioctl(4, LOOP_SET_FD, 3 [pid 6385] <... write resumed>) = 16777216 [pid 6385] munmap(0x7f362be00000, 138412032 [pid 6384] <... ioctl resumed>) = 0 [pid 6384] close(3) = 0 [pid 6384] close(4) = 0 [pid 6384] mkdir("./file0", 0777) = 0 [pid 6384] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6385] <... munmap resumed>) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 133.921230][ T6384] loop4: detected capacity change from 0 to 32768 [ 133.951866][ T6384] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6384) [pid 6385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6387] <... write resumed>) = 16777216 [pid 6385] close(3) = 0 [pid 6385] close(4 [pid 6389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6387] munmap(0x7f362be00000, 138412032 [pid 6385] <... close resumed>) = 0 [pid 6385] mkdir("./file0", 0777) = 0 [ 133.991277][ T6385] loop1: detected capacity change from 0 to 32768 [ 133.999771][ T6384] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 134.019260][ T6384] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 6385] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6387] <... munmap resumed>) = 0 [pid 6387] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 134.048322][ T6384] BTRFS info (device loop4): using free-space-tree [ 134.049525][ T6385] BTRFS: device /dev/loop1 (7:1) using temp-fsid ac79d82c-dbe3-44e3-ac4b-8c56e55c1e08 [pid 6387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6387] close(3) = 0 [pid 6387] close(4) = 0 [pid 6387] mkdir("./file0", 0777) = 0 [pid 6387] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [ 134.094231][ T6387] loop3: detected capacity change from 0 to 32768 [ 134.104404][ T6385] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6385) [pid 6388] <... write resumed>) = 16777216 [pid 6388] munmap(0x7f362be00000, 138412032) = 0 [ 134.169692][ T6387] BTRFS: device /dev/loop3 (7:3) using temp-fsid aa53495c-1bd3-4e21-98e7-ca6b4805f528 [ 134.180080][ T6385] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6388] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 134.214695][ T6387] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6387) [ 134.220904][ T6388] loop2: detected capacity change from 0 to 32768 [ 134.235355][ T6385] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 6388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6384] <... mount resumed>) = 0 [pid 6388] close(3) = 0 [pid 6388] close(4) = 0 [pid 6384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6388] mkdir("./file0", 0777 [pid 6384] <... openat resumed>) = 3 [pid 6388] <... mkdir resumed>) = 0 [pid 6384] chdir("./file0" [pid 6388] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6384] <... chdir resumed>) = 0 [ 134.263642][ T6385] BTRFS info (device loop1): using free-space-tree [pid 6384] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6384] ioctl(4, LOOP_CLR_FD) = 0 [pid 6384] close(4) = 0 [pid 6384] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6384] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6384] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [ 134.298409][ T6387] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 134.299266][ T6388] BTRFS: device /dev/loop2 (7:2) using temp-fsid ad56777c-27d5-4ef1-943c-58f20afb25ef [ 134.331370][ T6387] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 6384] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6384] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6384] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6384] exit_group(0) = ? [pid 6384] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6384, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=22 /* 0.22 s */} --- [pid 5852] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./6/binderfs") = 0 [ 134.369053][ T6388] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6388) [ 134.394533][ T6387] BTRFS info (device loop3): using free-space-tree [ 134.456739][ T6388] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6389] <... write resumed>) = 16777216 [ 134.501770][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 134.509907][ T6388] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 6389] munmap(0x7f362be00000, 138412032) = 0 [pid 6385] <... mount resumed>) = 0 [pid 6385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6389] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6385] <... openat resumed>) = 3 [pid 6389] <... openat resumed>) = 4 [pid 6389] ioctl(4, LOOP_SET_FD, 3 [pid 6385] chdir("./file0") = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6385] ioctl(4, LOOP_CLR_FD) = 0 [pid 6385] close(4) = 0 [pid 6385] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6385] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... umount2 resumed>) = 0 [pid 6387] <... mount resumed>) = 0 [pid 6387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6387] <... openat resumed>) = 3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6387] chdir("./file0" [pid 5852] newfstatat(AT_FDCWD, "./6/file0", [pid 6387] <... chdir resumed>) = 0 [pid 6385] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6387] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6385] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6387] <... openat resumed>) = 4 [pid 6385] <... write resumed>) = 280 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6387] ioctl(4, LOOP_CLR_FD [pid 6385] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6387] <... ioctl resumed>) = 0 [pid 6385] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... openat resumed>) = 4 [pid 6387] close(4 [pid 6385] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] newfstatat(4, "", [pid 6387] <... close resumed>) = 0 [pid 6385] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6387] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6385] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] getdents64(4, [pid 6387] <... openat resumed>) = 4 [pid 6385] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6385] exit_group(0 [pid 5852] getdents64(4, [pid 6385] <... exit_group resumed>) = ? [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6389] <... ioctl resumed>) = 0 [pid 6385] +++ exited with 0 +++ [ 134.574092][ T6388] BTRFS info (device loop2): using free-space-tree [ 134.597132][ T6389] loop0: detected capacity change from 0 to 32768 [pid 5852] close(4 [pid 6389] close(3 [pid 5852] <... close resumed>) = 0 [pid 6389] <... close resumed>) = 0 [pid 6387] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] rmdir("./6/file0" [pid 6389] close(4 [pid 6387] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] <... rmdir resumed>) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=28 /* 0.28 s */} --- [pid 6389] <... close resumed>) = 0 [pid 6387] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] getdents64(3, [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 6389] mkdir("./file0", 0777 [pid 6387] <... write resumed>) = 280 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 6389] <... mkdir resumed>) = 0 [pid 6387] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] close(3 [pid 6387] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... close resumed>) = 0 [pid 5849] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6387] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] rmdir("./6" [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6387] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... rmdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6389] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6387] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] mkdir("./7", 0777 [pid 5849] <... openat resumed>) = 3 [pid 6387] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... mkdir resumed>) = 0 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 6387] exit_group(0 [pid 5849] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6387] <... exit_group resumed>) = ? [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6387] +++ exited with 0 +++ [pid 5849] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./6/binderfs" [pid 5852] <... openat resumed>) = 3 [pid 5849] <... unlink resumed>) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6387, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=25 /* 0.25 s */} --- [pid 5849] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... ioctl resumed>) = 0 [ 134.682495][ T6389] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6389) [pid 5852] close(3) = 0 [pid 5851] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6452 attached [pid 5851] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6452] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6452 [pid 5851] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./6/binderfs" [pid 6452] <... set_robust_list resumed>) = 0 [pid 6452] chdir("./7") = 0 [pid 5851] <... unlink resumed>) = 0 [pid 6452] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6452] <... prctl resumed>) = 0 [pid 6452] setpgid(0, 0) = 0 [pid 6452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6452] write(3, "1000", 4) = 4 [pid 6452] close(3) = 0 [ 134.760502][ T6389] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6452] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6452] write(1, "executing program\n", 18) = 18 [pid 6452] memfd_create("syzkaller", 0 [pid 6388] <... mount resumed>) = 0 [pid 6388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6388] chdir("./file0") = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6452] <... memfd_create resumed>) = 3 [pid 6388] ioctl(4, LOOP_CLR_FD) = 0 [ 134.801406][ T6389] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 134.836300][ T5849] BTRFS info (device loop1): last unmount of filesystem ac79d82c-dbe3-44e3-ac4b-8c56e55c1e08 [pid 6388] close(4 [pid 6452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6388] <... close resumed>) = 0 [pid 6388] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6452] <... mmap resumed>) = 0x7f362be00000 [pid 6388] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6388] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6388] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6388] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6388] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6388] exit_group(0) = ? [pid 6388] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./6/binderfs") = 0 [ 134.849851][ T5851] BTRFS info (device loop3): last unmount of filesystem aa53495c-1bd3-4e21-98e7-ca6b4805f528 [ 134.856132][ T6389] BTRFS info (device loop0): using free-space-tree [ 134.938180][ T5850] BTRFS info (device loop2): last unmount of filesystem ad56777c-27d5-4ef1-943c-58f20afb25ef [pid 5850] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./6/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./6" [pid 5850] <... umount2 resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5849] mkdir("./7", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5850] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] close(3 [pid 5850] newfstatat(AT_FDCWD, "./6/file0", [pid 5849] <... close resumed>) = 0 executing program [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6473 ./strace-static-x86_64: Process 6473 attached [pid 6473] set_robust_list(0x55558aa90660, 24) = 0 [pid 6473] chdir("./7") = 0 [pid 6473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6473] setpgid(0, 0) = 0 [pid 6473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6473] write(3, "1000", 4) = 4 [pid 6473] close(3) = 0 [pid 6473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6473] write(1, "executing program\n", 18) = 18 [pid 6473] memfd_create("syzkaller", 0) = 3 [pid 6473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6389] <... mount resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5850] <... openat resumed>) = 4 [pid 6389] <... openat resumed>) = 3 [pid 6389] chdir("./file0") = 0 [pid 6389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] newfstatat(4, "", [pid 6389] ioctl(4, LOOP_CLR_FD) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6389] close(4) = 0 [pid 6389] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5850] getdents64(4, [pid 6389] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6389] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6389] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6389] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6389] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6389] exit_group(0) = ? [pid 6389] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6389, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] close(4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] rmdir("./6/file0" [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 5850] <... rmdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] getdents64(3, [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5850] close(3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./6/binderfs") = 0 [pid 5848] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./6") = 0 [pid 5850] mkdir("./7", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6475 attached , child_tidptr=0x55558aa90650) = 6475 [pid 6475] set_robust_list(0x55558aa90660, 24) = 0 [pid 6475] chdir("./7") = 0 [ 135.286830][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6475] setpgid(0, 0) = 0 [pid 6475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6475] write(3, "1000", 4) = 4 [pid 6475] close(3) = 0 executing program [pid 6475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6475] write(1, "executing program\n", 18) = 18 [pid 6475] memfd_create("syzkaller", 0) = 3 [pid 6475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./6/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./6") = 0 [pid 5848] mkdir("./7", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3 [pid 5851] <... umount2 resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6476 ./strace-static-x86_64: Process 6476 attached [pid 6476] set_robust_list(0x55558aa90660, 24) = 0 [pid 5851] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6476] chdir("./7" [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6476] <... chdir resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./6/file0", [pid 6476] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6476] <... prctl resumed>) = 0 [pid 5851] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6476] setpgid(0, 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6476] <... setpgid resumed>) = 0 [pid 6476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6476] <... openat resumed>) = 3 [pid 5851] <... openat resumed>) = 4 [pid 6476] write(3, "1000", 4 [pid 5851] newfstatat(4, "", [pid 6476] <... write resumed>) = 4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6476] close(3 [pid 5851] getdents64(4, [pid 6476] <... close resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6476] symlink("/dev/binderfs", "./binderfs" [pid 5851] getdents64(4, [pid 6476] <... symlink resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6476] write(1, "executing program\n", 18 [pid 5851] close(4executing program [pid 6476] <... write resumed>) = 18 [pid 5851] <... close resumed>) = 0 [pid 6476] memfd_create("syzkaller", 0 [pid 5851] rmdir("./6/file0") = 0 [pid 5851] getdents64(3, [pid 6476] <... memfd_create resumed>) = 3 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 6476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... close resumed>) = 0 [pid 6476] <... mmap resumed>) = 0x7f362be00000 [pid 5851] rmdir("./6") = 0 [pid 5851] mkdir("./7", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6477 attached [pid 6477] set_robust_list(0x55558aa90660, 24) = 0 [pid 6477] chdir("./7" [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 6477 [pid 6477] <... chdir resumed>) = 0 [pid 6477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6477] setpgid(0, 0) = 0 [pid 6477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6477] write(3, "1000", 4) = 4 [pid 6477] close(3) = 0 [pid 6477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6477] write(1, "executing program\n", 18executing program ) = 18 [pid 6477] memfd_create("syzkaller", 0) = 3 [pid 6477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6452] <... write resumed>) = 16777216 [pid 6452] munmap(0x7f362be00000, 138412032) = 0 [pid 6452] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6452] ioctl(4, LOOP_SET_FD, 3 [pid 6476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6452] <... ioctl resumed>) = 0 [pid 6452] close(3) = 0 [pid 6452] close(4) = 0 [pid 6452] mkdir("./file0", 0777) = 0 [ 136.063241][ T6452] loop4: detected capacity change from 0 to 32768 [pid 6452] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [ 136.121842][ T6452] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6452) [pid 6477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6473] <... write resumed>) = 16777216 [ 136.218418][ T6452] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 136.276815][ T6452] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 6473] munmap(0x7f362be00000, 138412032) = 0 [pid 6473] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6473] close(3) = 0 [pid 6473] close(4) = 0 [pid 6473] mkdir("./file0", 0777) = 0 [ 136.319330][ T6452] BTRFS info (device loop4): using free-space-tree [ 136.331821][ T6473] loop1: detected capacity change from 0 to 32768 [pid 6473] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6475] <... write resumed>) = 16777216 [ 136.389463][ T6473] BTRFS: device /dev/loop1 (7:1) using temp-fsid 1e697b10-088e-4cac-b6b3-b8e607b33d00 [ 136.399313][ T6473] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6473) [pid 6475] munmap(0x7f362be00000, 138412032) = 0 [pid 6475] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6475] ioctl(4, LOOP_SET_FD, 3 [pid 6477] <... write resumed>) = 16777216 [ 136.470761][ T6473] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 136.472668][ T6475] loop2: detected capacity change from 0 to 32768 [pid 6477] munmap(0x7f362be00000, 138412032 [pid 6475] <... ioctl resumed>) = 0 [pid 6475] close(3 [pid 6477] <... munmap resumed>) = 0 [pid 6475] <... close resumed>) = 0 [pid 6477] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6476] <... write resumed>) = 16777216 [pid 6475] close(4 [pid 6476] munmap(0x7f362be00000, 138412032 [pid 6477] <... openat resumed>) = 4 [pid 6475] <... close resumed>) = 0 [ 136.521575][ T6473] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 136.557438][ T6473] BTRFS info (device loop1): using free-space-tree [pid 6477] ioctl(4, LOOP_SET_FD, 3 [pid 6475] mkdir("./file0", 0777 [pid 6477] <... ioctl resumed>) = 0 [pid 6476] <... munmap resumed>) = 0 [pid 6475] <... mkdir resumed>) = 0 [pid 6476] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6475] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6476] <... openat resumed>) = 4 [pid 6476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6452] <... mount resumed>) = 0 [pid 6476] close(3) = 0 [pid 6476] close(4) = 0 [pid 6452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6476] mkdir("./file0", 0777 [pid 6452] <... openat resumed>) = 3 [pid 6477] close(3 [pid 6476] <... mkdir resumed>) = 0 [pid 6452] chdir("./file0" [pid 6477] <... close resumed>) = 0 [pid 6452] <... chdir resumed>) = 0 [pid 6477] close(4 [pid 6452] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6477] <... close resumed>) = 0 [pid 6452] <... openat resumed>) = 4 [pid 6477] mkdir("./file0", 0777 [pid 6452] ioctl(4, LOOP_CLR_FD [pid 6477] <... mkdir resumed>) = 0 [pid 6452] <... ioctl resumed>) = 0 [pid 6477] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6452] close(4) = 0 [pid 6476] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6452] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6452] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6452] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6452] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6452] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6452] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6452] exit_group(0) = ? [pid 6452] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6452, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=24 /* 0.24 s */} --- [ 136.582006][ T6477] loop3: detected capacity change from 0 to 32768 [ 136.591584][ T6476] loop0: detected capacity change from 0 to 32768 [ 136.601928][ T6475] BTRFS: device /dev/loop2 (7:2) using temp-fsid 0bf30b17-1422-4f7b-8b1a-40a9bafdc2bb [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./7/binderfs") = 0 [ 136.648981][ T6475] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6475) [ 136.702507][ T6477] BTRFS: device /dev/loop3 (7:3) using temp-fsid 7c1511da-ad98-4543-bd7e-8eb1bb4277d5 [ 136.711226][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 136.731277][ T6475] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 136.735573][ T6477] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6477) [ 136.762596][ T6475] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 136.783143][ T6475] BTRFS info (device loop2): using free-space-tree [ 136.792855][ T6476] BTRFS: device /dev/loop0 (7:0) using temp-fsid 84f08f6d-9a9e-4a60-8291-f2146c32149c [ 136.804396][ T6477] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 136.822876][ T6476] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6476) [ 136.836984][ T6477] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 136.847473][ T6477] BTRFS info (device loop3): using free-space-tree [pid 5852] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6473] <... mount resumed>) = 0 [pid 6473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6473] chdir("./file0") = 0 [pid 6473] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6473] ioctl(4, LOOP_CLR_FD) = 0 [pid 6473] close(4) = 0 [pid 6473] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 136.901242][ T6476] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 136.921723][ T6476] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 136.932244][ T6476] BTRFS info (device loop0): using free-space-tree [pid 6473] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6473] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6473] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6473] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6473] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6473] exit_group(0) = ? [pid 6473] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6473, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./7/binderfs") = 0 [pid 5849] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6475] <... mount resumed>) = 0 [pid 6477] <... mount resumed>) = 0 [pid 6475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6476] <... mount resumed>) = 0 [pid 6475] <... openat resumed>) = 3 [pid 6477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6475] chdir("./file0") = 0 [pid 6477] <... openat resumed>) = 3 [pid 6475] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6476] <... openat resumed>) = 3 [pid 6475] <... openat resumed>) = 4 [pid 6477] chdir("./file0" [pid 6476] chdir("./file0" [pid 6475] ioctl(4, LOOP_CLR_FD) = 0 [pid 6476] <... chdir resumed>) = 0 [pid 6475] close(4 [pid 6477] <... chdir resumed>) = 0 [pid 6476] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6475] <... close resumed>) = 0 [pid 6476] <... openat resumed>) = 4 [pid 6477] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6475] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6476] ioctl(4, LOOP_CLR_FD) = 0 [pid 6475] <... openat resumed>) = 4 [pid 6477] <... openat resumed>) = 4 [pid 6476] close(4) = 0 [pid 6476] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6477] ioctl(4, LOOP_CLR_FD) = 0 [pid 6477] close(4 [pid 6476] ioctl(-1, SIOCGIFINDEX, NULL [pid 6477] <... close resumed>) = 0 [pid 6476] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6477] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6475] ioctl(-1, SIOCGIFINDEX, NULL [pid 6476] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6477] <... openat resumed>) = 4 [pid 6476] <... write resumed>) = 280 [pid 6477] ioctl(-1, SIOCGIFINDEX, NULL [pid 6476] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6475] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6475] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6477] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6476] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6475] <... write resumed>) = 280 [pid 6477] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6476] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6475] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6477] <... write resumed>) = 280 [pid 6476] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6475] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6477] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6476] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 6475] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6476] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6475] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6476] exit_group(0 [pid 6475] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 6477] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6476] <... exit_group resumed>) = ? [pid 6475] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6475] exit_group(0) = ? [pid 6477] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6475] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6475, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=33 /* 0.33 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 6477] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6476] +++ exited with 0 +++ [pid 5850] <... restart_syscall resumed>) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6476, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 6477] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6477] exit_group(0 [pid 5850] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6477] <... exit_group resumed>) = ? [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5848] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./7/binderfs") = 0 [pid 5850] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6477] +++ exited with 0 +++ [pid 5848] <... openat resumed>) = 3 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6477, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 137.155034][ T5849] BTRFS info (device loop1): last unmount of filesystem 1e697b10-088e-4cac-b6b3-b8e607b33d00 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5851] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] unlink("./7/binderfs" [pid 5851] <... openat resumed>) = 3 [pid 5848] <... unlink resumed>) = 0 [pid 5851] newfstatat(3, "", [pid 5848] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./7/binderfs") = 0 [pid 5851] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [ 137.260215][ T5850] BTRFS info (device loop2): last unmount of filesystem 0bf30b17-1422-4f7b-8b1a-40a9bafdc2bb [ 137.290351][ T5848] BTRFS info (device loop0): last unmount of filesystem 84f08f6d-9a9e-4a60-8291-f2146c32149c [pid 5852] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./7/file0") = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] getdents64(3, [pid 5849] newfstatat(AT_FDCWD, "./7/file0", [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./7") = 0 [pid 5849] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] mkdir("./8", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 6559 attached [pid 5849] newfstatat(4, "", [pid 6559] set_robust_list(0x55558aa90660, 24 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6559] <... set_robust_list resumed>) = 0 [pid 5849] getdents64(4, [pid 6559] chdir("./8" [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6559 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6559] <... chdir resumed>) = 0 [ 137.363781][ T5851] BTRFS info (device loop3): last unmount of filesystem 7c1511da-ad98-4543-bd7e-8eb1bb4277d5 [pid 5849] getdents64(4, [pid 6559] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 executing program [pid 6559] <... prctl resumed>) = 0 [pid 5849] close(4 [pid 6559] setpgid(0, 0 [pid 5849] <... close resumed>) = 0 [pid 5849] rmdir("./7/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./7") = 0 [pid 6559] <... setpgid resumed>) = 0 [pid 5849] mkdir("./8", 0777 [pid 6559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... mkdir resumed>) = 0 [pid 6559] <... openat resumed>) = 3 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6559] write(3, "1000", 4 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 6559] <... write resumed>) = 4 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6559] close(3) = 0 [pid 5849] close(3 [pid 6559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] <... close resumed>) = 0 [pid 6559] write(1, "executing program\n", 18) = 18 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6560 attached [pid 6559] memfd_create("syzkaller", 0) = 3 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6560 [pid 6560] set_robust_list(0x55558aa90660, 24 [pid 6559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6560] <... set_robust_list resumed>) = 0 [pid 6560] chdir("./8") = 0 [pid 6560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6560] setpgid(0, 0) = 0 [pid 6560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6560] write(3, "1000", 4 [pid 6559] <... mmap resumed>) = 0x7f362be00000 [pid 6560] <... write resumed>) = 4 [pid 6560] close(3) = 0 [pid 6560] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6560] write(1, "executing program\n", 18) = 18 [pid 6560] memfd_create("syzkaller", 0) = 3 [pid 6560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5848] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./7/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./7") = 0 [pid 5848] mkdir("./8", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5850] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6561 attached ) = -1 EINVAL (Invalid argument) [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6561 [pid 5850] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6561] set_robust_list(0x55558aa90660, 24) = 0 [pid 6561] chdir("./8") = 0 [pid 6561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6561] setpgid(0, 0) = 0 [pid 5850] <... openat resumed>) = 4 executing program [pid 5850] newfstatat(4, "", [pid 6561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] <... umount2 resumed>) = 0 [pid 6561] <... openat resumed>) = 3 [pid 6561] write(3, "1000", 4) = 4 [pid 6561] close(3) = 0 [pid 6561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6561] write(1, "executing program\n", 18) = 18 [pid 6561] memfd_create("syzkaller", 0) = 3 [pid 6561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] getdents64(4, [pid 5851] newfstatat(AT_FDCWD, "./7/file0", [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] getdents64(4, [pid 5851] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] close(4) = 0 [pid 5851] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] rmdir("./7/file0" [pid 5851] <... openat resumed>) = 4 [pid 5850] <... rmdir resumed>) = 0 [pid 5851] newfstatat(4, "", [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 5850] close(3) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] rmdir("./7" [pid 5851] getdents64(4, [pid 5850] <... rmdir resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 5850] mkdir("./8", 0777 [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./7/file0" [pid 5850] <... mkdir resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5851] close(3 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] close(3 [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./7" [pid 5850] <... close resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... rmdir resumed>) = 0 [pid 5851] mkdir("./8", 0777 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 6562 ./strace-static-x86_64: Process 6562 attached [pid 6562] set_robust_list(0x55558aa90660, 24 [pid 6560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... mkdir resumed>) = 0 [pid 6562] <... set_robust_list resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6562] chdir("./8") = 0 [pid 6562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6562] setpgid(0, 0) = 0 [pid 6562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] <... openat resumed>) = 3 [pid 6562] write(3, "1000", 4 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 6562] <... write resumed>) = 4 [pid 6562] close(3 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6562] <... close resumed>) = 0 [pid 5851] close(3 [pid 6562] symlink("/dev/binderfs", "./binderfs" [pid 6559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... close resumed>) = 0 [pid 6562] <... symlink resumed>) = 0 executing program [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6562] write(1, "executing program\n", 18) = 18 ./strace-static-x86_64: Process 6563 attached [pid 6562] memfd_create("syzkaller", 0) = 3 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 6563 [pid 6563] set_robust_list(0x55558aa90660, 24) = 0 [pid 6562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6563] chdir("./8") = 0 [pid 6562] <... mmap resumed>) = 0x7f362be00000 [pid 6563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6563] setpgid(0, 0) = 0 [pid 6563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6563] write(3, "1000", 4) = 4 [pid 6563] close(3) = 0 [pid 6563] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6563] write(1, "executing program\n", 18) = 18 [pid 6563] memfd_create("syzkaller", 0) = 3 [pid 6563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6559] <... write resumed>) = 16777216 [pid 6559] munmap(0x7f362be00000, 138412032) = 0 [pid 6562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6559] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6560] <... write resumed>) = 16777216 [pid 6559] <... openat resumed>) = 4 [pid 6560] munmap(0x7f362be00000, 138412032 [pid 6559] ioctl(4, LOOP_SET_FD, 3 [pid 6560] <... munmap resumed>) = 0 [pid 6560] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6559] <... ioctl resumed>) = 0 [pid 6560] ioctl(4, LOOP_SET_FD, 3 [pid 6559] close(3) = 0 [pid 6560] <... ioctl resumed>) = 0 [pid 6559] close(4) = 0 [pid 6559] mkdir("./file0", 0777) = 0 [ 138.338641][ T6559] loop4: detected capacity change from 0 to 32768 [ 138.360005][ T6560] loop1: detected capacity change from 0 to 32768 [pid 6559] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6560] close(3) = 0 [pid 6560] close(4) = 0 [pid 6560] mkdir("./file0", 0777) = 0 [ 138.381147][ T6559] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6559) [pid 6560] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 138.436715][ T6560] BTRFS: device /dev/loop1 (7:1) using temp-fsid cc8512d3-1f37-43f8-908f-d23792985a80 [ 138.447637][ T6560] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6560) [ 138.472943][ T6559] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 138.506074][ T6559] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 138.537687][ T6560] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 138.568755][ T6559] BTRFS info (device loop4): using free-space-tree [ 138.579294][ T6560] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 138.617257][ T6560] BTRFS info (device loop1): using free-space-tree [pid 6563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6561] <... write resumed>) = 16777216 [pid 6561] munmap(0x7f362be00000, 138412032) = 0 [pid 6561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6561] close(3) = 0 [pid 6561] close(4) = 0 [pid 6563] <... write resumed>) = 16777216 [pid 6561] mkdir("./file0", 0777 [pid 6563] munmap(0x7f362be00000, 138412032 [pid 6561] <... mkdir resumed>) = 0 [ 138.848224][ T6561] loop0: detected capacity change from 0 to 32768 [pid 6561] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6562] <... write resumed>) = 16777216 [ 138.893081][ T6561] BTRFS: device /dev/loop0 (7:0) using temp-fsid 8c35c1e4-235a-4648-968b-ef39f1eac57d [ 138.916829][ T6561] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6561) [pid 6563] <... munmap resumed>) = 0 [pid 6562] munmap(0x7f362be00000, 138412032 [pid 6563] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6562] <... munmap resumed>) = 0 [pid 6563] close(3 [pid 6562] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6563] <... close resumed>) = 0 [pid 6563] close(4) = 0 [pid 6562] <... openat resumed>) = 4 [pid 6563] mkdir("./file0", 0777 [pid 6562] ioctl(4, LOOP_SET_FD, 3 [pid 6563] <... mkdir resumed>) = 0 [ 138.972461][ T6563] loop3: detected capacity change from 0 to 32768 [ 138.996038][ T6562] loop2: detected capacity change from 0 to 32768 [ 139.000902][ T6563] BTRFS: device /dev/loop3 (7:3) using temp-fsid dda5d7f6-7a36-4faa-afc3-5b00b1a23a3c [pid 6563] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6562] <... ioctl resumed>) = 0 [pid 6562] close(3) = 0 [pid 6562] close(4) = 0 [pid 6562] mkdir("./file0", 0777) = 0 [pid 6562] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6559] <... mount resumed>) = 0 [pid 6559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6560] <... mount resumed>) = 0 [pid 6560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6560] chdir("./file0") = 0 [pid 6560] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6560] ioctl(4, LOOP_CLR_FD) = 0 [pid 6560] close(4) = 0 [pid 6560] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6560] ioctl(-1, SIOCGIFINDEX, NULL [pid 6559] chdir("./file0" [pid 6560] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6560] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6559] <... chdir resumed>) = 0 [pid 6560] <... write resumed>) = 280 [pid 6560] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6559] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6560] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6560] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6559] <... openat resumed>) = 4 [pid 6560] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6559] ioctl(4, LOOP_CLR_FD [ 139.014534][ T6561] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 139.024869][ T6561] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 139.035232][ T6561] BTRFS info (device loop0): using free-space-tree [pid 6560] exit_group(0) = ? [pid 6560] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6560, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=22 /* 0.22 s */} --- [pid 5849] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./8/binderfs") = 0 [pid 5849] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6559] <... ioctl resumed>) = 0 [pid 6559] close(4) = 0 [pid 6559] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6559] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6559] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6559] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 139.068132][ T6563] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6563) [pid 6559] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6559] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6559] exit_group(0) = ? [pid 6559] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6559, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=30 /* 0.30 s */} --- [pid 5852] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./8/binderfs") = 0 [ 139.124695][ T5849] BTRFS info (device loop1): last unmount of filesystem cc8512d3-1f37-43f8-908f-d23792985a80 [ 139.151844][ T6562] BTRFS: device /dev/loop2 (7:2) using temp-fsid fa59c5b0-4786-4258-98b5-c546653da195 [ 139.162766][ T6563] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 139.230911][ T6562] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6562) [ 139.244537][ T6563] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 139.278172][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 139.291019][ T6563] BTRFS info (device loop3): using free-space-tree [ 139.326474][ T6562] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6561] <... mount resumed>) = 0 [pid 6561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6561] chdir("./file0") = 0 [pid 6561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6561] ioctl(4, LOOP_CLR_FD) = 0 [pid 6561] close(4) = 0 [pid 6561] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6561] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6561] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6561] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6561] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6561] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6561] exit_group(0) = ? [pid 6561] +++ exited with 0 +++ [ 139.377951][ T6562] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 139.387650][ T6562] BTRFS info (device loop2): using free-space-tree [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6561, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./8/binderfs") = 0 [pid 5848] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./8/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5852] rmdir("./8" [pid 5849] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... rmdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] mkdir("./9", 0777 [pid 5849] newfstatat(AT_FDCWD, "./8/file0", [pid 5852] <... mkdir resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6563] <... mount resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6563] <... openat resumed>) = 3 [pid 6563] chdir("./file0") = 0 [pid 6563] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6563] ioctl(4, LOOP_CLR_FD) = 0 [pid 6563] close(4) = 0 [pid 6563] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5852] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 4 [pid 6563] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6563] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5849] newfstatat(4, "", [pid 6563] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6563] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6563] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6563] exit_group(0) = ? [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6563] +++ exited with 0 +++ [pid 5852] close(3 [pid 5849] getdents64(4, [pid 5852] <... close resumed>) = 0 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6563, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=17 /* 0.17 s */} --- [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6562] <... mount resumed>) = 0 [ 139.563097][ T5848] BTRFS info (device loop0): last unmount of filesystem 8c35c1e4-235a-4648-968b-ef39f1eac57d [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5849] getdents64(4, [pid 6562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 6644 attached [pid 6562] <... openat resumed>) = 3 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6644 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6644] set_robust_list(0x55558aa90660, 24 [pid 6562] chdir("./file0" [pid 5849] close(4 [pid 6644] <... set_robust_list resumed>) = 0 [pid 6562] <... chdir resumed>) = 0 [pid 5851] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... close resumed>) = 0 [pid 6644] chdir("./9" [pid 5849] rmdir("./8/file0" [pid 6644] <... chdir resumed>) = 0 [pid 6562] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6644] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6562] <... openat resumed>) = 4 [pid 5851] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... rmdir resumed>) = 0 [pid 6562] ioctl(4, LOOP_CLR_FD [pid 5851] <... openat resumed>) = 3 [pid 5849] getdents64(3, [pid 6562] <... ioctl resumed>) = 0 [pid 5851] newfstatat(3, "", [pid 6644] <... prctl resumed>) = 0 [pid 6562] close(4 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6562] <... close resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] close(3 [pid 6644] setpgid(0, 0 [pid 5851] getdents64(3, [pid 5849] <... close resumed>) = 0 [pid 6644] <... setpgid resumed>) = 0 [pid 6562] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] rmdir("./8" [pid 5851] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6562] <... openat resumed>) = 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... rmdir resumed>) = 0 [pid 6644] <... openat resumed>) = 3 [pid 6562] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5849] mkdir("./9", 0777 [pid 6562] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 6562] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6644] write(3, "1000", 4 [pid 6562] <... write resumed>) = 280 [pid 5851] unlink("./8/binderfs" [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6644] <... write resumed>) = 4 [pid 6562] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... unlink resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 6562] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6644] close(3 [pid 5851] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] ioctl(3, LOOP_CLR_FD [pid 6644] <... close resumed>) = 0 [pid 6562] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6644] symlink("/dev/binderfs", "./binderfs" [pid 6562] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6644] <... symlink resumed>) = 0 [pid 6562] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] close(3executing program [pid 6644] write(1, "executing program\n", 18 [pid 6562] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... close resumed>) = 0 [pid 6644] <... write resumed>) = 18 [pid 6562] exit_group(0) = ? [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6645 attached [pid 6644] memfd_create("syzkaller", 0 [pid 6562] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6562, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6645 [pid 6644] <... memfd_create resumed>) = 3 [pid 5850] <... openat resumed>) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6645] set_robust_list(0x55558aa90660, 24 [pid 6644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] getdents64(3, [pid 6645] <... set_robust_list resumed>) = 0 [pid 6644] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6645] chdir("./9" [pid 5850] unlink("./8/binderfs" [pid 6645] <... chdir resumed>) = 0 [pid 5850] <... unlink resumed>) = 0 [pid 6645] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6645] <... prctl resumed>) = 0 [pid 6645] setpgid(0, 0) = 0 [pid 6645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6645] write(3, "1000", 4) = 4 [pid 6645] close(3) = 0 [pid 6645] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6645] write(1, "executing program\n", 18) = 18 [ 139.741511][ T5851] BTRFS info (device loop3): last unmount of filesystem dda5d7f6-7a36-4faa-afc3-5b00b1a23a3c [pid 6645] memfd_create("syzkaller", 0) = 3 [pid 6645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 139.824535][ T5850] BTRFS info (device loop2): last unmount of filesystem fa59c5b0-4786-4258-98b5-c546653da195 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./8/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./8") = 0 [pid 5848] mkdir("./9", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6646 attached [pid 6646] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6646 [pid 6646] <... set_robust_list resumed>) = 0 [pid 6646] chdir("./9") = 0 [pid 6646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6646] setpgid(0, 0) = 0 [pid 6646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] <... umount2 resumed>) = 0 [pid 6646] write(3, "1000", 4 [pid 5851] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6646] <... write resumed>) = 4 [pid 6644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6646] close(3) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6646] symlink("/dev/binderfs", "./binderfs" [pid 5851] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", executing program [pid 6646] <... symlink resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6646] write(1, "executing program\n", 18) = 18 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6646] memfd_create("syzkaller", 0 [pid 5851] close(4 [pid 6646] <... memfd_create resumed>) = 3 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./8/file0" [pid 6646] <... mmap resumed>) = 0x7f362be00000 [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./8") = 0 [pid 5851] mkdir("./9", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6647 attached , child_tidptr=0x55558aa90650) = 6647 [pid 6647] set_robust_list(0x55558aa90660, 24) = 0 [pid 6647] chdir("./9") = 0 [pid 6647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6647] setpgid(0, 0) = 0 [pid 6647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6647] write(3, "1000", 4) = 4 [pid 6647] close(3) = 0 [pid 6647] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6647] write(1, "executing program\n", 18) = 18 [pid 6647] memfd_create("syzkaller", 0) = 3 [pid 6647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./8/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./8") = 0 [pid 5850] mkdir("./9", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6648 ./strace-static-x86_64: Process 6648 attached [pid 6648] set_robust_list(0x55558aa90660, 24) = 0 [pid 6648] chdir("./9") = 0 [pid 6648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6648] setpgid(0, 0) = 0 [pid 6648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6648] write(3, "1000", 4) = 4 [pid 6648] close(3) = 0 [pid 6648] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6648] write(1, "executing program\n", 18) = 18 [pid 6648] memfd_create("syzkaller", 0) = 3 [pid 6648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6644] <... write resumed>) = 16777216 [pid 6644] munmap(0x7f362be00000, 138412032) = 0 [pid 6645] <... write resumed>) = 16777216 [pid 6644] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6645] munmap(0x7f362be00000, 138412032 [pid 6644] close(3 [pid 6645] <... munmap resumed>) = 0 [pid 6644] <... close resumed>) = 0 [pid 6645] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6644] close(4 [pid 6645] <... openat resumed>) = 4 [pid 6644] <... close resumed>) = 0 [ 140.642334][ T6644] loop4: detected capacity change from 0 to 32768 [pid 6645] ioctl(4, LOOP_SET_FD, 3 [pid 6644] mkdir("./file0", 0777 [pid 6645] <... ioctl resumed>) = 0 [pid 6644] <... mkdir resumed>) = 0 [pid 6645] close(3 [pid 6644] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6645] <... close resumed>) = 0 [pid 6645] close(4) = 0 [pid 6645] mkdir("./file0", 0777) = 0 [ 140.712028][ T6645] loop1: detected capacity change from 0 to 32768 [ 140.726024][ T6644] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6644) [pid 6645] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 140.780386][ T6645] BTRFS: device /dev/loop1 (7:1) using temp-fsid 2d2fe102-d0de-4dbb-93c6-b2efbf053825 [ 140.792340][ T6645] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6645) [ 140.807784][ T6644] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 140.834890][ T6644] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 140.871780][ T6644] BTRFS info (device loop4): using free-space-tree [ 140.895576][ T6645] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6646] <... write resumed>) = 16777216 [ 140.949888][ T6645] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 140.989407][ T6645] BTRFS info (device loop1): using free-space-tree [pid 6646] munmap(0x7f362be00000, 138412032 [pid 6648] <... write resumed>) = 16777216 [pid 6646] <... munmap resumed>) = 0 [pid 6648] munmap(0x7f362be00000, 138412032 [pid 6647] <... write resumed>) = 16777216 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6647] munmap(0x7f362be00000, 138412032 [pid 6646] <... openat resumed>) = 4 [pid 6646] ioctl(4, LOOP_SET_FD, 3 [pid 6647] <... munmap resumed>) = 0 [pid 6648] <... munmap resumed>) = 0 [pid 6646] <... ioctl resumed>) = 0 [pid 6648] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6646] close(3 [pid 6648] <... openat resumed>) = 4 [pid 6648] ioctl(4, LOOP_SET_FD, 3 [pid 6647] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6647] ioctl(4, LOOP_SET_FD, 3 [pid 6648] <... ioctl resumed>) = 0 [pid 6646] <... close resumed>) = 0 [pid 6646] close(4 [pid 6648] close(3 [pid 6646] <... close resumed>) = 0 [pid 6646] mkdir("./file0", 0777 [pid 6648] <... close resumed>) = 0 [pid 6648] close(4) = 0 [pid 6646] <... mkdir resumed>) = 0 [pid 6648] mkdir("./file0", 0777) = 0 [ 141.060156][ T6646] loop0: detected capacity change from 0 to 32768 [ 141.082102][ T6648] loop2: detected capacity change from 0 to 32768 [ 141.083109][ T6647] loop3: detected capacity change from 0 to 32768 [pid 6646] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6648] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6647] <... ioctl resumed>) = 0 [pid 6647] close(3) = 0 [pid 6647] close(4) = 0 [pid 6647] mkdir("./file0", 0777) = 0 [ 141.115870][ T6646] BTRFS: device /dev/loop0 (7:0) using temp-fsid 8c81829d-17f4-4770-adf6-b10f28073d6b [pid 6647] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6644] <... mount resumed>) = 0 [pid 6644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6644] chdir("./file0") = 0 [pid 6644] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6644] ioctl(4, LOOP_CLR_FD) = 0 [pid 6644] close(4) = 0 [pid 6644] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6644] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6644] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6644] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6644] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6644] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6644] exit_group(0) = ? [pid 6644] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6644, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 141.154166][ T6646] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6646) [pid 5852] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 141.220015][ T6647] BTRFS: device /dev/loop3 (7:3) using temp-fsid 123a60c9-0f0f-4049-8974-3ae88df0e583 [ 141.220173][ T6646] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 141.250007][ T6647] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6647) [pid 5852] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./9/binderfs") = 0 [ 141.265218][ T6646] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 141.283537][ T6648] BTRFS: device /dev/loop2 (7:2) using temp-fsid 1ffd8617-11fc-44e3-b14b-90d373d0b675 [ 141.290782][ T6647] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 141.296548][ T6646] BTRFS info (device loop0): using free-space-tree [ 141.311524][ T6648] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6648) [ 141.325004][ T6647] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 141.335143][ T6647] BTRFS info (device loop3): using free-space-tree [ 141.350686][ T6648] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6645] <... mount resumed>) = 0 [pid 6645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6645] chdir("./file0") = 0 [pid 6645] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6645] ioctl(4, LOOP_CLR_FD) = 0 [pid 6645] close(4) = 0 [ 141.353982][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 141.372898][ T6648] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 141.384775][ T6648] BTRFS info (device loop2): using free-space-tree [pid 6645] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6645] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6645] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6645] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6645] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6645] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6645] exit_group(0) = ? [pid 6645] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6645, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./9/binderfs") = 0 [ 141.520269][ T5849] BTRFS info (device loop1): last unmount of filesystem 2d2fe102-d0de-4dbb-93c6-b2efbf053825 [pid 5849] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6646] <... mount resumed>) = 0 [pid 6646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6646] chdir("./file0") = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6646] ioctl(4, LOOP_CLR_FD) = 0 [pid 6646] close(4) = 0 [pid 6646] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6646] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6646] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6646] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6646] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6646] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6646] exit_group(0) = ? [pid 6646] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6646, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=28 /* 0.28 s */} --- [pid 5848] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./9/binderfs") = 0 [pid 5848] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6648] <... mount resumed>) = 0 [pid 6647] <... mount resumed>) = 0 [pid 6648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6648] <... openat resumed>) = 3 [pid 6647] <... openat resumed>) = 3 [pid 6648] chdir("./file0" [pid 6647] chdir("./file0" [pid 6648] <... chdir resumed>) = 0 [pid 6647] <... chdir resumed>) = 0 [pid 6648] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6647] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6648] <... openat resumed>) = 4 [pid 6647] <... openat resumed>) = 4 [pid 6648] ioctl(4, LOOP_CLR_FD [pid 6647] ioctl(4, LOOP_CLR_FD [pid 6648] <... ioctl resumed>) = 0 [pid 6647] <... ioctl resumed>) = 0 [pid 6648] close(4 [pid 6647] close(4 [pid 6648] <... close resumed>) = 0 [pid 6647] <... close resumed>) = 0 [pid 6648] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6647] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6648] <... openat resumed>) = 4 [pid 6647] <... openat resumed>) = 4 [pid 6648] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6648] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6648] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6647] ioctl(-1, SIOCGIFINDEX, NULL [pid 6648] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6647] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6648] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6647] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6648] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6647] <... write resumed>) = 280 [pid 6648] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 6647] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6648] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6647] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6648] exit_group(0 [pid 6647] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6648] <... exit_group resumed>) = ? [pid 6647] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6648] +++ exited with 0 +++ [pid 6647] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... umount2 resumed>) = 0 [pid 6647] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6648, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] newfstatat(AT_FDCWD, "./9/file0", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6647] exit_group(0 [pid 5850] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6647] <... exit_group resumed>) = ? [pid 5850] <... openat resumed>) = 3 [pid 5849] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6647] +++ exited with 0 +++ [pid 5850] newfstatat(3, "", [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6647, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5849] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] <... openat resumed>) = 4 [pid 5850] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] newfstatat(4, "", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... restart_syscall resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] getdents64(4, [pid 5851] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] unlink("./9/binderfs" [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] <... unlink resumed>) = 0 [pid 5849] getdents64(4, [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] close(4 [pid 5851] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./9/binderfs") = 0 [pid 5851] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... close resumed>) = 0 [pid 5849] rmdir("./9/file0") = 0 [ 141.863740][ T5848] BTRFS info (device loop0): last unmount of filesystem 8c81829d-17f4-4770-adf6-b10f28073d6b [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./9") = 0 [pid 5849] mkdir("./10", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6731 attached [pid 6731] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6731 [pid 5848] <... umount2 resumed>) = 0 [pid 6731] <... set_robust_list resumed>) = 0 [pid 5848] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6731] chdir("./10" [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6731] <... chdir resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./9/file0", [pid 6731] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6731] <... prctl resumed>) = 0 [pid 5848] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6731] setpgid(0, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6731] <... setpgid resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 6731] <... openat resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6731] write(3, "1000", 4 [pid 5848] close(4 [pid 6731] <... write resumed>) = 4 [pid 5848] <... close resumed>) = 0 [pid 6731] close(3 [pid 5848] rmdir("./9/file0" [pid 6731] <... close resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 6731] symlink("/dev/binderfs", "./binderfs" [pid 5848] getdents64(3, [pid 6731] <... symlink resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [ 141.954981][ T5851] BTRFS info (device loop3): last unmount of filesystem 123a60c9-0f0f-4049-8974-3ae88df0e583 [ 141.979884][ T5850] BTRFS info (device loop2): last unmount of filesystem 1ffd8617-11fc-44e3-b14b-90d373d0b675 [pid 5848] rmdir("./9") = 0 [pid 6731] write(1, "executing program\n", 18executing program ) = 18 [pid 5848] mkdir("./10", 0777 [pid 5852] <... umount2 resumed>) = 0 [pid 6731] memfd_create("syzkaller", 0 [pid 5848] <... mkdir resumed>) = 0 [pid 6731] <... memfd_create resumed>) = 3 [pid 5852] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... openat resumed>) = 3 [pid 5852] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5852] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4 [pid 5848] <... ioctl resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./9/file0") = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./9") = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5852] mkdir("./10", 0777./strace-static-x86_64: Process 6734 attached ) = 0 [pid 5851] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6734 [pid 6734] set_robust_list(0x55558aa90660, 24 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6734] <... set_robust_list resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./9/file0", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6734] chdir("./10" [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] newfstatat(AT_FDCWD, "./9/file0", [pid 6734] <... chdir resumed>) = 0 [pid 5851] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6734] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6734] <... prctl resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6734] setpgid(0, 0 [pid 5851] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6734] <... setpgid resumed>) = 0 [pid 6734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] <... openat resumed>) = 4 [pid 5850] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6734] <... openat resumed>) = 3 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] newfstatat(4, "", [pid 5850] <... openat resumed>) = 4 [pid 6734] write(3, "1000", 4 [pid 5852] <... openat resumed>) = 3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] newfstatat(4, "", [pid 6734] <... write resumed>) = 4 [pid 5851] getdents64(4, [pid 6734] close(3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6734] <... close resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 6734] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6734] <... symlink resumed>) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5851] getdents64(4, [pid 5850] getdents64(4, [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(3 [pid 5850] close(4 [pid 6734] write(1, "executing program\n", 18 [pid 5852] <... close resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./9/file0"executing program [pid 6734] <... write resumed>) = 18 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] close(4 [pid 5850] <... rmdir resumed>) = 0 [pid 5851] <... close resumed>) = 0 ./strace-static-x86_64: Process 6735 attached [pid 6734] memfd_create("syzkaller", 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6735] set_robust_list(0x55558aa90660, 24 [pid 5850] close(3 [pid 6735] <... set_robust_list resumed>) = 0 [pid 6734] <... memfd_create resumed>) = 3 [pid 5850] <... close resumed>) = 0 [pid 6734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] rmdir("./9/file0" [pid 5850] rmdir("./9" [pid 6734] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6735 [pid 5851] <... rmdir resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 6735] chdir("./10" [pid 5851] getdents64(3, [pid 5850] mkdir("./10", 0777 [pid 6735] <... chdir resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6735] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] close(3 [pid 5850] <... mkdir resumed>) = 0 [pid 6735] <... prctl resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 6735] setpgid(0, 0) = 0 [pid 5851] rmdir("./9") = 0 [pid 6735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] mkdir("./10", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6735] <... openat resumed>) = 3 [pid 5851] <... openat resumed>) = 3 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 6735] write(3, "1000", 4 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5850] <... openat resumed>) = 3 [pid 6735] <... write resumed>) = 4 [pid 6735] close(3 [pid 5851] <... ioctl resumed>) = 0 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 6735] <... close resumed>) = 0 [pid 5851] close(3 [pid 6735] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... ioctl resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 6735] <... symlink resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] close(3 [pid 6735] write(1, "executing program\n", 18 [pid 5850] <... close resumed>) = 0 [pid 6735] <... write resumed>) = 18 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6735] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6736 attached ./strace-static-x86_64: Process 6737 attached [pid 6737] set_robust_list(0x55558aa90660, 24 [pid 6735] <... memfd_create resumed>) = 3 [pid 6737] <... set_robust_list resumed>) = 0 [pid 6737] chdir("./10") = 0 [pid 6737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6737] setpgid(0, 0) = 0 [pid 6737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 6736 [pid 6736] set_robust_list(0x55558aa90660, 24) = 0 [pid 6737] <... openat resumed>) = 3 [pid 6736] chdir("./10" [pid 6735] <... mmap resumed>) = 0x7f362be00000 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 6737 [pid 6737] write(3, "1000", 4) = 4 [pid 6737] close(3) = 0 [pid 6737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6736] <... chdir resumed>) = 0 [pid 6736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 6737] write(1, "executing program\n", 18 [pid 6736] setpgid(0, 0) = 0 [pid 6737] <... write resumed>) = 18 [pid 6736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6737] memfd_create("syzkaller", 0 [pid 6736] <... openat resumed>) = 3 [pid 6736] write(3, "1000", 4 [pid 6737] <... memfd_create resumed>) = 3 [pid 6736] <... write resumed>) = 4 [pid 6737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6736] close(3 [pid 6737] <... mmap resumed>) = 0x7f362be00000 [pid 6736] <... close resumed>) = 0 [pid 6736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6736] write(1, "executing program\n", 18executing program ) = 18 [pid 6736] memfd_create("syzkaller", 0) = 3 [pid 6736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6731] <... write resumed>) = 16777216 [pid 6731] munmap(0x7f362be00000, 138412032 [pid 6737] <... write resumed>) = 16777216 [pid 6731] <... munmap resumed>) = 0 [pid 6737] munmap(0x7f362be00000, 138412032 [pid 6731] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6737] <... munmap resumed>) = 0 [pid 6731] close(3) = 0 [pid 6737] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6731] close(4) = 0 [pid 6737] ioctl(4, LOOP_SET_FD, 3 [pid 6731] mkdir("./file0", 0777 [pid 6737] <... ioctl resumed>) = 0 [pid 6731] <... mkdir resumed>) = 0 [ 143.169771][ T6731] loop1: detected capacity change from 0 to 32768 [ 143.201769][ T6737] loop3: detected capacity change from 0 to 32768 [pid 6731] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6734] <... write resumed>) = 16777216 [pid 6737] close(3) = 0 [pid 6734] munmap(0x7f362be00000, 138412032 [pid 6737] close(4) = 0 [pid 6736] <... write resumed>) = 16777216 [ 143.216660][ T6731] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6731) [pid 6737] mkdir("./file0", 0777) = 0 [pid 6736] munmap(0x7f362be00000, 138412032 [pid 6737] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6734] <... munmap resumed>) = 0 [pid 6735] <... write resumed>) = 16777216 [pid 6735] munmap(0x7f362be00000, 138412032 [pid 6734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6734] ioctl(4, LOOP_SET_FD, 3 [pid 6736] <... munmap resumed>) = 0 [pid 6735] <... munmap resumed>) = 0 [ 143.267498][ T6731] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 143.280819][ T6737] BTRFS: device /dev/loop3 (7:3) using temp-fsid fe1c5ab8-3181-42b4-94a0-1ae0aff2b9ac [ 143.285265][ T6734] loop0: detected capacity change from 0 to 32768 [ 143.297598][ T6737] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6737) [pid 6736] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6735] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6735] ioctl(4, LOOP_SET_FD, 3 [pid 6736] <... openat resumed>) = 4 [pid 6736] ioctl(4, LOOP_SET_FD, 3 [pid 6734] <... ioctl resumed>) = 0 [pid 6734] close(3) = 0 [pid 6734] close(4 [pid 6736] <... ioctl resumed>) = 0 [pid 6734] <... close resumed>) = 0 [pid 6736] close(3 [pid 6734] mkdir("./file0", 0777 [pid 6736] <... close resumed>) = 0 [pid 6734] <... mkdir resumed>) = 0 [pid 6736] close(4 [pid 6735] <... ioctl resumed>) = 0 [pid 6735] close(3 [pid 6736] <... close resumed>) = 0 [pid 6735] <... close resumed>) = 0 [pid 6735] close(4) = 0 [ 143.314463][ T6731] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 143.325690][ T6735] loop4: detected capacity change from 0 to 32768 [ 143.326285][ T6731] BTRFS info (device loop1): using free-space-tree [ 143.340746][ T6736] loop2: detected capacity change from 0 to 32768 [pid 6734] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6736] mkdir("./file0", 0777 [pid 6735] mkdir("./file0", 0777 [pid 6736] <... mkdir resumed>) = 0 [pid 6735] <... mkdir resumed>) = 0 [pid 6736] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 143.362336][ T6737] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 143.362356][ T6734] BTRFS: device /dev/loop0 (7:0) using temp-fsid e96e3660-eca4-4c44-828b-37f0d586a41d [ 143.362394][ T6734] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6734) [ 143.389283][ T6737] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 143.443143][ T6737] BTRFS info (device loop3): using free-space-tree [ 143.466015][ T6735] BTRFS: device /dev/loop4 (7:4) using temp-fsid 8aa8ede6-2c60-4415-9bcb-c6d53c891f2c [ 143.492465][ T6734] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 143.509886][ T6735] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6735) [ 143.534655][ T6734] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 143.560619][ T6736] BTRFS: device /dev/loop2 (7:2) using temp-fsid 2314954b-d84d-4bd9-b2cf-4e7e86b079c6 [ 143.561434][ T6735] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 143.570384][ T6736] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6736) [ 143.594793][ T6735] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 143.602276][ T6734] BTRFS info (device loop0): using free-space-tree [ 143.606838][ T6735] BTRFS info (device loop4): using free-space-tree [pid 6735] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6731] <... mount resumed>) = 0 [pid 6731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6731] chdir("./file0") = 0 [pid 6731] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6731] ioctl(4, LOOP_CLR_FD) = 0 [pid 6731] close(4) = 0 [pid 6731] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6731] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 143.642273][ T6736] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6731] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6731] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6731] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6731] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6731] exit_group(0) = ? [pid 6731] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6731, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=20 /* 0.20 s */} --- [pid 5849] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./10/binderfs") = 0 [ 143.709292][ T6736] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 143.718843][ T6736] BTRFS info (device loop2): using free-space-tree [ 143.814287][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6737] <... mount resumed>) = 0 [pid 6737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6737] chdir("./file0") = 0 [pid 6737] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6737] ioctl(4, LOOP_CLR_FD) = 0 [pid 6737] close(4) = 0 [pid 6737] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6737] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6737] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6737] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6737] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6737] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6737] exit_group(0) = ? [pid 6737] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6737, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./10/binderfs") = 0 [pid 5851] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6735] <... mount resumed>) = 0 [pid 6735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6735] chdir("./file0") = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6735] ioctl(4, LOOP_CLR_FD) = 0 [pid 6735] close(4) = 0 [pid 6735] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6734] <... mount resumed>) = 0 [pid 6734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6734] chdir("./file0") = 0 [pid 6734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6734] ioctl(4, LOOP_CLR_FD [pid 6735] ioctl(-1, SIOCGIFINDEX, NULL [pid 6734] <... ioctl resumed>) = 0 [pid 6735] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6734] close(4 [pid 6735] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6734] <... close resumed>) = 0 [pid 6735] <... write resumed>) = 280 [pid 6734] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6735] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6734] <... openat resumed>) = 4 [pid 6735] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6735] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6735] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6735] exit_group(0) = ? [pid 6735] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6735, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=29 /* 0.29 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 6736] <... mount resumed>) = 0 [pid 6736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6734] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... restart_syscall resumed>) = 0 [pid 6734] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6736] chdir("./file0" [pid 6734] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6736] <... chdir resumed>) = 0 [pid 6734] <... write resumed>) = 280 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 144.007156][ T5851] BTRFS info (device loop3): last unmount of filesystem fe1c5ab8-3181-42b4-94a0-1ae0aff2b9ac [pid 6736] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5852] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5852] <... openat resumed>) = 3 [pid 6736] close(4) = 0 [pid 5852] newfstatat(3, "", [pid 6736] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6736] <... openat resumed>) = 4 [pid 5852] getdents64(3, [pid 6736] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 6736] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6734] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6736] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6734] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6736] <... write resumed>) = 280 [pid 6734] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] newfstatat(AT_FDCWD, "./10/binderfs", [pid 6736] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... umount2 resumed>) = 0 [pid 6736] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6736] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6734] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6734] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] unlink("./10/binderfs" [pid 5851] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6734] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... unlink resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6734] exit_group(0 [pid 6736] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] newfstatat(AT_FDCWD, "./10/file0", [pid 6736] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6734] <... exit_group resumed>) = ? [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6736] exit_group(0 [pid 5851] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6736] <... exit_group resumed>) = ? [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6736] +++ exited with 0 +++ [pid 6734] +++ exited with 0 +++ [pid 5851] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6736, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=33 /* 0.33 s */} --- [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6734, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5851] close(4) = 0 [pid 5850] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] rmdir("./10/file0" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... rmdir resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(3, "", [pid 5851] getdents64(3, [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] getdents64(3, [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] <... openat resumed>) = 3 [pid 5850] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] close(3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(3, "", [pid 5851] <... close resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] rmdir("./10" [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] getdents64(3, [pid 5851] <... rmdir resumed>) = 0 [pid 5850] unlink("./10/binderfs" [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] mkdir("./11", 0777 [pid 5848] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... mkdir resumed>) = 0 [pid 5850] <... unlink resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5851] <... openat resumed>) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5848] unlink("./10/binderfs" [pid 5851] <... ioctl resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 5851] close(3 [pid 5848] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... close resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6819 ./strace-static-x86_64: Process 6819 attached [pid 6819] set_robust_list(0x55558aa90660, 24) = 0 [pid 6819] chdir("./11") = 0 [pid 6819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6819] setpgid(0, 0) = 0 [pid 6819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6819] write(3, "1000", 4) = 4 [pid 6819] close(3) = 0 [pid 6819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6819] write(1, "executing program\n", 18executing program ) = 18 [ 144.204547][ T5852] BTRFS info (device loop4): last unmount of filesystem 8aa8ede6-2c60-4415-9bcb-c6d53c891f2c [pid 6819] memfd_create("syzkaller", 0) = 3 [pid 6819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 144.271232][ T5848] BTRFS info (device loop0): last unmount of filesystem e96e3660-eca4-4c44-828b-37f0d586a41d [ 144.291578][ T5850] BTRFS info (device loop2): last unmount of filesystem 2314954b-d84d-4bd9-b2cf-4e7e86b079c6 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./10/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./10") = 0 [pid 5849] mkdir("./11", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5848] <... umount2 resumed>) = 0 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] <... umount2 resumed>) = 0 [pid 5849] close(3 [pid 5850] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... close resumed>) = 0 [pid 5848] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] newfstatat(AT_FDCWD, "./10/file0", [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] newfstatat(AT_FDCWD, "./10/file0", [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", ./strace-static-x86_64: Process 6822 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] getdents64(4, [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6822 [pid 5848] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] getdents64(4, [pid 5848] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6822] set_robust_list(0x55558aa90660, 24 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... openat resumed>) = 4 [pid 6822] <... set_robust_list resumed>) = 0 [pid 5850] close(4 [pid 5848] newfstatat(4, "", [pid 5850] <... close resumed>) = 0 [pid 6822] chdir("./11" [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6822] <... chdir resumed>) = 0 [pid 5850] rmdir("./10/file0" [pid 5848] getdents64(4, [pid 6822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6822] setpgid(0, 0 [pid 5848] getdents64(4, [pid 6822] <... setpgid resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] getdents64(3, [pid 5848] close(4 [pid 6822] <... openat resumed>) = 3 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] <... close resumed>) = 0 [pid 6822] write(3, "1000", 4 [pid 5850] close(3 [pid 5848] rmdir("./10/file0" [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./10" [pid 5848] <... rmdir resumed>) = 0 [pid 6822] <... write resumed>) = 4 [pid 5848] getdents64(3, [pid 6822] close(3 [pid 5850] <... rmdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6822] <... close resumed>) = 0 [pid 6822] symlink("/dev/binderfs", "./binderfs" [pid 5850] mkdir("./11", 0777 [pid 5848] close(3 [pid 6822] <... symlink resumed>) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 executing program [pid 6822] write(1, "executing program\n", 18 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] rmdir("./10" [pid 6822] <... write resumed>) = 18 [pid 5850] <... openat resumed>) = 3 [pid 5848] <... rmdir resumed>) = 0 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 6822] memfd_create("syzkaller", 0 [pid 5850] <... ioctl resumed>) = 0 [pid 5848] mkdir("./11", 0777 [pid 6822] <... memfd_create resumed>) = 3 [pid 5850] close(3 [pid 5848] <... mkdir resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6823 attached [pid 6822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... openat resumed>) = 3 [pid 6822] <... mmap resumed>) = 0x7f362be00000 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 6823] set_robust_list(0x55558aa90660, 24) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 6823] chdir("./11" [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 6823 [pid 5848] close(3 [pid 6823] <... chdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 6823] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6824 attached [pid 6823] <... prctl resumed>) = 0 [pid 6824] set_robust_list(0x55558aa90660, 24 [pid 6823] setpgid(0, 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6824 [pid 6824] <... set_robust_list resumed>) = 0 [pid 6824] chdir("./11" [pid 6823] <... setpgid resumed>) = 0 [pid 6823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6824] <... chdir resumed>) = 0 [pid 6823] <... openat resumed>) = 3 [pid 6824] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6823] write(3, "1000", 4 [pid 6824] <... prctl resumed>) = 0 [pid 6823] <... write resumed>) = 4 [pid 6824] setpgid(0, 0 [pid 6823] close(3) = 0 [pid 6824] <... setpgid resumed>) = 0 [pid 6823] symlink("/dev/binderfs", "./binderfs" [pid 6824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6823] <... symlink resumed>) = 0 executing program [pid 6823] write(1, "executing program\n", 18) = 18 [pid 6823] memfd_create("syzkaller", 0 [pid 6824] <... openat resumed>) = 3 [pid 6824] write(3, "1000", 4 [pid 6823] <... memfd_create resumed>) = 3 [pid 6824] <... write resumed>) = 4 [pid 6824] close(3 [pid 6823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6824] <... close resumed>) = 0 [pid 6824] symlink("/dev/binderfs", "./binderfs" [pid 6823] <... mmap resumed>) = 0x7f362be00000 [pid 6824] <... symlink resumed>) = 0 [pid 6824] write(1, "executing program\n", 18executing program ) = 18 [pid 6824] memfd_create("syzkaller", 0) = 3 [pid 6824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./10/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./10") = 0 [pid 6819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] mkdir("./11", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6825 ./strace-static-x86_64: Process 6825 attached [pid 6825] set_robust_list(0x55558aa90660, 24) = 0 [pid 6825] chdir("./11") = 0 [pid 6825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6825] setpgid(0, 0) = 0 [pid 6825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6825] write(3, "1000", 4) = 4 [pid 6825] close(3) = 0 [pid 6825] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6825] write(1, "executing program\n", 18) = 18 [pid 6825] memfd_create("syzkaller", 0) = 3 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6819] <... write resumed>) = 16777216 [pid 6819] munmap(0x7f362be00000, 138412032) = 0 [pid 6819] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6819] close(3) = 0 [pid 6819] close(4) = 0 [pid 6819] mkdir("./file0", 0777) = 0 [ 145.296378][ T6819] loop3: detected capacity change from 0 to 32768 [pid 6819] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [ 145.347315][ T6819] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6819) [ 145.426598][ T6819] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 145.459345][ T6819] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 6825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6822] <... write resumed>) = 16777216 [ 145.479766][ T6819] BTRFS info (device loop3): using free-space-tree [pid 6822] munmap(0x7f362be00000, 138412032 [pid 6824] <... write resumed>) = 16777216 [pid 6822] <... munmap resumed>) = 0 [pid 6824] munmap(0x7f362be00000, 138412032 [pid 6822] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6822] ioctl(4, LOOP_SET_FD, 3 [pid 6824] <... munmap resumed>) = 0 [pid 6824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6823] <... write resumed>) = 16777216 [pid 6822] <... ioctl resumed>) = 0 [pid 6819] <... mount resumed>) = 0 [pid 6824] close(3 [pid 6823] munmap(0x7f362be00000, 138412032 [pid 6819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6824] <... close resumed>) = 0 [pid 6822] close(3) = 0 [pid 6824] close(4 [pid 6822] close(4 [pid 6819] <... openat resumed>) = 3 [pid 6824] <... close resumed>) = 0 [pid 6824] mkdir("./file0", 0777 [pid 6819] chdir("./file0") = 0 [pid 6824] <... mkdir resumed>) = 0 [pid 6822] <... close resumed>) = 0 [pid 6819] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6824] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6819] <... openat resumed>) = 4 [ 145.599633][ T6822] loop1: detected capacity change from 0 to 32768 [ 145.615073][ T6824] loop0: detected capacity change from 0 to 32768 [pid 6822] mkdir("./file0", 0777 [pid 6819] ioctl(4, LOOP_CLR_FD [pid 6822] <... mkdir resumed>) = 0 [pid 6822] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6819] <... ioctl resumed>) = 0 [pid 6819] close(4) = 0 [pid 6819] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6819] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6819] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6819] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6819] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6819] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6819] exit_group(0) = ? [ 145.661955][ T6824] BTRFS: device /dev/loop0 (7:0) using temp-fsid b73c67f6-4099-4e02-b8c8-e7c5e1964064 [ 145.682392][ T6824] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6824) [pid 6823] <... munmap resumed>) = 0 [pid 6825] <... write resumed>) = 16777216 [pid 6819] +++ exited with 0 +++ [pid 6823] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6819, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=19 /* 0.19 s */} --- [pid 6823] <... openat resumed>) = 4 [pid 6823] ioctl(4, LOOP_SET_FD, 3 [pid 6825] munmap(0x7f362be00000, 138412032 [pid 6823] <... ioctl resumed>) = 0 [pid 5851] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./11/binderfs") = 0 [pid 5851] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6825] <... munmap resumed>) = 0 [pid 6823] close(3) = 0 [pid 6823] close(4) = 0 [pid 6823] mkdir("./file0", 0777) = 0 [ 145.729246][ T6822] BTRFS: device /dev/loop1 (7:1) using temp-fsid 0ca5cc23-656a-4aa4-b4f9-ae7dfc514ab0 [ 145.741480][ T6823] loop2: detected capacity change from 0 to 32768 [ 145.751533][ T6824] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6823] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6825] close(3) = 0 [pid 6825] close(4) = 0 [pid 6825] mkdir("./file0", 0777) = 0 [ 145.789543][ T6822] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6822) [ 145.789792][ T6824] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 145.803908][ T6825] loop4: detected capacity change from 0 to 32768 [ 145.834774][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 145.867574][ T6823] BTRFS: device /dev/loop2 (7:2) using temp-fsid 8e4cae08-64e2-41b2-91da-ca3dafea9c3b [ 145.887942][ T6822] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 145.911177][ T6824] BTRFS info (device loop0): using free-space-tree [ 145.927770][ T6823] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6823) [ 145.949830][ T6822] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 145.965939][ T6825] BTRFS: device /dev/loop4 (7:4) using temp-fsid 100058bc-07de-49cb-8caa-ee71e7273b07 [ 145.975841][ T6822] BTRFS info (device loop1): using free-space-tree [ 145.984165][ T6823] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 146.001221][ T6825] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6825) [ 146.026699][ T6823] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 146.059472][ T6823] BTRFS info (device loop2): using free-space-tree [ 146.070319][ T6825] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 146.097959][ T6825] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 146.126019][ T6825] BTRFS info (device loop4): using free-space-tree [pid 6825] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6824] <... mount resumed>) = 0 [pid 6824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6824] chdir("./file0") = 0 [pid 6824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6824] ioctl(4, LOOP_CLR_FD) = 0 [pid 6824] close(4) = 0 [pid 6824] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6824] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6824] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6824] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6824] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6824] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6824] exit_group(0) = ? [pid 6824] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6824, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5848] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./11/binderfs") = 0 [pid 5848] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6822] <... mount resumed>) = 0 [pid 6822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6822] chdir("./file0") = 0 [pid 6822] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6822] ioctl(4, LOOP_CLR_FD) = 0 [pid 6822] close(4) = 0 [pid 6822] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6822] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6822] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... umount2 resumed>) = 0 [pid 6822] <... write resumed>) = 280 [pid 5851] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] <... mount resumed>) = 0 [pid 6822] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6822] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./11/file0", [pid 6823] <... openat resumed>) = 3 [pid 6822] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6823] chdir("./file0") = 0 [pid 6822] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6822] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6822] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6823] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6822] exit_group(0 [pid 5851] <... openat resumed>) = 4 [pid 6823] ioctl(4, LOOP_CLR_FD [pid 6822] <... exit_group resumed>) = ? [pid 5851] newfstatat(4, "", [pid 6823] <... ioctl resumed>) = 0 [pid 6823] close(4) = 0 [pid 6823] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6822] +++ exited with 0 +++ [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6822, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [ 146.343133][ T5848] BTRFS info (device loop0): last unmount of filesystem b73c67f6-4099-4e02-b8c8-e7c5e1964064 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6823] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] getdents64(4, [pid 6823] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6823] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6823] <... write resumed>) = 280 [pid 5849] <... openat resumed>) = 3 [pid 6823] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6823] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5849] newfstatat(3, "", [pid 6823] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] close(4 [pid 6823] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6823] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 6823] exit_group(0 [pid 5849] getdents64(3, [pid 6823] <... exit_group resumed>) = ? [pid 5851] rmdir("./11/file0" [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 6823] +++ exited with 0 +++ [pid 5851] <... rmdir resumed>) = 0 [pid 5849] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] getdents64(3, [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6823, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=26 /* 0.26 s */} --- [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] unlink("./11/binderfs" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] close(3 [pid 5850] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... unlink resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5850] newfstatat(3, "", [pid 5849] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./11/binderfs", [pid 6825] <... mount resumed>) = 0 [pid 5851] rmdir("./11" [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./11/binderfs") = 0 [pid 5850] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... rmdir resumed>) = 0 [pid 6825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] mkdir("./12", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6825] chdir("./file0") = 0 [pid 5851] <... openat resumed>) = 3 [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] ioctl(3, LOOP_CLR_FD [pid 6825] <... openat resumed>) = 4 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6825] ioctl(4, LOOP_CLR_FD [pid 5851] close(3 [pid 6825] <... ioctl resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 6825] close(4) = 0 [pid 6825] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6907 attached [pid 6825] <... openat resumed>) = 4 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 6907 [pid 6907] set_robust_list(0x55558aa90660, 24) = 0 [pid 6907] chdir("./12") = 0 [pid 6907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6907] setpgid(0, 0) = 0 [pid 6907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6907] write(3, "1000", 4) = 4 [pid 6907] close(3) = 0 [pid 6907] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6907] write(1, "executing program\n", 18 [pid 6825] ioctl(-1, SIOCGIFINDEX, NULL [pid 6907] <... write resumed>) = 18 [pid 6825] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6907] memfd_create("syzkaller", 0 [pid 6825] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6907] <... memfd_create resumed>) = 3 [pid 6825] <... write resumed>) = 280 [pid 6907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6825] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6907] <... mmap resumed>) = 0x7f362be00000 [pid 6825] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6825] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 146.460937][ T5849] BTRFS info (device loop1): last unmount of filesystem 0ca5cc23-656a-4aa4-b4f9-ae7dfc514ab0 [pid 6825] exit_group(0) = ? [pid 6825] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6825, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=27 /* 0.27 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./11/binderfs") = 0 [ 146.541416][ T5850] BTRFS info (device loop2): last unmount of filesystem 8e4cae08-64e2-41b2-91da-ca3dafea9c3b [pid 5852] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./11/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./11") = 0 [pid 5849] mkdir("./12", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [ 146.665404][ T5852] BTRFS info (device loop4): last unmount of filesystem 100058bc-07de-49cb-8caa-ee71e7273b07 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6909 attached [pid 6909] set_robust_list(0x55558aa90660, 24) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 6909 [pid 5848] <... umount2 resumed>) = 0 [pid 6909] chdir("./12") = 0 [pid 6909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6909] setpgid(0, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6909] <... setpgid resumed>) = 0 [pid 6909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] newfstatat(AT_FDCWD, "./11/file0", [pid 6909] <... openat resumed>) = 3 [pid 5852] <... umount2 resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6909] write(3, "1000", 4) = 4 [pid 5852] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6909] close(3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6909] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6909] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... openat resumed>) = 4 [pid 5852] newfstatat(AT_FDCWD, "./11/file0", [pid 6909] <... symlink resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] newfstatat(4, "", [pid 5852] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 executing program [pid 6909] write(1, "executing program\n", 18 [pid 5852] rmdir("./11/file0" [pid 5848] getdents64(4, [pid 6909] <... write resumed>) = 18 [pid 6909] memfd_create("syzkaller", 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, [pid 5848] getdents64(4, [pid 6909] <... memfd_create resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] close(4 [pid 5852] close(3 [pid 6909] <... mmap resumed>) = 0x7f362be00000 [pid 5848] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./11" [pid 5848] rmdir("./11/file0" [pid 5852] <... rmdir resumed>) = 0 [pid 5852] mkdir("./12", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] <... rmdir resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] getdents64(3, [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6910 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./11"./strace-static-x86_64: Process 6910 attached [pid 6910] set_robust_list(0x55558aa90660, 24) = 0 [pid 6910] chdir("./12") = 0 [pid 6910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 6910] setpgid(0, 0) = 0 [pid 5848] mkdir("./12", 0777 [pid 6910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] <... mkdir resumed>) = 0 [pid 6910] write(3, "1000", 4executing program ) = 4 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6910] close(3) = 0 [pid 6910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6910] write(1, "executing program\n", 18) = 18 [pid 5848] <... openat resumed>) = 3 [pid 6910] memfd_create("syzkaller", 0 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3 [pid 6910] <... memfd_create resumed>) = 3 [pid 6910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6911 attached [pid 6911] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 6911 [pid 6911] <... set_robust_list resumed>) = 0 [pid 6911] chdir("./12") = 0 [pid 6911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6911] setpgid(0, 0) = 0 [pid 6911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6911] write(3, "1000", 4) = 4 [pid 6911] close(3) = 0 [pid 6911] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6911] write(1, "executing program\n", 18) = 18 [pid 6911] memfd_create("syzkaller", 0) = 3 [pid 6911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 6907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./11/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./11") = 0 [pid 5850] mkdir("./12", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6912 attached [pid 6912] set_robust_list(0x55558aa90660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 6912 [pid 6912] <... set_robust_list resumed>) = 0 [pid 6912] chdir("./12") = 0 [pid 6912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6912] setpgid(0, 0) = 0 [pid 6912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6912] write(3, "1000", 4) = 4 [pid 6912] close(3) = 0 [pid 6912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6912] write(1, "executing program\n", 18executing program ) = 18 [pid 6912] memfd_create("syzkaller", 0) = 3 [pid 6912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6907] <... write resumed>) = 16777216 [pid 6907] munmap(0x7f362be00000, 138412032) = 0 [pid 6907] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6907] close(3) = 0 [pid 6907] close(4) = 0 [ 147.646532][ T6907] loop3: detected capacity change from 0 to 32768 [pid 6907] mkdir("./file0", 0777) = 0 [ 147.695819][ T6907] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6907) [pid 6907] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6909] <... write resumed>) = 16777216 [pid 6909] munmap(0x7f362be00000, 138412032 [pid 6910] <... write resumed>) = 16777216 [pid 6909] <... munmap resumed>) = 0 [pid 6909] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 147.766666][ T6907] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 147.795195][ T6907] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 6911] <... write resumed>) = 16777216 [pid 6910] munmap(0x7f362be00000, 138412032 [pid 6909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6909] close(3) = 0 [pid 6909] close(4) = 0 [pid 6909] mkdir("./file0", 0777) = 0 [pid 6909] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6911] munmap(0x7f362be00000, 138412032 [pid 6910] <... munmap resumed>) = 0 [ 147.811211][ T6907] BTRFS info (device loop3): using free-space-tree [ 147.819684][ T6909] loop1: detected capacity change from 0 to 32768 [pid 6911] <... munmap resumed>) = 0 [pid 6910] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6910] ioctl(4, LOOP_SET_FD, 3 [pid 6911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6911] ioctl(4, LOOP_SET_FD, 3 [pid 6910] <... ioctl resumed>) = 0 [pid 6910] close(3) = 0 [pid 6910] close(4) = 0 [ 147.860548][ T6909] BTRFS: device /dev/loop1 (7:1) using temp-fsid e570232b-8a72-44ec-baed-f024959b3a8a [ 147.885568][ T6910] loop4: detected capacity change from 0 to 32768 [ 147.902693][ T6911] loop0: detected capacity change from 0 to 32768 [pid 6912] <... write resumed>) = 16777216 [pid 6911] <... ioctl resumed>) = 0 [pid 6910] mkdir("./file0", 0777 [pid 6912] munmap(0x7f362be00000, 138412032 [pid 6911] close(3 [pid 6910] <... mkdir resumed>) = 0 [pid 6910] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6911] <... close resumed>) = 0 [pid 6911] close(4 [pid 6912] <... munmap resumed>) = 0 [pid 6911] <... close resumed>) = 0 [pid 6911] mkdir("./file0", 0777) = 0 [pid 6911] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6912] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 147.925572][ T6909] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6909) [pid 6912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6912] close(3) = 0 [pid 6912] close(4) = 0 [ 147.981997][ T6912] loop2: detected capacity change from 0 to 32768 [ 147.999836][ T6910] BTRFS: device /dev/loop4 (7:4) using temp-fsid fed83adf-451b-4840-81fa-98ce972a7d71 [pid 6912] mkdir("./file0", 0777) = 0 [pid 6912] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6907] <... mount resumed>) = 0 [pid 6907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6907] chdir("./file0") = 0 [ 148.040682][ T6909] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 148.065588][ T6910] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6910) [pid 6907] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6907] ioctl(4, LOOP_CLR_FD) = 0 [pid 6907] close(4) = 0 [pid 6907] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6907] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6907] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6907] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 148.094773][ T6909] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 148.108316][ T6911] BTRFS: device /dev/loop0 (7:0) using temp-fsid cfe4221b-1052-4467-968f-1b198df8baa6 [ 148.124153][ T6909] BTRFS info (device loop1): using free-space-tree [pid 6907] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6907] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6907] exit_group(0) = ? [pid 6907] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6907, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=34 /* 0.34 s */} --- [ 148.137046][ T6910] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 148.148022][ T6911] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6911) [ 148.162935][ T6910] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 148.183728][ T6912] BTRFS: device /dev/loop2 (7:2) using temp-fsid ba198ada-e64e-43aa-9dc7-19d47e035bf8 [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./12/binderfs") = 0 [ 148.194454][ T6911] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 148.205857][ T6910] BTRFS info (device loop4): using free-space-tree [ 148.221262][ T6912] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (6912) [ 148.237346][ T6911] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 148.247712][ T6911] BTRFS info (device loop0): using free-space-tree [ 148.250487][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 148.302303][ T6912] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 148.349246][ T6912] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 148.358777][ T6912] BTRFS info (device loop2): using free-space-tree [pid 5851] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6909] <... mount resumed>) = 0 [pid 6909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6909] chdir("./file0") = 0 [pid 6909] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6909] ioctl(4, LOOP_CLR_FD) = 0 [pid 6909] close(4) = 0 [pid 6909] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6909] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6909] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6909] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6909] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6909] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6909] exit_group(0) = ? [pid 6909] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6909, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./12/binderfs") = 0 [ 148.558345][ T5849] BTRFS info (device loop1): last unmount of filesystem e570232b-8a72-44ec-baed-f024959b3a8a [pid 5849] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6911] <... mount resumed>) = 0 [pid 6911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6911] chdir("./file0") = 0 [pid 6911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6911] ioctl(4, LOOP_CLR_FD) = 0 [pid 6911] close(4) = 0 [pid 6911] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6911] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6911] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6911] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6910] <... mount resumed>) = 0 [pid 6910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6911] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6910] <... openat resumed>) = 3 [pid 6911] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6911] exit_group(0) = ? [pid 6912] <... mount resumed>) = 0 [pid 6910] chdir("./file0" [pid 6912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6910] <... chdir resumed>) = 0 [pid 6911] +++ exited with 0 +++ [pid 6912] <... openat resumed>) = 3 [pid 6910] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] <... umount2 resumed>) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6911, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=22 /* 0.22 s */} --- [pid 6912] chdir("./file0" [pid 6910] <... openat resumed>) = 4 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 6912] <... chdir resumed>) = 0 [pid 6910] ioctl(4, LOOP_CLR_FD [pid 6912] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6910] <... ioctl resumed>) = 0 [pid 5849] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... restart_syscall resumed>) = 0 [pid 6912] <... openat resumed>) = 4 [pid 6910] close(4 [pid 5851] <... umount2 resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./12/file0", [pid 5848] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] newfstatat(AT_FDCWD, "./12/file0", [pid 5848] <... openat resumed>) = 3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] newfstatat(3, "", [pid 5851] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(3, [pid 5851] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6912] ioctl(4, LOOP_CLR_FD [pid 6910] <... close resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 5849] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] newfstatat(4, "", [pid 5848] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] getdents64(4, [pid 5848] newfstatat(AT_FDCWD, "./12/binderfs", [pid 6912] <... ioctl resumed>) = 0 [pid 6910] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] getdents64(4, [pid 5848] unlink("./12/binderfs" [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6912] close(4 [pid 6910] <... openat resumed>) = 4 [pid 5851] close(4 [pid 5849] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... unlink resumed>) = 0 [pid 5848] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... close resumed>) = 0 [pid 6912] <... close resumed>) = 0 [pid 6910] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] rmdir("./12/file0" [pid 5849] <... openat resumed>) = 4 [pid 6912] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6910] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] <... rmdir resumed>) = 0 [pid 5849] newfstatat(4, "", [pid 5851] getdents64(3, [pid 6912] <... openat resumed>) = 4 [pid 6910] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] close(3 [pid 5849] getdents64(4, [pid 5851] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] rmdir("./12" [pid 5849] getdents64(4, [pid 6910] <... write resumed>) = 280 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6910] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] close(4 [pid 5851] mkdir("./13", 0777 [pid 6910] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... mkdir resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6912] ioctl(-1, SIOCGIFINDEX, NULL [pid 6910] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... openat resumed>) = 3 [pid 5849] rmdir("./12/file0" [pid 5851] ioctl(3, LOOP_CLR_FD [pid 6912] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6910] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] <... rmdir resumed>) = 0 [pid 6912] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 6910] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 6912] <... write resumed>) = 280 [pid 6910] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(3, [pid 6912] bpf(BPF_MAP_CREATE, NULL, 0 [pid 6910] exit_group(0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6912] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6910] <... exit_group resumed>) = ? [pid 5849] close(3 [pid 6912] bpf(BPF_PROG_LOAD, NULL, 0 [pid 6910] +++ exited with 0 +++ [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6912] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] <... close resumed>) = 0 [pid 6912] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6910, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 5851] close(3 [pid 6912] exit_group(0 [pid 5851] <... close resumed>) = 0 [pid 6912] <... exit_group resumed>) = ? [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6912] +++ exited with 0 +++ [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 6994 [pid 5852] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] rmdir("./12" [pid 5852] <... openat resumed>) = 3 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6912, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- [pid 5849] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6994 attached [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5849] mkdir("./13", 0777 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5850] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... mkdir resumed>) = 0 [pid 5852] newfstatat(3, "", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6994] set_robust_list(0x55558aa90660, 24 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] <... openat resumed>) = 3 [pid 5850] newfstatat(3, "", [pid 6994] <... set_robust_list resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6994] chdir("./13" [pid 5852] getdents64(3, [pid 5850] getdents64(3, [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 6994] <... chdir resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5850] newfstatat(AT_FDCWD, "./12/binderfs", [pid 6994] <... prctl resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6994] setpgid(0, 0 [pid 5852] unlink("./12/binderfs" [pid 5850] unlink("./12/binderfs" [pid 5849] ioctl(3, LOOP_CLR_FD [pid 6994] <... setpgid resumed>) = 0 [pid 5852] <... unlink resumed>) = 0 [pid 5850] <... unlink resumed>) = 0 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) executing program [pid 6994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] close(3 [pid 6994] <... openat resumed>) = 3 [pid 6994] write(3, "1000", 4) = 4 [pid 6994] close(3) = 0 [pid 6994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6994] write(1, "executing program\n", 18) = 18 [pid 6994] memfd_create("syzkaller", 0) = 3 [pid 6994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... close resumed>) = 0 [ 148.794592][ T5848] BTRFS info (device loop0): last unmount of filesystem cfe4221b-1052-4467-968f-1b198df8baa6 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6997 attached , child_tidptr=0x55558aa90650) = 6997 [pid 6997] set_robust_list(0x55558aa90660, 24) = 0 [pid 6997] chdir("./13") = 0 [pid 6997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6997] setpgid(0, 0 [pid 5848] <... umount2 resumed>) = 0 [pid 6997] <... setpgid resumed>) = 0 [pid 6997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6997] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 148.890772][ T5850] BTRFS info (device loop2): last unmount of filesystem ba198ada-e64e-43aa-9dc7-19d47e035bf8 [pid 5848] newfstatat(AT_FDCWD, "./12/file0", [pid 6997] write(3, "1000", 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6997] <... write resumed>) = 4 [pid 6997] close(3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6997] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6997] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... openat resumed>) = 4 [pid 6997] <... symlink resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 6997] write(1, "executing program\n", 18 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6997] <... write resumed>) = 18 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 6997] memfd_create("syzkaller", 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 6997] <... memfd_create resumed>) = 3 [pid 5848] close(4) = 0 [pid 5848] rmdir("./12/file0" [pid 6997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 6997] <... mmap resumed>) = 0x7f362be00000 [pid 5848] close(3) = 0 [ 148.942040][ T5852] BTRFS info (device loop4): last unmount of filesystem fed83adf-451b-4840-81fa-98ce972a7d71 [pid 5848] rmdir("./12") = 0 [pid 5848] mkdir("./13", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 6998 ./strace-static-x86_64: Process 6998 attached [pid 6998] set_robust_list(0x55558aa90660, 24) = 0 [pid 6998] chdir("./13") = 0 [pid 6998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6998] setpgid(0, 0) = 0 [pid 6998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6998] write(3, "1000", 4) = 4 [pid 6998] close(3) = 0 [pid 6998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6998] write(1, "executing program\n", 18executing program ) = 18 [pid 5852] <... umount2 resumed>) = 0 [pid 6998] memfd_create("syzkaller", 0 [pid 5852] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./12/file0", [pid 6998] <... memfd_create resumed>) = 3 [pid 6998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./12/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./12") = 0 [pid 5852] mkdir("./13", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6999 attached [pid 6999] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 6999 [pid 6999] <... set_robust_list resumed>) = 0 [pid 6999] chdir("./13") = 0 [pid 6999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6999] setpgid(0, 0) = 0 [pid 6999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6999] write(3, "1000", 4) = 4 [pid 6999] close(3) = 0 [pid 6999] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6999] write(1, "executing program\n", 18) = 18 [pid 6999] memfd_create("syzkaller", 0) = 3 [pid 6999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./12/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./12") = 0 [pid 5850] mkdir("./13", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7000 attached , child_tidptr=0x55558aa90650) = 7000 [pid 7000] set_robust_list(0x55558aa90660, 24) = 0 [pid 7000] chdir("./13") = 0 [pid 7000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7000] setpgid(0, 0) = 0 [pid 7000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7000] write(3, "1000", 4) = 4 [pid 7000] close(3) = 0 [pid 7000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7000] write(1, "executing program\n", 18executing program ) = 18 [pid 7000] memfd_create("syzkaller", 0) = 3 [pid 7000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 6994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6994] <... write resumed>) = 16777216 [pid 7000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6997] <... write resumed>) = 16777216 [pid 6997] munmap(0x7f362be00000, 138412032 [pid 6994] munmap(0x7f362be00000, 138412032) = 0 [pid 6997] <... munmap resumed>) = 0 [pid 6994] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6994] ioctl(4, LOOP_SET_FD, 3 [pid 6997] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6997] ioctl(4, LOOP_SET_FD, 3 [pid 6994] <... ioctl resumed>) = 0 [pid 6994] close(3) = 0 [pid 6994] close(4) = 0 [pid 6994] mkdir("./file0", 0777) = 0 [ 149.947010][ T6994] loop3: detected capacity change from 0 to 32768 [ 149.965158][ T6997] loop1: detected capacity change from 0 to 32768 [pid 6994] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 6997] <... ioctl resumed>) = 0 [pid 6997] close(3) = 0 [pid 6997] close(4) = 0 [pid 6997] mkdir("./file0", 0777) = 0 [ 149.984798][ T6994] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (6994) [ 150.041076][ T6994] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 150.053705][ T6997] BTRFS: device /dev/loop1 (7:1) using temp-fsid 2852b5fa-12b1-470e-a08a-7a6b3f3e0114 [ 150.059243][ T6994] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 6997] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 6998] <... write resumed>) = 16777216 [pid 6998] munmap(0x7f362be00000, 138412032) = 0 [pid 6998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 150.091846][ T6997] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (6997) [ 150.105753][ T6994] BTRFS info (device loop3): using free-space-tree [ 150.128074][ T6998] loop0: detected capacity change from 0 to 32768 [pid 6998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6998] close(3) = 0 [pid 6998] close(4) = 0 [pid 6998] mkdir("./file0", 0777) = 0 [ 150.144420][ T6997] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 150.169732][ T6998] BTRFS: device /dev/loop0 (7:0) using temp-fsid 8488696a-2259-4222-ba14-06536ca37974 [pid 6998] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 6999] <... write resumed>) = 16777216 [ 150.206860][ T6998] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (6998) [ 150.220480][ T6997] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 6999] munmap(0x7f362be00000, 138412032) = 0 [pid 6999] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 150.247456][ T6997] BTRFS info (device loop1): using free-space-tree [ 150.276928][ T6998] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 6999] ioctl(4, LOOP_SET_FD, 3 [pid 6994] <... mount resumed>) = 0 [pid 6994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6999] <... ioctl resumed>) = 0 [pid 6994] <... openat resumed>) = 3 [pid 6999] close(3 [pid 6994] chdir("./file0" [pid 6999] <... close resumed>) = 0 [pid 6994] <... chdir resumed>) = 0 [pid 6999] close(4 [pid 6994] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6999] <... close resumed>) = 0 [pid 6994] <... openat resumed>) = 4 [pid 6999] mkdir("./file0", 0777 [pid 6994] ioctl(4, LOOP_CLR_FD [pid 6999] <... mkdir resumed>) = 0 [pid 6994] <... ioctl resumed>) = 0 [pid 6994] close(4) = 0 [pid 6994] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6999] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 6994] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 150.292897][ T6999] loop4: detected capacity change from 0 to 32768 [pid 7000] <... write resumed>) = 16777216 [pid 6994] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6994] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6994] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6994] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6994] exit_group(0) = ? [pid 6994] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6994, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 150.337554][ T6999] BTRFS: device /dev/loop4 (7:4) using temp-fsid 61010eee-3cf9-4c89-ac41-250306975bdd [ 150.365174][ T6998] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5851] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7000] munmap(0x7f362be00000, 138412032 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 150.416423][ T6999] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (6999) [ 150.430806][ T6998] BTRFS info (device loop0): using free-space-tree [pid 5851] unlink("./13/binderfs") = 0 [pid 5851] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7000] <... munmap resumed>) = 0 [pid 7000] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6997] <... mount resumed>) = 0 [pid 6997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6997] chdir("./file0") = 0 [pid 6997] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6997] ioctl(4, LOOP_CLR_FD) = 0 [pid 6997] close(4) = 0 [pid 6997] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6997] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6997] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6997] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6997] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6997] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6997] exit_group(0) = ? [pid 6997] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6997, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./13/binderfs", [pid 7000] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 150.459392][ T6999] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 150.473956][ T6999] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 150.487476][ T6999] BTRFS info (device loop4): using free-space-tree [pid 5849] unlink("./13/binderfs") = 0 [ 150.507825][ T7000] loop2: detected capacity change from 0 to 32768 [pid 5849] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7000] <... ioctl resumed>) = 0 [pid 7000] close(3) = 0 [pid 7000] close(4) = 0 [pid 7000] mkdir("./file0", 0777) = 0 [ 150.539020][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 150.561303][ T5849] BTRFS info (device loop1): last unmount of filesystem 2852b5fa-12b1-470e-a08a-7a6b3f3e0114 [ 150.580697][ T7000] BTRFS: device /dev/loop2 (7:2) using temp-fsid 7e4c1f27-aa05-43c6-b927-2d63e4bf2d55 [ 150.625974][ T7000] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7000) [ 150.646419][ T7000] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 150.660189][ T7000] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 7000] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 6998] <... mount resumed>) = 0 [pid 6998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6998] chdir("./file0") = 0 [pid 6998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6998] ioctl(4, LOOP_CLR_FD) = 0 [pid 6998] close(4) = 0 [pid 6998] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6998] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6998] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 6998] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6998] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 6998] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 6998] exit_group(0) = ? [pid 6998] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6998, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- [pid 5848] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./13/binderfs") = 0 [ 150.697243][ T7000] BTRFS info (device loop2): using free-space-tree [ 150.782645][ T5848] BTRFS info (device loop0): last unmount of filesystem 8488696a-2259-4222-ba14-06536ca37974 [pid 5848] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6999] <... mount resumed>) = 0 [pid 6999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6999] chdir("./file0") = 0 [pid 6999] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6999] ioctl(4, LOOP_CLR_FD) = 0 [pid 6999] close(4) = 0 [pid 6999] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6999] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 6999] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... umount2 resumed>) = 0 [pid 6999] <... write resumed>) = 280 [pid 5851] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6999] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6999] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] newfstatat(AT_FDCWD, "./13/file0", [pid 6999] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 6999] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6999] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 6999] exit_group(0 [pid 5851] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6999] <... exit_group resumed>) = ? [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6999] +++ exited with 0 +++ [pid 5851] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6999, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] newfstatat(4, "", [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... restart_syscall resumed>) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 5852] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] close(4 [pid 5852] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... close resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5851] rmdir("./13/file0" [pid 5852] newfstatat(3, "", [pid 5851] <... rmdir resumed>) = 0 [pid 7000] <... mount resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, [pid 7000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] getdents64(3, [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 7000] <... openat resumed>) = 3 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] rmdir("./13" [pid 7000] chdir("./file0" [pid 5852] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 7000] <... chdir resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] mkdir("./14", 0777 [pid 5848] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7000] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5851] <... mkdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7000] <... openat resumed>) = 4 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] newfstatat(AT_FDCWD, "./13/file0", [pid 7000] ioctl(4, LOOP_CLR_FD [pid 5852] unlink("./13/binderfs" [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7000] <... ioctl resumed>) = 0 [pid 5852] <... unlink resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5848] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5848] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7000] close(4 [pid 5851] close(3 [pid 5848] <... openat resumed>) = 4 [pid 5852] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... close resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 7000] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7000] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7081 attached [pid 7000] <... openat resumed>) = 4 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 7081] set_robust_list(0x55558aa90660, 24 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./13/file0" [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7081 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 7081] <... set_robust_list resumed>) = 0 [pid 7000] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./13" [pid 7000] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... rmdir resumed>) = 0 [pid 7000] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 7081] chdir("./14" [pid 7000] <... write resumed>) = 280 [pid 5848] mkdir("./14", 0777 [pid 7081] <... chdir resumed>) = 0 [pid 7081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 7081] setpgid(0, 0 [pid 7000] bpf(BPF_MAP_CREATE, NULL, 0 [pid 7081] <... setpgid resumed>) = 0 [pid 7081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7000] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7081] <... openat resumed>) = 3 [pid 7081] write(3, "1000", 4 [pid 7000] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7081] <... write resumed>) = 4 [pid 7081] close(3 [pid 7000] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] <... openat resumed>) = 3 [pid 7081] <... close resumed>) = 0 [pid 7081] symlink("/dev/binderfs", "./binderfs" [pid 7000] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] ioctl(3, LOOP_CLR_FDexecuting program [pid 7081] <... symlink resumed>) = 0 [pid 7000] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... ioctl resumed>) = 0 [pid 7081] write(1, "executing program\n", 18) = 18 [pid 7000] exit_group(0 [pid 5848] close(3 [pid 7000] <... exit_group resumed>) = ? [pid 5848] <... close resumed>) = 0 [pid 7081] memfd_create("syzkaller", 0 [pid 7000] +++ exited with 0 +++ [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7082 attached [pid 7081] <... memfd_create resumed>) = 3 [pid 7081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7000, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=28 /* 0.28 s */} --- [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7082 [pid 7082] set_robust_list(0x55558aa90660, 24 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 7082] <... set_robust_list resumed>) = 0 [pid 7082] chdir("./14" [pid 5850] <... restart_syscall resumed>) = 0 [pid 5850] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", [pid 7082] <... chdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] getdents64(3, [pid 7082] <... prctl resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7082] setpgid(0, 0 [pid 5850] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7082] <... setpgid resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./13/binderfs" [pid 7082] <... openat resumed>) = 3 [pid 5850] <... unlink resumed>) = 0 [pid 5850] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7082] write(3, "1000", 4) = 4 [pid 7082] close(3) = 0 [pid 7082] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7082] write(1, "executing program\n", 18) = 18 [pid 7082] memfd_create("syzkaller", 0) = 3 [pid 7082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./13/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./13") = 0 [pid 5849] mkdir("./14", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7083 attached [pid 7083] set_robust_list(0x55558aa90660, 24) = 0 [pid 7083] chdir("./14") = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7083 [pid 7083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7083] setpgid(0, 0) = 0 [pid 7083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7083] write(3, "1000", 4) = 4 [pid 7083] close(3) = 0 [pid 7083] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7083] write(1, "executing program\n", 18) = 18 [pid 7083] memfd_create("syzkaller", 0) = 3 [pid 7083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 151.131097][ T5852] BTRFS info (device loop4): last unmount of filesystem 61010eee-3cf9-4c89-ac41-250306975bdd [ 151.150212][ T5850] BTRFS info (device loop2): last unmount of filesystem 7e4c1f27-aa05-43c6-b927-2d63e4bf2d55 [pid 7081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", [pid 5852] <... umount2 resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] getdents64(4, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] newfstatat(AT_FDCWD, "./13/file0", [pid 5850] getdents64(4, [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] close(4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... close resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] rmdir("./13/file0" [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5852] getdents64(4, [pid 5850] getdents64(3, [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] getdents64(4, [pid 5850] close(3 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... close resumed>) = 0 [pid 5852] close(4 [pid 5850] rmdir("./13" [pid 5852] <... close resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5852] rmdir("./13/file0" [pid 5850] mkdir("./14", 0777 [pid 5852] <... rmdir resumed>) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] getdents64(3, [pid 5850] <... openat resumed>) = 3 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5852] close(3 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] <... close resumed>) = 0 [pid 5850] close(3) = 0 [pid 5852] rmdir("./13" [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7084 attached , child_tidptr=0x55558aa90650) = 7084 [pid 7084] set_robust_list(0x55558aa90660, 24) = 0 [pid 7084] chdir("./14") = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 7084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] mkdir("./14", 0777 [pid 7084] <... prctl resumed>) = 0 [pid 7084] setpgid(0, 0 [pid 5852] <... mkdir resumed>) = 0 [pid 7084] <... setpgid resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 7084] <... openat resumed>) = 3 [pid 7084] write(3, "1000", 4 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7084] <... write resumed>) = 4 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7085 attached [pid 7084] close(3 [pid 7085] set_robust_list(0x55558aa90660, 24 [pid 7084] <... close resumed>) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 7085 [pid 7085] <... set_robust_list resumed>) = 0 [pid 7084] symlink("/dev/binderfs", "./binderfs"executing program [pid 7085] chdir("./14" [pid 7084] <... symlink resumed>) = 0 [pid 7085] <... chdir resumed>) = 0 [pid 7084] write(1, "executing program\n", 18 [pid 7085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7084] <... write resumed>) = 18 [pid 7085] <... prctl resumed>) = 0 [pid 7085] setpgid(0, 0 [pid 7084] memfd_create("syzkaller", 0 [pid 7085] <... setpgid resumed>) = 0 [pid 7085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7084] <... memfd_create resumed>) = 3 [pid 7085] write(3, "1000", 4 [pid 7084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7085] <... write resumed>) = 4 [pid 7084] <... mmap resumed>) = 0x7f362be00000 [pid 7085] close(3) = 0 [pid 7085] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7085] write(1, "executing program\n", 18) = 18 [pid 7085] memfd_create("syzkaller", 0) = 3 [pid 7085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7083] <... write resumed>) = 16777216 [pid 7083] munmap(0x7f362be00000, 138412032) = 0 [pid 7083] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7081] <... write resumed>) = 16777216 [pid 7083] close(3 [pid 7082] <... write resumed>) = 16777216 [pid 7083] <... close resumed>) = 0 [pid 7082] munmap(0x7f362be00000, 138412032 [pid 7081] munmap(0x7f362be00000, 138412032 [pid 7083] close(4 [pid 7082] <... munmap resumed>) = 0 [pid 7083] <... close resumed>) = 0 [pid 7083] mkdir("./file0", 0777) = 0 [pid 7081] <... munmap resumed>) = 0 [ 151.881060][ T7083] loop1: detected capacity change from 0 to 32768 [pid 7082] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7083] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7081] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7082] <... openat resumed>) = 4 [pid 7081] <... openat resumed>) = 4 [pid 7082] ioctl(4, LOOP_SET_FD, 3 [pid 7081] ioctl(4, LOOP_SET_FD, 3 [pid 7082] <... ioctl resumed>) = 0 [ 151.951082][ T7083] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7083) [ 151.956838][ T7081] loop3: detected capacity change from 0 to 32768 [ 151.971223][ T7082] loop0: detected capacity change from 0 to 32768 [pid 7082] close(3) = 0 [pid 7082] close(4) = 0 [pid 7082] mkdir("./file0", 0777) = 0 [pid 7082] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7081] <... ioctl resumed>) = 0 [ 151.994069][ T7083] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 152.019458][ T7082] BTRFS: device /dev/loop0 (7:0) using temp-fsid 09311cb8-7f47-4b3d-80f5-0a63d9442b76 [ 152.032898][ T7083] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 7084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7081] close(3) = 0 [pid 7081] close(4) = 0 [pid 7081] mkdir("./file0", 0777) = 0 [ 152.041760][ T7082] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7082) [ 152.055706][ T7083] BTRFS info (device loop1): using free-space-tree [pid 7085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 152.105063][ T7082] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 152.130488][ T7081] BTRFS: device /dev/loop3 (7:3) using temp-fsid 72e8e73c-2a07-4e6b-bf77-138f1dd0013b [ 152.148803][ T7082] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 152.169560][ T7081] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7081) [ 152.201639][ T7082] BTRFS info (device loop0): using free-space-tree [ 152.249871][ T7081] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 152.277105][ T7081] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 7081] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7083] <... mount resumed>) = 0 [pid 7083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 152.332487][ T7081] BTRFS info (device loop3): using free-space-tree [pid 7083] chdir("./file0") = 0 [pid 7083] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7083] ioctl(4, LOOP_CLR_FD) = 0 [pid 7083] close(4) = 0 [pid 7083] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7083] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7083] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7083] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7083] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7083] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7083] exit_group(0) = ? [pid 7083] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7083, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./14/binderfs" [pid 7085] <... write resumed>) = 16777216 [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7085] munmap(0x7f362be00000, 138412032) = 0 [pid 7085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7085] close(3) = 0 [pid 7085] close(4 [pid 7082] <... mount resumed>) = 0 [pid 7082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7082] chdir("./file0") = 0 [pid 7082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7082] ioctl(4, LOOP_CLR_FD) = 0 [pid 7085] <... close resumed>) = 0 [pid 7082] close(4) = 0 [ 152.511688][ T7085] loop4: detected capacity change from 0 to 32768 [pid 7082] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7085] mkdir("./file0", 0777 [pid 7082] ioctl(-1, SIOCGIFINDEX, NULL [pid 7085] <... mkdir resumed>) = 0 [pid 7085] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7082] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7084] <... write resumed>) = 16777216 [pid 7082] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7082] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7084] munmap(0x7f362be00000, 138412032 [pid 7082] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7082] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7082] exit_group(0) = ? [ 152.578210][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 152.591417][ T7085] BTRFS: device /dev/loop4 (7:4) using temp-fsid 6627e509-88e7-459a-8bd3-2dd6d5226688 [ 152.602523][ T7085] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7085) [pid 7082] +++ exited with 0 +++ [pid 7081] <... mount resumed>) = 0 [pid 7081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7082, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- [pid 7081] <... openat resumed>) = 3 [pid 7081] chdir("./file0") = 0 [pid 5848] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7081] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7081] <... openat resumed>) = 4 [pid 5848] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7084] <... munmap resumed>) = 0 [pid 7081] ioctl(4, LOOP_CLR_FD [pid 5848] <... openat resumed>) = 3 [pid 7081] <... ioctl resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 7081] close(4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7081] <... close resumed>) = 0 [pid 5848] getdents64(3, [pid 7081] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7084] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7081] <... openat resumed>) = 4 [ 152.623214][ T7085] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 152.633510][ T7085] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 152.643139][ T7085] BTRFS info (device loop4): using free-space-tree [pid 5848] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7084] <... openat resumed>) = 4 [pid 7081] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./14/binderfs" [pid 7084] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... unlink resumed>) = 0 [pid 5848] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7081] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7081] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7081] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7081] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7081] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7081] exit_group(0) = ? [pid 7081] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7081, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=35 /* 0.35 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 7084] <... ioctl resumed>) = 0 [pid 7084] close(3 [pid 5851] <... restart_syscall resumed>) = 0 [pid 7084] <... close resumed>) = 0 [pid 5851] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7084] close(4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7084] <... close resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./14/binderfs") = 0 [pid 5851] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7084] mkdir("./file0", 0777) = 0 [ 152.693149][ T7084] loop2: detected capacity change from 0 to 32768 [ 152.733267][ T7084] BTRFS: device /dev/loop2 (7:2) using temp-fsid e91cc913-4d65-4def-8d98-dabd51ef5e5c [ 152.766425][ T5848] BTRFS info (device loop0): last unmount of filesystem 09311cb8-7f47-4b3d-80f5-0a63d9442b76 [ 152.767379][ T5851] BTRFS info (device loop3): last unmount of filesystem 72e8e73c-2a07-4e6b-bf77-138f1dd0013b [ 152.793837][ T7084] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7084) [pid 7084] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 152.879066][ T7084] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./14/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./14") = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5848] mkdir("./15", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7151 attached , child_tidptr=0x55558aa90650) = 7151 [pid 7151] set_robust_list(0x55558aa90660, 24) = 0 [pid 7151] chdir("./15" [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7151] <... chdir resumed>) = 0 [pid 7151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7151] setpgid(0, 0) = 0 [pid 7151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] newfstatat(AT_FDCWD, "./14/file0", [pid 7151] <... openat resumed>) = 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7151] write(3, "1000", 4 [pid 7085] <... mount resumed>) = 0 [pid 5849] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7151] <... write resumed>) = 4 [pid 7085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7151] close(3 [pid 7085] <... openat resumed>) = 3 [pid 7151] <... close resumed>) = 0 [pid 7085] chdir("./file0" [pid 7151] symlink("/dev/binderfs", "./binderfs" [pid 7085] <... chdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7151] <... symlink resumed>) = 0 [pid 7085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7151] write(1, "executing program\n", 18 [pid 7085] <... openat resumed>) = 4 [pid 5849] <... openat resumed>) = 4 [pid 7085] ioctl(4, LOOP_CLR_FD) = 0 [pid 7085] close(4executing program [pid 7151] <... write resumed>) = 18 [pid 7085] <... close resumed>) = 0 [pid 7151] memfd_create("syzkaller", 0 [pid 7085] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] newfstatat(4, "", [pid 7151] <... memfd_create resumed>) = 3 [pid 7085] <... openat resumed>) = 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] getdents64(4, [pid 7151] <... mmap resumed>) = 0x7f362be00000 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7085] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7085] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7085] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7085] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7085] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7085] exit_group(0) = ? [ 152.988268][ T7084] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 153.012429][ T7084] BTRFS info (device loop2): using free-space-tree [pid 7085] +++ exited with 0 +++ [pid 5849] close(4) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7085, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] rmdir("./14/file0" [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] close(3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... close resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5852] newfstatat(3, "", [pid 5849] rmdir("./14" [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... rmdir resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] mkdir("./15", 0777 [pid 5852] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5852] unlink("./14/binderfs") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5852] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7163 attached [pid 7163] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7163 [pid 7163] <... set_robust_list resumed>) = 0 [pid 7163] chdir("./15") = 0 [pid 7163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7163] setpgid(0, 0) = 0 [pid 7163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7163] write(3, "1000", 4) = 4 [pid 7163] close(3executing program ) = 0 [pid 7163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7163] write(1, "executing program\n", 18) = 18 [pid 7163] memfd_create("syzkaller", 0) = 3 [pid 7163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 153.136414][ T5852] BTRFS info (device loop4): last unmount of filesystem 6627e509-88e7-459a-8bd3-2dd6d5226688 [pid 7084] <... mount resumed>) = 0 [pid 7084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7084] chdir("./file0") = 0 [pid 7084] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7084] ioctl(4, LOOP_CLR_FD) = 0 [pid 7084] close(4) = 0 [pid 7084] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7084] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7084] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7084] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7084] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7084] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7084] exit_group(0) = ? [pid 7084] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7084, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- [pid 5851] <... umount2 resumed>) = 0 [pid 5850] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, [pid 5851] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5851] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] unlink("./14/binderfs") = 0 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./14/file0") = 0 [pid 5850] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./14") = 0 [pid 5851] mkdir("./15", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 7170 ./strace-static-x86_64: Process 7170 attached [pid 7170] set_robust_list(0x55558aa90660, 24) = 0 [pid 7170] chdir("./15") = 0 [pid 7170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7170] setpgid(0, 0) = 0 [pid 7170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7170] write(3, "1000", 4) = 4 [pid 7170] close(3) = 0 [pid 7170] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7170] write(1, "executing program\n", 18) = 18 [pid 7170] memfd_create("syzkaller", 0) = 3 [pid 7170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [ 153.536409][ T5850] BTRFS info (device loop2): last unmount of filesystem e91cc913-4d65-4def-8d98-dabd51ef5e5c [pid 5852] rmdir("./14/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./14") = 0 [pid 5852] mkdir("./15", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7171 attached [pid 7171] set_robust_list(0x55558aa90660, 24) = 0 [pid 7171] chdir("./15" [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 7171 [pid 7171] <... chdir resumed>) = 0 [pid 7171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7171] setpgid(0, 0 [pid 7151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7171] <... setpgid resumed>) = 0 [pid 7171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... umount2 resumed>) = 0 [pid 7171] <... openat resumed>) = 3 [pid 5850] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7171] write(3, "1000", 4 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7171] <... write resumed>) = 4 [pid 5850] newfstatat(AT_FDCWD, "./14/file0", [pid 7171] close(3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7171] <... close resumed>) = 0 [pid 5850] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7171] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 7163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7171] <... symlink resumed>) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./14/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./14") = 0 [pid 5850] mkdir("./15", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 7171] write(1, "executing program\n", 18 [pid 5850] <... openat resumed>) = 3 [pid 7171] <... write resumed>) = 18 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 7171] memfd_create("syzkaller", 0 [pid 5850] <... ioctl resumed>) = 0 [pid 7171] <... memfd_create resumed>) = 3 [pid 7171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] close(3 [pid 7171] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... close resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7172 attached , child_tidptr=0x55558aa90650) = 7172 [pid 7172] set_robust_list(0x55558aa90660, 24) = 0 [pid 7172] chdir("./15") = 0 [pid 7172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7172] setpgid(0, 0) = 0 [pid 7172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7172] write(3, "1000", 4) = 4 [pid 7172] close(3) = 0 [pid 7172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7172] write(1, "executing program\n", 18executing program ) = 18 [pid 7172] memfd_create("syzkaller", 0) = 3 [pid 7172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7163] <... write resumed>) = 16777216 [pid 7163] munmap(0x7f362be00000, 138412032) = 0 [pid 7163] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7163] close(3 [pid 7151] <... write resumed>) = 16777216 [pid 7163] <... close resumed>) = 0 [pid 7163] close(4) = 0 [pid 7163] mkdir("./file0", 0777) = 0 [pid 7151] munmap(0x7f362be00000, 138412032 [ 154.099407][ T7163] loop1: detected capacity change from 0 to 32768 [pid 7163] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7151] <... munmap resumed>) = 0 [pid 7151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 154.153913][ T7163] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7163) [pid 7151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7151] close(3) = 0 [pid 7151] close(4) = 0 [pid 7151] mkdir("./file0", 0777) = 0 [ 154.194598][ T7151] loop0: detected capacity change from 0 to 32768 [pid 7151] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 154.252402][ T7151] BTRFS: device /dev/loop0 (7:0) using temp-fsid a606192b-1e61-4a22-b102-a4749ae7d1f9 [ 154.277949][ T7151] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7151) [ 154.300664][ T7163] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 154.319272][ T7163] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 154.348320][ T7151] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 154.349071][ T7163] BTRFS info (device loop1): using free-space-tree [pid 7172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7170] <... write resumed>) = 16777216 [ 154.404413][ T7151] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 7170] munmap(0x7f362be00000, 138412032) = 0 [pid 7170] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 154.446181][ T7151] BTRFS info (device loop0): using free-space-tree [pid 7170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7170] close(3) = 0 [pid 7170] close(4) = 0 [pid 7170] mkdir("./file0", 0777) = 0 [ 154.493914][ T7170] loop3: detected capacity change from 0 to 32768 [pid 7170] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7163] <... mount resumed>) = 0 [pid 7163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7163] chdir("./file0") = 0 [pid 7163] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7163] ioctl(4, LOOP_CLR_FD) = 0 [pid 7163] close(4) = 0 [pid 7163] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7163] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7163] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [ 154.539686][ T7170] BTRFS: device /dev/loop3 (7:3) using temp-fsid 6d8c3d93-4420-4eb9-80cc-c3b612d35eb0 [ 154.570898][ T7170] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7170) [pid 7163] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7163] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7163] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7163] exit_group(0) = ? [pid 7163] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7163, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=33 /* 0.33 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./15/binderfs") = 0 [ 154.677358][ T7170] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 154.688093][ T7170] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 154.699778][ T7170] BTRFS info (device loop3): using free-space-tree [ 154.722707][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7151] <... mount resumed>) = 0 [pid 7151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7151] chdir("./file0") = 0 [pid 7171] <... write resumed>) = 16777216 [pid 7151] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7171] munmap(0x7f362be00000, 138412032 [pid 7151] <... openat resumed>) = 4 [pid 7172] <... write resumed>) = 16777216 [pid 7151] ioctl(4, LOOP_CLR_FD) = 0 [pid 7151] close(4 [pid 7171] <... munmap resumed>) = 0 [pid 7151] <... close resumed>) = 0 [pid 7172] munmap(0x7f362be00000, 138412032 [pid 7151] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7171] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7151] <... openat resumed>) = 4 [pid 7171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7151] ioctl(-1, SIOCGIFINDEX, NULL [pid 7172] <... munmap resumed>) = 0 [pid 7171] close(3) = 0 [pid 7151] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7172] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7171] close(4 [pid 7151] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 7172] <... openat resumed>) = 4 [pid 7171] <... close resumed>) = 0 [pid 7151] <... write resumed>) = 280 [ 154.821620][ T7171] loop4: detected capacity change from 0 to 32768 [pid 7171] mkdir("./file0", 0777 [pid 7172] ioctl(4, LOOP_SET_FD, 3 [pid 7171] <... mkdir resumed>) = 0 [pid 7171] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7151] bpf(BPF_MAP_CREATE, NULL, 0 [pid 7172] <... ioctl resumed>) = 0 [ 154.868760][ T7172] loop2: detected capacity change from 0 to 32768 [ 154.889038][ T7171] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7171) [pid 7172] close(3 [pid 7151] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7172] <... close resumed>) = 0 [pid 7151] bpf(BPF_PROG_LOAD, NULL, 0 [pid 7172] close(4 [pid 7151] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 7151] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7151] exit_group(0) = ? [pid 7151] +++ exited with 0 +++ [pid 7170] <... mount resumed>) = 0 [pid 7170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7151, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 7170] <... openat resumed>) = 3 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 7170] chdir("./file0" [pid 5848] <... restart_syscall resumed>) = 0 [pid 7170] <... chdir resumed>) = 0 [pid 7170] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7170] ioctl(4, LOOP_CLR_FD [pid 5848] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7170] <... ioctl resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7170] close(4 [pid 5848] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7170] <... close resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 7170] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5848] newfstatat(3, "", [pid 7170] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7170] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] getdents64(3, [pid 7172] <... close resumed>) = 0 [pid 7170] <... write resumed>) = 280 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7172] mkdir("./file0", 0777 [pid 7170] bpf(BPF_MAP_CREATE, NULL, 0 [pid 7172] <... mkdir resumed>) = 0 [pid 7170] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7172] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 7170] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7170] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] newfstatat(AT_FDCWD, "./15/binderfs", [pid 7170] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 154.977949][ T7171] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] unlink("./15/binderfs") = 0 [pid 7170] exit_group(0 [pid 5848] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7170] <... exit_group resumed>) = ? [pid 7170] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7170, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./15/binderfs") = 0 [ 155.021385][ T7172] BTRFS: device /dev/loop2 (7:2) using temp-fsid 534d95a3-7b4e-445a-b262-4500b6ce9697 [ 155.033060][ T7171] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 155.068636][ T7172] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7172) [ 155.085022][ T7171] BTRFS info (device loop4): using free-space-tree [ 155.123389][ T5851] BTRFS info (device loop3): last unmount of filesystem 6d8c3d93-4420-4eb9-80cc-c3b612d35eb0 [ 155.125071][ T5848] BTRFS info (device loop0): last unmount of filesystem a606192b-1e61-4a22-b102-a4749ae7d1f9 [ 155.161466][ T7172] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 155.172526][ T7172] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 155.184065][ T7172] BTRFS info (device loop2): using free-space-tree [pid 5851] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 7171] <... mount resumed>) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5849] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7171] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7171] <... openat resumed>) = 3 [pid 5851] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7171] chdir("./file0" [pid 5849] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] newfstatat(AT_FDCWD, "./15/file0", [pid 7171] <... chdir resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7171] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] newfstatat(AT_FDCWD, "./15/file0", [pid 5849] newfstatat(4, "", [pid 5848] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7171] <... openat resumed>) = 4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7171] ioctl(4, LOOP_CLR_FD [pid 5851] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] getdents64(4, [pid 5848] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7171] <... ioctl resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... openat resumed>) = 4 [pid 7171] close(4 [pid 5851] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] getdents64(4, [pid 5848] newfstatat(4, "", [pid 7171] <... close resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7171] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] newfstatat(4, "", [pid 5849] close(4 [pid 5848] getdents64(4, [pid 7171] <... openat resumed>) = 4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 5849] rmdir("./15/file0" [pid 5848] getdents64(4, [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] getdents64(4, [pid 5849] getdents64(3, [pid 5848] close(4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] <... close resumed>) = 0 [pid 5851] close(4 [pid 5849] close(3 [pid 5848] rmdir("./15/file0" [pid 7171] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... close resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5851] rmdir("./15/file0" [pid 5849] rmdir("./15" [pid 5848] <... rmdir resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, [pid 5851] getdents64(3, [pid 5849] mkdir("./16", 0777 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] close(3 [pid 7171] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] <... close resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 7171] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] rmdir("./15" [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] <... close resumed>) = 0 [pid 7171] <... write resumed>) = 280 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7171] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] mkdir("./16", 0777 [pid 5849] close(3 [pid 7171] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... mkdir resumed>) = 0 [pid 5848] rmdir("./15" [pid 7172] <... mount resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... close resumed>) = 0 [pid 7172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7171] bpf(BPF_PROG_LOAD, NULL, 0 [pid 7172] <... openat resumed>) = 3 [pid 7171] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... rmdir resumed>) = 0 [pid 7172] chdir("./file0" [pid 7171] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... openat resumed>) = 3 [pid 5848] mkdir("./16", 0777./strace-static-x86_64: Process 7255 attached [pid 7172] <... chdir resumed>) = 0 [pid 7171] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7255 [pid 7172] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7171] exit_group(0 [pid 5851] <... ioctl resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 7255] set_robust_list(0x55558aa90660, 24 [pid 7172] <... openat resumed>) = 4 [pid 7171] <... exit_group resumed>) = ? [pid 5851] close(3 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7255] <... set_robust_list resumed>) = 0 [pid 7172] ioctl(4, LOOP_CLR_FD [pid 7171] +++ exited with 0 +++ [pid 5851] <... close resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 7255] chdir("./16" [pid 7172] <... ioctl resumed>) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7171, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 7256 attached [pid 7255] <... chdir resumed>) = 0 [pid 7172] close(4 [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... ioctl resumed>) = 0 [pid 7255] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7172] <... close resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7256 [pid 5848] close(3 [pid 7256] set_robust_list(0x55558aa90660, 24 [pid 7255] <... prctl resumed>) = 0 [pid 7172] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... restart_syscall resumed>) = 0 [pid 7256] <... set_robust_list resumed>) = 0 [pid 7255] setpgid(0, 0 [pid 7172] <... openat resumed>) = 4 [pid 5848] <... close resumed>) = 0 [pid 7256] chdir("./16" [pid 7172] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7172] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7255] <... setpgid resumed>) = 0 [pid 7172] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280./strace-static-x86_64: Process 7257 attached [pid 7255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7172] <... write resumed>) = 280 [pid 7256] <... chdir resumed>) = 0 [pid 5852] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7257] set_robust_list(0x55558aa90660, 24 [pid 7256] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7255] <... openat resumed>) = 3 [pid 7172] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7257 [pid 7257] <... set_robust_list resumed>) = 0 [pid 7256] <... prctl resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7256] setpgid(0, 0 [pid 5852] <... openat resumed>) = 3 [pid 7256] <... setpgid resumed>) = 0 [pid 7172] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7257] chdir("./16" [pid 5852] newfstatat(3, "", [pid 7255] write(3, "1000", 4 [pid 7172] bpf(BPF_PROG_LOAD, NULL, 0 [pid 7256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7257] <... chdir resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7256] <... openat resumed>) = 3 [pid 7255] <... write resumed>) = 4 [pid 7257] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7172] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] getdents64(3, [pid 7257] <... prctl resumed>) = 0 [pid 7256] write(3, "1000", 4 [pid 7257] setpgid(0, 0 [pid 7256] <... write resumed>) = 4 [pid 7255] close(3 [pid 7172] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7255] <... close resumed>) = 0 [pid 7172] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7255] symlink("/dev/binderfs", "./binderfs" [pid 7172] exit_group(0 [pid 7257] <... setpgid resumed>) = 0 [pid 7256] close(3 [pid 7172] <... exit_group resumed>) = ? [pid 5852] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW executing program executing program [pid 7257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7256] <... close resumed>) = 0 [pid 7255] <... symlink resumed>) = 0 [pid 7172] +++ exited with 0 +++ [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7256] symlink("/dev/binderfs", "./binderfs" [pid 5852] newfstatat(AT_FDCWD, "./15/binderfs", [pid 7255] write(1, "executing program\n", 18 [pid 7256] <... symlink resumed>) = 0 [pid 7256] write(1, "executing program\n", 18 [pid 7255] <... write resumed>) = 18 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7172, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=24 /* 0.24 s */} --- [pid 7257] <... openat resumed>) = 3 [pid 7256] <... write resumed>) = 18 [pid 7255] memfd_create("syzkaller", 0 [pid 5852] unlink("./15/binderfs" [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 7255] <... memfd_create resumed>) = 3 [pid 7257] write(3, "1000", 4 [pid 7256] memfd_create("syzkaller", 0 [pid 7255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] <... unlink resumed>) = 0 [pid 7257] <... write resumed>) = 4 [pid 7256] <... memfd_create resumed>) = 3 [pid 7255] <... mmap resumed>) = 0x7f362be00000 [pid 5852] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7257] close(3 [pid 7256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 7257] <... close resumed>) = 0 [pid 7256] <... mmap resumed>) = 0x7f362be00000 [pid 5850] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./15/binderfs" [pid 7257] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... unlink resumed>) = 0 [pid 5850] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7257] <... symlink resumed>) = 0 [pid 7257] write(1, "executing program\n", 18) = 18 [pid 7257] memfd_create("syzkaller", 0) = 3 [pid 7257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 155.573819][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 155.598303][ T5850] BTRFS info (device loop2): last unmount of filesystem 534d95a3-7b4e-445a-b262-4500b6ce9697 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./15/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./15") = 0 [pid 5852] mkdir("./16", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7258 attached , child_tidptr=0x55558aa90650) = 7258 [pid 7258] set_robust_list(0x55558aa90660, 24) = 0 [pid 7255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7258] chdir("./16" [pid 5850] <... umount2 resumed>) = 0 [pid 7258] <... chdir resumed>) = 0 [pid 5850] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7258] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7258] <... prctl resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./15/file0", [pid 7258] setpgid(0, 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7258] <... setpgid resumed>) = 0 [pid 5850] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", [pid 7258] <... openat resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7258] write(3, "1000", 4 [pid 5850] getdents64(4, [pid 7258] <... write resumed>) = 4 [pid 7258] close(3 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7258] <... close resumed>) = 0 [pid 5850] getdents64(4, [pid 7258] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7258] <... symlink resumed>) = 0 [pid 5850] close(4) = 0 [pid 7258] write(1, "executing program\n", 18executing program ) = 18 [pid 5850] rmdir("./15/file0") = 0 [pid 7258] memfd_create("syzkaller", 0 [pid 5850] getdents64(3, [pid 7258] <... memfd_create resumed>) = 3 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3 [pid 7258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./15") = 0 [pid 5850] mkdir("./16", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 7257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7259 attached [pid 7259] set_robust_list(0x55558aa90660, 24) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 7259 [pid 7259] chdir("./16") = 0 [pid 7259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7259] setpgid(0, 0) = 0 [pid 7259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7259] write(3, "1000", 4) = 4 [pid 7259] close(3) = 0 [pid 7259] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7259] write(1, "executing program\n", 18) = 18 [pid 7259] memfd_create("syzkaller", 0) = 3 [pid 7259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7256] <... write resumed>) = 16777216 [pid 7258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7256] munmap(0x7f362be00000, 138412032 [pid 7255] <... write resumed>) = 16777216 [pid 7255] munmap(0x7f362be00000, 138412032 [pid 7256] <... munmap resumed>) = 0 [pid 7255] <... munmap resumed>) = 0 [pid 7256] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7255] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7256] <... openat resumed>) = 4 [pid 7256] ioctl(4, LOOP_SET_FD, 3 [pid 7255] <... openat resumed>) = 4 [pid 7255] ioctl(4, LOOP_SET_FD, 3 [pid 7256] <... ioctl resumed>) = 0 [pid 7256] close(3) = 0 [pid 7256] close(4) = 0 [pid 7256] mkdir("./file0", 0777) = 0 [pid 7256] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7255] <... ioctl resumed>) = 0 [pid 7255] close(3) = 0 [pid 7255] close(4) = 0 [pid 7255] mkdir("./file0", 0777) = 0 [ 156.446610][ T7256] loop3: detected capacity change from 0 to 32768 [ 156.448642][ T7255] loop1: detected capacity change from 0 to 32768 [ 156.477350][ T7256] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7256) [pid 7255] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7257] <... write resumed>) = 16777216 [pid 7257] munmap(0x7f362be00000, 138412032) = 0 [pid 7257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 156.547655][ T7255] BTRFS: device /dev/loop1 (7:1) using temp-fsid 0952b28f-b0f7-4ffd-9c08-61d9dab3fdc5 [ 156.567117][ T7257] loop0: detected capacity change from 0 to 32768 [ 156.574229][ T7256] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7257] close(3) = 0 [pid 7257] close(4 [pid 7259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7257] <... close resumed>) = 0 [pid 7257] mkdir("./file0", 0777) = 0 [ 156.585899][ T7255] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7255) [ 156.608459][ T7256] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 156.630530][ T7256] BTRFS info (device loop3): using free-space-tree [ 156.651426][ T7255] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 156.661776][ T7257] BTRFS: device /dev/loop0 (7:0) using temp-fsid db62f19f-5eb7-4ac9-b1d2-b821f3935e53 [ 156.675104][ T7257] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7257) [ 156.691218][ T7255] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 156.703019][ T7255] BTRFS info (device loop1): using free-space-tree [ 156.731186][ T7257] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7257] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7256] <... mount resumed>) = 0 [pid 7256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7258] <... write resumed>) = 16777216 [pid 7256] <... openat resumed>) = 3 [ 156.784439][ T7257] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 7258] munmap(0x7f362be00000, 138412032 [pid 7256] chdir("./file0") = 0 [pid 7256] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7256] ioctl(4, LOOP_CLR_FD) = 0 [pid 7256] close(4) = 0 [pid 7258] <... munmap resumed>) = 0 [pid 7256] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7258] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7258] ioctl(4, LOOP_SET_FD, 3 [pid 7256] <... openat resumed>) = 4 [pid 7256] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7256] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7256] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7256] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 156.842011][ T7257] BTRFS info (device loop0): using free-space-tree [ 156.877981][ T7258] loop4: detected capacity change from 0 to 32768 [pid 7256] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 7258] <... ioctl resumed>) = 0 [pid 7256] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7258] close(3 [pid 7256] exit_group(0 [pid 7255] <... mount resumed>) = 0 [pid 7256] <... exit_group resumed>) = ? [pid 7258] <... close resumed>) = 0 [pid 7255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7258] close(4 [pid 7255] <... openat resumed>) = 3 [pid 7258] <... close resumed>) = 0 [pid 7256] +++ exited with 0 +++ [pid 7255] chdir("./file0" [pid 7258] mkdir("./file0", 0777 [pid 7255] <... chdir resumed>) = 0 [pid 7258] <... mkdir resumed>) = 0 [pid 7255] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7258] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7255] <... openat resumed>) = 4 [pid 7255] ioctl(4, LOOP_CLR_FD) = 0 [pid 7255] close(4) = 0 [pid 7255] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7256, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=19 /* 0.19 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 7255] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7255] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7255] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7255] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7255] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7255] exit_group(0 [pid 5851] <... restart_syscall resumed>) = 0 [pid 7255] <... exit_group resumed>) = ? [pid 7255] +++ exited with 0 +++ [pid 5851] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7255, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./16/binderfs", [ 156.942600][ T7258] BTRFS: device /dev/loop4 (7:4) using temp-fsid 64dffd5c-2c0f-4992-961a-b0e96b92e716 [pid 5849] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5851] unlink("./16/binderfs") = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] unlink("./16/binderfs") = 0 [ 156.988028][ T7258] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7258) [ 157.040179][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 157.061183][ T7258] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7259] <... write resumed>) = 16777216 [pid 7259] munmap(0x7f362be00000, 138412032) = 0 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 157.087626][ T7258] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 157.104525][ T7258] BTRFS info (device loop4): using free-space-tree [ 157.123361][ T5849] BTRFS info (device loop1): last unmount of filesystem 0952b28f-b0f7-4ffd-9c08-61d9dab3fdc5 [pid 7259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7257] <... mount resumed>) = 0 [pid 7259] close(3 [pid 7257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7259] <... close resumed>) = 0 [pid 7257] <... openat resumed>) = 3 [pid 7259] close(4 [pid 7257] chdir("./file0") = 0 [pid 7257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7259] <... close resumed>) = 0 [pid 7257] ioctl(4, LOOP_CLR_FD [pid 7259] mkdir("./file0", 0777 [pid 7257] <... ioctl resumed>) = 0 [pid 7257] close(4 [pid 7259] <... mkdir resumed>) = 0 [pid 7257] <... close resumed>) = 0 [pid 7257] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7259] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 157.170619][ T7259] loop2: detected capacity change from 0 to 32768 [pid 7257] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7257] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7257] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7257] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7257] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7257] exit_group(0) = ? [pid 7257] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7257, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 157.231279][ T7259] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7259) [pid 5848] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./16/binderfs") = 0 [ 157.361610][ T5848] BTRFS info (device loop0): last unmount of filesystem db62f19f-5eb7-4ac9-b1d2-b821f3935e53 [ 157.377160][ T7259] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7258] <... mount resumed>) = 0 [pid 7258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7258] chdir("./file0") = 0 [pid 7258] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7258] ioctl(4, LOOP_CLR_FD) = 0 [pid 7258] close(4) = 0 [ 157.430805][ T7259] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 7258] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7258] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7258] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7258] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7258] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7258] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7258] exit_group(0) = ? [pid 7258] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7258, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=31 /* 0.31 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5852] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./16/binderfs") = 0 [pid 5852] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5851] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./16/file0", [pid 5848] newfstatat(AT_FDCWD, "./16/file0", [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 157.474183][ T7259] BTRFS info (device loop2): using free-space-tree [pid 5851] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] newfstatat(4, "", [pid 5851] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 5851] newfstatat(4, "", [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5851] getdents64(4, [pid 5848] rmdir("./16/file0" [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5851] getdents64(4, [pid 5848] rmdir("./16" [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 5848] <... rmdir resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5848] mkdir("./17", 0777 [pid 5851] rmdir("./16/file0") = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5851] getdents64(3, [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5848] <... openat resumed>) = 3 [pid 5851] <... close resumed>) = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5851] rmdir("./16" [pid 5848] <... ioctl resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5848] close(3 [pid 5851] mkdir("./17", 0777 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7333 attached [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7333] set_robust_list(0x55558aa90660, 24 [pid 5851] <... openat resumed>) = 3 [pid 5849] <... umount2 resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7333 [pid 7333] <... set_robust_list resumed>) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 7333] chdir("./17" [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7333] <... chdir resumed>) = 0 [pid 7333] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7333] <... prctl resumed>) = 0 [pid 7333] setpgid(0, 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7337 [pid 7333] <... setpgid resumed>) = 0 [pid 5849] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7337 attached [pid 7337] set_robust_list(0x55558aa90660, 24 [pid 7333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./16/file0", [pid 7333] <... openat resumed>) = 3 [pid 7333] write(3, "1000", 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7333] <... write resumed>) = 4 [pid 5849] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7333] close(3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7333] <... close resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] <... openat resumed>) = 4 [pid 7337] <... set_robust_list resumed>) = 0 executing program [pid 7337] chdir("./17" [pid 7333] write(1, "executing program\n", 18 [pid 7337] <... chdir resumed>) = 0 [pid 7333] <... write resumed>) = 18 [pid 7337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7333] memfd_create("syzkaller", 0 [pid 5849] newfstatat(4, "", [pid 7337] <... prctl resumed>) = 0 [pid 7333] <... memfd_create resumed>) = 3 [pid 7337] setpgid(0, 0 [ 157.601951][ T5852] BTRFS info (device loop4): last unmount of filesystem 64dffd5c-2c0f-4992-961a-b0e96b92e716 [pid 7333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7337] <... setpgid resumed>) = 0 [pid 7333] <... mmap resumed>) = 0x7f362be00000 [pid 7337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7337] <... openat resumed>) = 3 [pid 5849] getdents64(4, [pid 7337] write(3, "1000", 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7337] <... write resumed>) = 4 [pid 5849] getdents64(4, [pid 7337] close(3 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7337] <... close resumed>) = 0 [pid 7337] symlink("/dev/binderfs", "./binderfs" [pid 5849] close(4) = 0 [pid 7337] <... symlink resumed>) = 0 [pid 5849] rmdir("./16/file0"executing program [pid 7337] write(1, "executing program\n", 18 [pid 5849] <... rmdir resumed>) = 0 [pid 7337] <... write resumed>) = 18 [pid 5849] getdents64(3, [pid 7337] memfd_create("syzkaller", 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 7337] <... memfd_create resumed>) = 3 [pid 5849] <... close resumed>) = 0 [pid 7337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] rmdir("./16") = 0 [pid 5849] mkdir("./17", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7343 attached [pid 7343] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7343 [pid 7343] <... set_robust_list resumed>) = 0 [pid 7343] chdir("./17") = 0 [pid 7343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7343] setpgid(0, 0) = 0 [pid 7259] <... mount resumed>) = 0 [pid 7343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7343] <... openat resumed>) = 3 [pid 7259] <... openat resumed>) = 3 [pid 7259] chdir("./file0" [pid 7343] write(3, "1000", 4 [pid 7259] <... chdir resumed>) = 0 [pid 7343] <... write resumed>) = 4 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7343] close(3 [pid 7259] <... openat resumed>) = 4 [pid 7259] ioctl(4, LOOP_CLR_FD [pid 7343] <... close resumed>) = 0 [pid 7259] <... ioctl resumed>) = 0 executing program [pid 7343] symlink("/dev/binderfs", "./binderfs" [pid 7259] close(4 [pid 7343] <... symlink resumed>) = 0 [pid 7259] <... close resumed>) = 0 [pid 7343] write(1, "executing program\n", 18 [pid 7259] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7343] <... write resumed>) = 18 [pid 7343] memfd_create("syzkaller", 0 [pid 7259] ioctl(-1, SIOCGIFINDEX, NULL [pid 7343] <... memfd_create resumed>) = 3 [pid 7259] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7259] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 7343] <... mmap resumed>) = 0x7f362be00000 [pid 7259] <... write resumed>) = 280 [pid 7259] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7259] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7259] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7259] exit_group(0) = ? [pid 7259] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7259, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./16/binderfs") = 0 [ 157.927211][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... umount2 resumed>) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5852] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./16/file0", [pid 5850] newfstatat(AT_FDCWD, "./16/file0", [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... openat resumed>) = 4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(4, "", [pid 5852] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... openat resumed>) = 4 [pid 5850] getdents64(4, [pid 5852] newfstatat(4, "", [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 5852] getdents64(4, [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] close(4 [pid 5852] getdents64(4, [pid 5850] <... close resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] rmdir("./16/file0" [pid 5852] close(4 [pid 5850] <... rmdir resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./16/file0" [pid 5850] getdents64(3, [pid 5852] <... rmdir resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] getdents64(3, [pid 5850] close(3 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... close resumed>) = 0 [pid 5852] close(3 [pid 5850] rmdir("./16" [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./16") = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5852] mkdir("./17", 0777 [pid 5850] mkdir("./17", 0777) = 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5852] <... openat resumed>) = 3 [pid 5850] <... ioctl resumed>) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5850] close(3 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] <... close resumed>) = 0 [pid 5852] close(3 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7345 attached [pid 5852] <... close resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7346 attached [pid 7345] set_robust_list(0x55558aa90660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 7345 [pid 7345] <... set_robust_list resumed>) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 7346 [pid 7346] set_robust_list(0x55558aa90660, 24 [pid 7345] chdir("./17") = 0 [pid 7346] <... set_robust_list resumed>) = 0 [pid 7346] chdir("./17") = 0 [pid 7346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7346] setpgid(0, 0) = 0 [pid 7346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7346] write(3, "1000", 4) = 4 [pid 7346] close(3) = 0 [pid 7346] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7346] write(1, "executing program\n", 18) = 18 [pid 7346] memfd_create("syzkaller", 0 [pid 7345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7346] <... memfd_create resumed>) = 3 [pid 7346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7345] setpgid(0, 0) = 0 [pid 7345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7345] <... openat resumed>) = 3 [pid 7345] write(3, "1000", 4) = 4 [pid 7345] close(3) = 0 [pid 7345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7345] write(1, "executing program\n", 18executing program ) = 18 [pid 7337] <... write resumed>) = 16777216 [pid 7345] memfd_create("syzkaller", 0) = 3 [pid 7343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7337] munmap(0x7f362be00000, 138412032 [pid 7345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7337] <... munmap resumed>) = 0 [pid 7337] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7337] close(3) = 0 [pid 7337] close(4) = 0 [pid 7337] mkdir("./file0", 0777) = 0 [ 158.371165][ T7337] loop3: detected capacity change from 0 to 32768 [ 158.446812][ T7337] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7337) [ 158.539402][ T7337] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 158.575213][ T7337] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 158.617003][ T7337] BTRFS info (device loop3): using free-space-tree [pid 7337] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7333] <... write resumed>) = 16777216 [pid 7333] munmap(0x7f362be00000, 138412032) = 0 [pid 7346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7343] <... write resumed>) = 16777216 [pid 7337] <... mount resumed>) = 0 [pid 7343] munmap(0x7f362be00000, 138412032 [pid 7337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7333] close(3 [pid 7345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7337] <... openat resumed>) = 3 [pid 7333] <... close resumed>) = 0 [ 158.790225][ T7333] loop0: detected capacity change from 0 to 32768 [pid 7337] chdir("./file0" [pid 7333] close(4 [pid 7337] <... chdir resumed>) = 0 [pid 7333] <... close resumed>) = 0 [pid 7337] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7333] mkdir("./file0", 0777 [pid 7337] ioctl(4, LOOP_CLR_FD [pid 7333] <... mkdir resumed>) = 0 [pid 7337] <... ioctl resumed>) = 0 [pid 7333] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7337] close(4) = 0 [pid 7337] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7343] <... munmap resumed>) = 0 [pid 7337] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7337] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7337] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7337] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7337] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7337] exit_group(0) = ? [pid 7337] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7337, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5851] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7343] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 158.871465][ T7333] BTRFS: device /dev/loop0 (7:0) using temp-fsid 92e08ec8-f133-406c-9d9e-fb4c84ccc8f9 [pid 7343] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... openat resumed>) = 3 [pid 7343] <... ioctl resumed>) = 0 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7343] close(3 [pid 5851] getdents64(3, [pid 7343] <... close resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7343] close(4 [pid 5851] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7343] <... close resumed>) = 0 [pid 7343] mkdir("./file0", 0777 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7343] <... mkdir resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./17/binderfs", [pid 7343] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./17/binderfs") = 0 [ 158.911711][ T7343] loop1: detected capacity change from 0 to 32768 [ 158.920530][ T7333] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7333) [ 158.976001][ T7343] BTRFS: device /dev/loop1 (7:1) using temp-fsid d65a338b-9d50-4455-b480-999f8ad6f2b5 [ 158.985795][ T7333] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 159.000751][ T7343] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7343) [ 159.028942][ T7333] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 159.047033][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 159.054546][ T7333] BTRFS info (device loop0): using free-space-tree [ 159.089519][ T7343] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 159.106049][ T7343] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5851] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7346] <... write resumed>) = 16777216 [ 159.147483][ T7343] BTRFS info (device loop1): using free-space-tree [pid 7346] munmap(0x7f362be00000, 138412032) = 0 [pid 7346] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7346] close(3) = 0 [pid 7346] close(4) = 0 [pid 7346] mkdir("./file0", 0777) = 0 [ 159.232798][ T7346] loop4: detected capacity change from 0 to 32768 [pid 7346] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7345] <... write resumed>) = 16777216 [ 159.282289][ T7346] BTRFS: device /dev/loop4 (7:4) using temp-fsid 1d5258a5-a847-4c47-af30-1c4210bf333d [ 159.296029][ T7346] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7346) [pid 7345] munmap(0x7f362be00000, 138412032) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 159.365247][ T7346] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7345] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] <... openat resumed>) = 4 [pid 7345] <... openat resumed>) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./17/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 7345] ioctl(4, LOOP_SET_FD, 3 [pid 5851] rmdir("./17") = 0 [pid 5851] mkdir("./18", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 7345] <... ioctl resumed>) = 0 [pid 7345] close(3 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7396 attached [pid 7345] <... close resumed>) = 0 [pid 7333] <... mount resumed>) = 0 [pid 7345] close(4 [pid 7333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7396] set_robust_list(0x55558aa90660, 24 [pid 7345] <... close resumed>) = 0 [pid 7396] <... set_robust_list resumed>) = 0 [pid 7333] <... openat resumed>) = 3 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7396 [pid 7396] chdir("./18" [pid 7345] mkdir("./file0", 0777 [pid 7333] chdir("./file0") = 0 [pid 7333] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7345] <... mkdir resumed>) = 0 [pid 7333] <... openat resumed>) = 4 [pid 7333] ioctl(4, LOOP_CLR_FD [pid 7396] <... chdir resumed>) = 0 [pid 7333] <... ioctl resumed>) = 0 [pid 7396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7333] close(4 [pid 7396] <... prctl resumed>) = 0 [pid 7345] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 7333] <... close resumed>) = 0 [pid 7396] setpgid(0, 0 [ 159.411932][ T7346] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 159.430017][ T7345] loop2: detected capacity change from 0 to 32768 [pid 7333] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7396] <... setpgid resumed>) = 0 [pid 7343] <... mount resumed>) = 0 [pid 7333] <... openat resumed>) = 4 [pid 7343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7343] chdir("./file0") = 0 [pid 7343] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7343] ioctl(4, LOOP_CLR_FD) = 0 [pid 7343] close(4) = 0 [pid 7343] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7333] ioctl(-1, SIOCGIFINDEX, NULL [pid 7396] <... openat resumed>) = 3 [pid 7333] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7343] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7343] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7343] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7343] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7396] write(3, "1000", 4 [pid 7343] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 7333] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 7396] <... write resumed>) = 4 [pid 7343] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7333] <... write resumed>) = 280 [pid 7343] exit_group(0 [pid 7333] bpf(BPF_MAP_CREATE, NULL, 0 [pid 7396] close(3 [pid 7343] <... exit_group resumed>) = ? [pid 7396] <... close resumed>) = 0 [pid 7333] <... bpf resumed>) = -1 EINVAL (Invalid argument) executing program [pid 7396] symlink("/dev/binderfs", "./binderfs" [pid 7343] +++ exited with 0 +++ [pid 7333] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7343, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=35 /* 0.35 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 7396] <... symlink resumed>) = 0 [pid 7333] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] <... restart_syscall resumed>) = 0 [pid 7396] write(1, "executing program\n", 18 [pid 7333] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 7396] <... write resumed>) = 18 [pid 7333] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7333] exit_group(0 [pid 7396] memfd_create("syzkaller", 0 [pid 7333] <... exit_group resumed>) = ? [pid 5849] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", [pid 7396] <... memfd_create resumed>) = 3 [pid 7333] +++ exited with 0 +++ [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7333, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=25 /* 0.25 s */} --- [pid 5849] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5848] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7396] <... mmap resumed>) = 0x7f362be00000 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./17/binderfs" [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 159.471257][ T7346] BTRFS info (device loop4): using free-space-tree [ 159.485880][ T7345] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7345) [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./17/binderfs") = 0 [ 159.567259][ T7345] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 159.606234][ T5849] BTRFS info (device loop1): last unmount of filesystem d65a338b-9d50-4455-b480-999f8ad6f2b5 [ 159.629242][ T7345] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 159.638841][ T7345] BTRFS info (device loop2): using free-space-tree [ 159.650945][ T5848] BTRFS info (device loop0): last unmount of filesystem 92e08ec8-f133-406c-9d9e-fb4c84ccc8f9 [pid 5848] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7346] <... mount resumed>) = 0 [pid 7346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7346] chdir("./file0") = 0 [pid 7346] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7346] ioctl(4, LOOP_CLR_FD [pid 5849] <... umount2 resumed>) = 0 [pid 7346] <... ioctl resumed>) = 0 [pid 5849] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7346] close(4 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7346] <... close resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./17/file0", [pid 7346] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7346] <... openat resumed>) = 4 [pid 5849] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7346] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] newfstatat(4, "", [pid 7346] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7346] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] getdents64(4, [pid 7346] <... write resumed>) = 280 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7346] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] getdents64(4, [pid 7346] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7346] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5849] close(4 [pid 7346] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... close resumed>) = 0 [pid 7346] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] rmdir("./17/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 7346] exit_group(0 [pid 5849] close(3 [pid 7346] <... exit_group resumed>) = ? [pid 5849] <... close resumed>) = 0 [pid 5849] rmdir("./17") = 0 [pid 5849] mkdir("./18", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7346] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7346, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=22 /* 0.22 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7430 ./strace-static-x86_64: Process 7430 attached [pid 5852] <... restart_syscall resumed>) = 0 [pid 5852] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7430] set_robust_list(0x55558aa90660, 24 [pid 5852] unlink("./17/binderfs") = 0 [pid 5852] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7430] <... set_robust_list resumed>) = 0 [pid 7345] <... mount resumed>) = 0 [pid 7345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7430] chdir("./18" [pid 7345] <... openat resumed>) = 3 [pid 7345] chdir("./file0") = 0 [pid 7345] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7345] ioctl(4, LOOP_CLR_FD) = 0 [pid 7345] close(4) = 0 [pid 7345] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7430] <... chdir resumed>) = 0 [pid 7430] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7345] ioctl(-1, SIOCGIFINDEX, NULL [pid 7430] <... prctl resumed>) = 0 [pid 7345] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7430] setpgid(0, 0 [pid 7345] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7345] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7345] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7345] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7345] exit_group(0) = ? [pid 7345] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7345, si_uid=0, si_status=0, si_utime=15 /* 0.15 s */, si_stime=22 /* 0.22 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 7430] <... setpgid resumed>) = 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5850] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, [pid 7430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7430] <... openat resumed>) = 3 [pid 5850] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./17/binderfs") = 0 [pid 5850] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7430] write(3, "1000", 4) = 4 [pid 7430] close(3) = 0 [pid 7430] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7430] write(1, "executing program\n", 18) = 18 [pid 7430] memfd_create("syzkaller", 0) = 3 [pid 7430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./17/file0") = 0 [ 159.999904][ T5852] BTRFS info (device loop4): last unmount of filesystem 1d5258a5-a847-4c47-af30-1c4210bf333d [ 160.030669][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./17") = 0 [pid 5848] mkdir("./18", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 7396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7431 attached , child_tidptr=0x55558aa90650) = 7431 [pid 7431] set_robust_list(0x55558aa90660, 24) = 0 [pid 7431] chdir("./18") = 0 [pid 7431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7431] setpgid(0, 0) = 0 [pid 7431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7431] write(3, "1000", 4) = 4 [pid 7431] close(3) = 0 [pid 7431] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7431] write(1, "executing program\n", 18) = 18 [pid 7431] memfd_create("syzkaller", 0) = 3 [pid 7431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 7430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] newfstatat(AT_FDCWD, "./17/file0", [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./17/file0", [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] newfstatat(4, "", [pid 5852] close(4 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... close resumed>) = 0 [pid 5850] getdents64(4, [pid 5852] rmdir("./17/file0" [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... rmdir resumed>) = 0 [pid 5850] getdents64(4, [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./17") = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] mkdir("./18", 0777) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./17/file0" [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5850] <... rmdir resumed>) = 0 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 7432 [pid 5850] getdents64(3, ./strace-static-x86_64: Process 7432 attached [pid 7432] set_robust_list(0x55558aa90660, 24) = 0 [pid 7432] chdir("./18") = 0 [pid 7432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7432] setpgid(0, 0) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 executing program [pid 5850] close(3 [pid 7432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... close resumed>) = 0 [pid 7432] <... openat resumed>) = 3 [pid 7432] write(3, "1000", 4) = 4 [pid 7432] close(3) = 0 [pid 7432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7432] write(1, "executing program\n", 18) = 18 [pid 7432] memfd_create("syzkaller", 0) = 3 [pid 7432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] rmdir("./17") = 0 [pid 5850] mkdir("./18", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7433 attached , child_tidptr=0x55558aa90650) = 7433 [pid 7396] <... write resumed>) = 16777216 [pid 7433] set_robust_list(0x55558aa90660, 24) = 0 [pid 7396] munmap(0x7f362be00000, 138412032 [pid 7433] chdir("./18") = 0 [pid 7433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7433] setpgid(0, 0) = 0 [pid 7433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7433] write(3, "1000", 4) = 4 [pid 7433] close(3) = 0 executing program [pid 7433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7433] write(1, "executing program\n", 18) = 18 [pid 7431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7433] memfd_create("syzkaller", 0) = 3 [pid 7433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7396] <... munmap resumed>) = 0 [pid 7396] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7396] close(3) = 0 [pid 7396] close(4) = 0 [pid 7396] mkdir("./file0", 0777) = 0 [ 160.630084][ T7396] loop3: detected capacity change from 0 to 32768 [ 160.665707][ T7396] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7396) [ 160.730837][ T7396] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 160.769927][ T7396] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 160.803590][ T7396] BTRFS info (device loop3): using free-space-tree [pid 7396] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7430] <... write resumed>) = 16777216 [pid 7430] munmap(0x7f362be00000, 138412032 [pid 7432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7430] <... munmap resumed>) = 0 [pid 7430] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7430] ioctl(4, LOOP_SET_FD, 3 [pid 7433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7430] <... ioctl resumed>) = 0 [pid 7430] close(3) = 0 [pid 7430] close(4) = 0 [ 160.962069][ T7430] loop1: detected capacity change from 0 to 32768 [pid 7430] mkdir("./file0", 0777) = 0 [ 161.030790][ T7430] BTRFS: device /dev/loop1 (7:1) using temp-fsid dea6c8f9-1d60-4959-89db-8d9ede1b8c5c [pid 7430] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7431] <... write resumed>) = 16777216 [pid 7431] munmap(0x7f362be00000, 138412032 [pid 7396] <... mount resumed>) = 0 [pid 7396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7431] <... munmap resumed>) = 0 [pid 7396] <... openat resumed>) = 3 [ 161.068709][ T7430] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7430) [pid 7396] chdir("./file0") = 0 [pid 7396] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7396] ioctl(4, LOOP_CLR_FD) = 0 [pid 7396] close(4) = 0 [pid 7396] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7396] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7396] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7396] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7431] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7396] bpf(BPF_PROG_LOAD, NULL, 0 [pid 7431] <... openat resumed>) = 4 [pid 7396] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 7431] ioctl(4, LOOP_SET_FD, 3 [pid 7396] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7396] exit_group(0) = ? [pid 7396] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7396, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=24 /* 0.24 s */} --- [pid 5851] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 161.146866][ T7430] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 161.166987][ T7431] loop0: detected capacity change from 0 to 32768 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./18/binderfs") = 0 [pid 5851] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7431] <... ioctl resumed>) = 0 [pid 7431] close(3) = 0 [pid 7431] close(4) = 0 [ 161.188607][ T7430] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 7431] mkdir("./file0", 0777) = 0 [ 161.229670][ T7430] BTRFS info (device loop1): using free-space-tree [ 161.252622][ T7431] BTRFS: device /dev/loop0 (7:0) using temp-fsid c1eb2624-1d81-4f33-8422-b6b5437ccd9c [ 161.270581][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 161.288306][ T7431] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7431) [pid 7431] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7433] <... write resumed>) = 16777216 [pid 7433] munmap(0x7f362be00000, 138412032) = 0 [pid 7433] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7433] ioctl(4, LOOP_SET_FD, 3 [pid 7430] <... mount resumed>) = 0 [ 161.361455][ T7431] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 161.398258][ T7431] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 7430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5851] <... umount2 resumed>) = 0 [pid 7430] <... openat resumed>) = 3 [pid 7430] chdir("./file0" [pid 5851] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7430] <... chdir resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7430] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5851] newfstatat(AT_FDCWD, "./18/file0", [pid 7430] ioctl(4, LOOP_CLR_FD [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7430] <... ioctl resumed>) = 0 [pid 5851] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7433] <... ioctl resumed>) = 0 [pid 7432] <... write resumed>) = 16777216 [pid 7430] close(4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7433] close(3 [pid 7430] <... close resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7433] <... close resumed>) = 0 [pid 7430] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7433] close(4 [pid 5851] <... openat resumed>) = 4 [pid 7432] munmap(0x7f362be00000, 138412032 [pid 7430] <... openat resumed>) = 4 [pid 7433] <... close resumed>) = 0 [pid 5851] newfstatat(4, "", [pid 7433] mkdir("./file0", 0777 [pid 7430] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7433] <... mkdir resumed>) = 0 [pid 7430] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] getdents64(4, [pid 7433] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 7430] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7430] <... write resumed>) = 280 [ 161.418430][ T7433] loop2: detected capacity change from 0 to 32768 [ 161.452615][ T7431] BTRFS info (device loop0): using free-space-tree [pid 7432] <... munmap resumed>) = 0 [pid 7430] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] getdents64(4, [pid 7430] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7432] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7430] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] close(4 [pid 7430] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] <... close resumed>) = 0 [pid 7430] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] rmdir("./18/file0" [pid 7432] <... openat resumed>) = 4 [pid 5851] <... rmdir resumed>) = 0 [pid 7432] ioctl(4, LOOP_SET_FD, 3 [pid 7430] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] getdents64(3, [pid 7430] exit_group(0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 7430] <... exit_group resumed>) = ? [pid 5851] close(3) = 0 [pid 7432] <... ioctl resumed>) = 0 [pid 7432] close(3 [pid 7430] +++ exited with 0 +++ [pid 5851] rmdir("./18" [pid 7432] <... close resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7430, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- [pid 5851] mkdir("./19", 0777 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... mkdir resumed>) = 0 [pid 7432] close(4 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... restart_syscall resumed>) = 0 [pid 7432] <... close resumed>) = 0 [ 161.486146][ T7433] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7433) [ 161.522274][ T7432] loop4: detected capacity change from 0 to 32768 [pid 7432] mkdir("./file0", 0777) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5849] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7432] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] close(3 [pid 5849] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... close resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7476 [pid 5849] getdents64(3, ./strace-static-x86_64: Process 7476 attached 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7476] set_robust_list(0x55558aa90660, 24 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./18/binderfs") = 0 [pid 7476] <... set_robust_list resumed>) = 0 [pid 5849] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7476] chdir("./19") = 0 [ 161.559260][ T7433] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7476] setpgid(0, 0) = 0 [pid 7476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7476] write(3, "1000", 4) = 4 [pid 7476] close(3) = 0 [ 161.605843][ T7432] BTRFS: device /dev/loop4 (7:4) using temp-fsid 0f486769-176e-4ddf-a6f8-95d55243e66d [ 161.624471][ T7433] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 161.638010][ T7433] BTRFS info (device loop2): using free-space-tree [pid 7476] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7476] write(1, "executing program\n", 18) = 18 [pid 7476] memfd_create("syzkaller", 0) = 3 [ 161.659254][ T7432] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7432) [ 161.670171][ T5849] BTRFS info (device loop1): last unmount of filesystem dea6c8f9-1d60-4959-89db-8d9ede1b8c5c [pid 7476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 161.710038][ T7432] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7431] <... mount resumed>) = 0 [pid 7431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7431] chdir("./file0") = 0 [pid 7431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 161.782159][ T7432] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 161.811330][ T7432] BTRFS info (device loop4): using free-space-tree [pid 7431] ioctl(4, LOOP_CLR_FD) = 0 [pid 7431] close(4) = 0 [pid 7431] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7431] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7431] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7431] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7431] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7431] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7431] exit_group(0) = ? [pid 7431] +++ exited with 0 +++ [pid 7433] <... mount resumed>) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7431, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=24 /* 0.24 s */} --- [pid 7433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 7433] chdir("./file0" [pid 5848] <... restart_syscall resumed>) = 0 [pid 7433] <... chdir resumed>) = 0 [pid 7433] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5848] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7433] ioctl(4, LOOP_CLR_FD [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7433] <... ioctl resumed>) = 0 [pid 7433] close(4 [pid 5848] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7433] <... close resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 7433] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] newfstatat(3, "", [pid 7433] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7433] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] getdents64(3, [pid 7433] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7433] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7433] <... write resumed>) = 280 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7433] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./18/binderfs", [pid 7433] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./18/binderfs") = 0 [pid 5848] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 7432] <... mount resumed>) = 0 [pid 7433] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 7433] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7433] exit_group(0) = ? [pid 7433] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7433, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./18/binderfs") = 0 [pid 5850] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7432] <... openat resumed>) = 3 [pid 5849] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7432] chdir("./file0" [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7432] <... chdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7432] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 7432] <... openat resumed>) = 4 [pid 7432] ioctl(4, LOOP_CLR_FD) = 0 [pid 7432] close(4) = 0 [pid 7432] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7432] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5849] getdents64(4, [pid 7432] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7432] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(4, [pid 7432] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7432] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] close(4 [pid 7432] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... close resumed>) = 0 [ 162.051311][ T5848] BTRFS info (device loop0): last unmount of filesystem c1eb2624-1d81-4f33-8422-b6b5437ccd9c [ 162.071936][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7432] exit_group(0 [pid 5849] rmdir("./18/file0" [pid 7432] <... exit_group resumed>) = ? [pid 7432] +++ exited with 0 +++ [pid 5849] <... rmdir resumed>) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7432, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 5852] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... close resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] rmdir("./18" [pid 5852] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] <... rmdir resumed>) = 0 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] mkdir("./19", 0777 [pid 5852] getdents64(3, [pid 5849] <... mkdir resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5852] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5852] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] close(3 [pid 5852] unlink("./18/binderfs" [pid 5849] <... close resumed>) = 0 [pid 5852] <... unlink resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7517 attached [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7517 [pid 7517] set_robust_list(0x55558aa90660, 24) = 0 [pid 7517] chdir("./19") = 0 [pid 7517] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] <... umount2 resumed>) = 0 [pid 7517] <... prctl resumed>) = 0 [pid 7517] setpgid(0, 0 [pid 5848] <... umount2 resumed>) = 0 [pid 7517] <... setpgid resumed>) = 0 [pid 5850] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] newfstatat(AT_FDCWD, "./18/file0", [pid 7517] <... openat resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7517] write(3, "1000", 4) = 4 [pid 5850] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./18/file0", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... openat resumed>) = 4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(4, "", [pid 5848] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5850] getdents64(4, [pid 5848] newfstatat(4, "", [pid 7517] close(3 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 5848] getdents64(4, [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] close(4 [pid 5848] getdents64(4, [pid 5850] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7517] <... close resumed>) = 0 [pid 5850] rmdir("./18/file0" [pid 5848] close(4 [pid 7517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5850] getdents64(3, [pid 5848] rmdir("./18/file0" [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5850] close(3 [pid 5848] getdents64(3, [pid 5850] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] rmdir("./18" [pid 5848] close(3 [pid 7517] write(1, "executing program\n", 18 [pid 5850] <... rmdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 executing program [pid 7517] <... write resumed>) = 18 [pid 5850] mkdir("./19", 0777 [pid 5848] rmdir("./18") = 0 [pid 7517] memfd_create("syzkaller", 0 [pid 5850] <... mkdir resumed>) = 0 [pid 5848] mkdir("./19", 0777 [pid 7517] <... memfd_create resumed>) = 3 [pid 7517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... mkdir resumed>) = 0 [pid 7517] <... mmap resumed>) = 0x7f362be00000 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 7519 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7518 ./strace-static-x86_64: Process 7519 attached ./strace-static-x86_64: Process 7518 attached [pid 7519] set_robust_list(0x55558aa90660, 24 [pid 7518] set_robust_list(0x55558aa90660, 24 [pid 7519] <... set_robust_list resumed>) = 0 [pid 7518] <... set_robust_list resumed>) = 0 [pid 7519] chdir("./19" [pid 7518] chdir("./19" [pid 7519] <... chdir resumed>) = 0 [pid 7519] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7518] <... chdir resumed>) = 0 [pid 7518] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7519] <... prctl resumed>) = 0 [pid 7518] <... prctl resumed>) = 0 [ 162.232509][ T5852] BTRFS info (device loop4): last unmount of filesystem 0f486769-176e-4ddf-a6f8-95d55243e66d [pid 7519] setpgid(0, 0 [pid 7518] setpgid(0, 0) = 0 [pid 7518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7518] write(3, "1000", 4 [pid 7519] <... setpgid resumed>) = 0 [pid 7518] <... write resumed>) = 4 [pid 7518] close(3 [pid 7519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7518] <... close resumed>) = 0 [pid 7518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7519] <... openat resumed>) = 3 [pid 7518] write(1, "executing program\n", 18executing program [pid 7519] write(3, "1000", 4 [pid 7518] <... write resumed>) = 18 [pid 7519] <... write resumed>) = 4 [pid 7518] memfd_create("syzkaller", 0 [pid 7519] close(3) = 0 [pid 7518] <... memfd_create resumed>) = 3 [pid 7519] symlink("/dev/binderfs", "./binderfs" [pid 7518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7519] <... symlink resumed>) = 0 [pid 7518] <... mmap resumed>) = 0x7f362be00000 [pid 7519] write(1, "executing program\n", 18executing program ) = 18 [pid 7476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7519] memfd_create("syzkaller", 0) = 3 [pid 7519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./18/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./18") = 0 [pid 5852] mkdir("./19", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7520 attached , child_tidptr=0x55558aa90650) = 7520 [pid 7520] set_robust_list(0x55558aa90660, 24) = 0 [pid 7520] chdir("./19") = 0 [pid 7520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7520] setpgid(0, 0) = 0 [pid 7520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7520] write(3, "1000", 4) = 4 [pid 7520] close(3) = 0 [pid 7520] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7520] write(1, "executing program\n", 18) = 18 [pid 7520] memfd_create("syzkaller", 0) = 3 [pid 7520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7476] <... write resumed>) = 16777216 [pid 7519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7476] munmap(0x7f362be00000, 138412032) = 0 [pid 7476] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7476] close(3) = 0 [pid 7476] close(4) = 0 [pid 7476] mkdir("./file0", 0777) = 0 [ 162.945644][ T7476] loop3: detected capacity change from 0 to 32768 [ 162.998946][ T7476] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7476) [ 163.054151][ T7476] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 163.088903][ T7476] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 163.120032][ T7476] BTRFS info (device loop3): using free-space-tree [pid 7476] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd,") = 0 [pid 7476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7476] chdir("./file0") = 0 [pid 7476] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7476] ioctl(4, LOOP_CLR_FD) = 0 [pid 7476] close(4) = 0 [pid 7476] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7518] <... write resumed>) = 16777216 [pid 7476] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7476] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 7518] munmap(0x7f362be00000, 138412032 [pid 7520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7517] <... write resumed>) = 16777216 [pid 7476] <... write resumed>) = 280 [pid 7476] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7476] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7476] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7476] exit_group(0) = ? [pid 7476] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7476, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7517] munmap(0x7f362be00000, 138412032 [pid 5851] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7518] <... munmap resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7518] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5851] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7518] <... openat resumed>) = 4 [pid 5851] <... openat resumed>) = 3 [pid 7518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7517] <... munmap resumed>) = 0 [pid 5851] newfstatat(3, "", [pid 7518] close(3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, [pid 7518] <... close resumed>) = 0 [pid 7518] close(4) = 0 [pid 7517] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7517] <... openat resumed>) = 4 [pid 5851] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7517] ioctl(4, LOOP_SET_FD, 3 [pid 7518] mkdir("./file0", 0777 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 163.281109][ T7518] loop0: detected capacity change from 0 to 32768 [pid 7518] <... mkdir resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./19/binderfs", [pid 7518] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7517] <... ioctl resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./19/binderfs" [pid 7517] close(3 [pid 5851] <... unlink resumed>) = 0 [pid 7517] <... close resumed>) = 0 [pid 5851] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7517] close(4) = 0 [pid 7519] <... write resumed>) = 16777216 [pid 7517] mkdir("./file0", 0777) = 0 [ 163.331239][ T7517] loop1: detected capacity change from 0 to 32768 [ 163.343707][ T7518] BTRFS: device /dev/loop0 (7:0) using temp-fsid 7282ebd6-393b-4203-8b9c-6eb855f95489 [ 163.354719][ T7518] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7518) [pid 7517] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7519] munmap(0x7f362be00000, 138412032) = 0 [pid 7519] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 163.417321][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 163.437483][ T7518] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 163.439882][ T7517] BTRFS: device /dev/loop1 (7:1) using temp-fsid 17e40246-9fbb-4f4d-8435-d0b4f00a6685 [ 163.458693][ T7519] loop2: detected capacity change from 0 to 32768 [pid 7519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7519] close(3) = 0 [pid 7519] close(4) = 0 [pid 7519] mkdir("./file0", 0777) = 0 [ 163.476173][ T7518] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 163.485356][ T7517] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7517) [ 163.525755][ T7519] BTRFS: device /dev/loop2 (7:2) using temp-fsid 40b40e57-e1da-498c-be47-0c1d3d4ef012 [ 163.549302][ T7518] BTRFS info (device loop0): using free-space-tree [ 163.557120][ T7517] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 163.571598][ T7519] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7519) [ 163.601886][ T7517] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 163.636089][ T7517] BTRFS info (device loop1): using free-space-tree [ 163.654235][ T7519] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7519] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 7520] <... write resumed>) = 16777216 [ 163.702566][ T7519] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 7520] munmap(0x7f362be00000, 138412032) = 0 [pid 7520] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 163.749956][ T7519] BTRFS info (device loop2): using free-space-tree [pid 7520] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... umount2 resumed>) = 0 [pid 7520] <... ioctl resumed>) = 0 [pid 7518] <... mount resumed>) = 0 [pid 7517] <... mount resumed>) = 0 [pid 7520] close(3 [pid 7518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7520] <... close resumed>) = 0 [pid 7518] <... openat resumed>) = 3 [pid 7520] close(4 [pid 7517] <... openat resumed>) = 3 [pid 7520] <... close resumed>) = 0 [pid 7518] chdir("./file0" [pid 5851] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7520] mkdir("./file0", 0777 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7520] <... mkdir resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./19/file0", [ 163.793700][ T7520] loop4: detected capacity change from 0 to 32768 [pid 7520] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 7518] <... chdir resumed>) = 0 [pid 7517] chdir("./file0" [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7518] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7517] <... chdir resumed>) = 0 [pid 7518] <... openat resumed>) = 4 [pid 7517] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7518] ioctl(4, LOOP_CLR_FD [pid 7517] <... openat resumed>) = 4 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7518] <... ioctl resumed>) = 0 [pid 7517] ioctl(4, LOOP_CLR_FD [pid 5851] close(4 [pid 7518] close(4 [pid 7517] <... ioctl resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 7518] <... close resumed>) = 0 [pid 7517] close(4 [pid 7518] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7517] <... close resumed>) = 0 [pid 7518] <... openat resumed>) = 4 [pid 7517] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] rmdir("./19/file0" [pid 7518] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, [pid 7518] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7518] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 7518] <... write resumed>) = 280 [pid 7518] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7518] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7518] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7518] exit_group(0 [pid 7517] ioctl(-1, SIOCGIFINDEX, NULL [pid 7518] <... exit_group resumed>) = ? [pid 7517] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7518] +++ exited with 0 +++ [pid 7517] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] close(3) = 0 [ 163.856919][ T7520] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7520) [ 163.881448][ T7520] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] rmdir("./19" [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7518, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=34 /* 0.34 s */} --- [pid 5851] <... rmdir resumed>) = 0 [pid 5851] mkdir("./20", 0777 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... mkdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] <... restart_syscall resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3 [pid 5848] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7517] <... write resumed>) = 280 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7517] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... openat resumed>) = 3 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7583 [pid 7517] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 7517] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7517] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 7517] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7517] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./19/binderfs", [pid 7517] exit_group(0) = ? [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./19/binderfs") = 0 [pid 5848] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7517] +++ exited with 0 +++ ./strace-static-x86_64: Process 7583 attached [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7517, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 7583] set_robust_list(0x55558aa90660, 24 [pid 5849] <... restart_syscall resumed>) = 0 [pid 7583] <... set_robust_list resumed>) = 0 [pid 7583] chdir("./20") = 0 [pid 5849] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7583] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7583] <... prctl resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7583] setpgid(0, 0 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7583] <... setpgid resumed>) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7583] <... openat resumed>) = 3 [pid 5849] unlink("./19/binderfs" [pid 7583] write(3, "1000", 4 [pid 5849] <... unlink resumed>) = 0 [pid 7583] <... write resumed>) = 4 [pid 5849] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7583] close(3) = 0 [pid 7583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7583] write(1, "executing program\n", 18executing program ) = 18 [ 163.899973][ T7520] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 163.910569][ T7520] BTRFS info (device loop4): using free-space-tree [pid 7583] memfd_create("syzkaller", 0) = 3 [pid 7583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7519] <... mount resumed>) = 0 [pid 7519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7519] chdir("./file0") = 0 [pid 7519] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7519] ioctl(4, LOOP_CLR_FD) = 0 [pid 7519] close(4) = 0 [pid 7519] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 164.011810][ T5849] BTRFS info (device loop1): last unmount of filesystem 17e40246-9fbb-4f4d-8435-d0b4f00a6685 [ 164.023845][ T5848] BTRFS info (device loop0): last unmount of filesystem 7282ebd6-393b-4203-8b9c-6eb855f95489 [pid 7519] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7519] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7519] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7519] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7519] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7519] exit_group(0 [pid 7520] <... mount resumed>) = 0 [pid 7519] <... exit_group resumed>) = ? [pid 7520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7519] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7519, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=25 /* 0.25 s */} --- [pid 5850] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./19/binderfs") = 0 [pid 5850] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7520] <... openat resumed>) = 3 [pid 7520] chdir("./file0") = 0 [pid 7520] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7520] ioctl(4, LOOP_CLR_FD) = 0 [pid 7520] close(4) = 0 [pid 7520] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7520] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7520] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7520] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7520] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7520] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7520] exit_group(0) = ? [pid 7520] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7520, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- [pid 5852] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./19/binderfs") = 0 [ 164.184746][ T5850] BTRFS info (device loop2): last unmount of filesystem 40b40e57-e1da-498c-be47-0c1d3d4ef012 [pid 5852] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [ 164.302085][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./19/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./19") = 0 [pid 5849] mkdir("./20", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 7602 ./strace-static-x86_64: Process 7602 attached [pid 7602] set_robust_list(0x55558aa90660, 24) = 0 [pid 7602] chdir("./20") = 0 [pid 7602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7602] setpgid(0, 0) = 0 [pid 7602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7602] write(3, "1000", 4) = 4 [pid 7602] close(3) = 0 [pid 7602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7602] write(1, "executing program\n", 18executing program ) = 18 [pid 7602] memfd_create("syzkaller", 0 [pid 5848] <... umount2 resumed>) = 0 [pid 7602] <... memfd_create resumed>) = 3 [pid 5848] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./19/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./19") = 0 [pid 5848] mkdir("./20", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3 [pid 7602] <... mmap resumed>) = 0x7f362be00000 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7603 attached , child_tidptr=0x55558aa90650) = 7603 [pid 7603] set_robust_list(0x55558aa90660, 24) = 0 [pid 7603] chdir("./20") = 0 [pid 7603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7603] setpgid(0, 0) = 0 [pid 7603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7603] write(3, "1000", 4) = 4 [pid 7603] close(3) = 0 [pid 7603] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7603] write(1, "executing program\n", 18) = 18 [pid 7603] memfd_create("syzkaller", 0) = 3 [pid 7603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./19/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./19") = 0 [pid 5850] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] mkdir("./20", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./19/file0", [pid 5852] <... openat resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5850] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] close(3 [pid 5850] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... close resumed>) = 0 [pid 5850] <... openat resumed>) = 4 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7604 attached [pid 5850] newfstatat(4, "", [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 7604 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7604] set_robust_list(0x55558aa90660, 24 [pid 5850] getdents64(4, [pid 7604] <... set_robust_list resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7604] chdir("./20" [pid 5850] getdents64(4, [pid 7604] <... chdir resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] close(4 [pid 7604] setpgid(0, 0 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./19/file0" [pid 7604] <... setpgid resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 7604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] getdents64(3, [pid 7604] <... openat resumed>) = 3 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 7604] write(3, "1000", 4 [pid 5850] close(3 [pid 7604] <... write resumed>) = 4 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./19" [pid 7604] close(3 [pid 5850] <... rmdir resumed>) = 0 [pid 7604] <... close resumed>) = 0 [pid 5850] mkdir("./20", 0777) = 0 executing program [pid 7604] symlink("/dev/binderfs", "./binderfs" [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7604] <... symlink resumed>) = 0 [pid 7604] write(1, "executing program\n", 18 [pid 5850] <... openat resumed>) = 3 [pid 7604] <... write resumed>) = 18 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 7604] memfd_create("syzkaller", 0 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7604] <... memfd_create resumed>) = 3 [pid 5850] close(3 [pid 7604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... close resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 7605 ./strace-static-x86_64: Process 7605 attached [pid 7605] set_robust_list(0x55558aa90660, 24) = 0 [pid 7605] chdir("./20") = 0 [pid 7605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7605] setpgid(0, 0) = 0 [pid 7605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7605] write(3, "1000", 4) = 4 [pid 7605] close(3) = 0 [pid 7605] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7605] write(1, "executing program\n", 18) = 18 [pid 7605] memfd_create("syzkaller", 0) = 3 [pid 7605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7583] <... write resumed>) = 16777216 [pid 7583] munmap(0x7f362be00000, 138412032) = 0 [pid 7583] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7583] close(3) = 0 [pid 7583] close(4) = 0 [pid 7583] mkdir("./file0", 0777) = 0 [ 165.032080][ T7583] loop3: detected capacity change from 0 to 32768 [ 165.080217][ T7583] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7583) [ 165.144180][ T7583] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 165.179504][ T7583] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 7583] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 165.199589][ T7583] BTRFS info (device loop3): using free-space-tree [pid 7605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7603] <... write resumed>) = 16777216 [pid 7603] munmap(0x7f362be00000, 138412032) = 0 [pid 7603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7603] ioctl(4, LOOP_SET_FD, 3 [pid 7602] <... write resumed>) = 16777216 [pid 7603] <... ioctl resumed>) = 0 [pid 7602] munmap(0x7f362be00000, 138412032 [pid 7603] close(3 [pid 7602] <... munmap resumed>) = 0 [pid 7603] <... close resumed>) = 0 [pid 7603] close(4) = 0 [pid 7603] mkdir("./file0", 0777) = 0 [ 165.365166][ T7603] loop0: detected capacity change from 0 to 32768 [pid 7603] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7602] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 165.409749][ T7603] BTRFS: device /dev/loop0 (7:0) using temp-fsid 9d8e2172-2cd4-4b31-8a28-39f8cbccc606 [ 165.430438][ T7602] loop1: detected capacity change from 0 to 32768 [pid 7602] ioctl(4, LOOP_SET_FD, 3 [pid 7583] <... mount resumed>) = 0 [pid 7602] <... ioctl resumed>) = 0 [pid 7583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7602] close(3 [pid 7583] <... openat resumed>) = 3 [pid 7602] <... close resumed>) = 0 [pid 7583] chdir("./file0" [pid 7602] close(4 [pid 7583] <... chdir resumed>) = 0 [pid 7602] <... close resumed>) = 0 [pid 7583] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7602] mkdir("./file0", 0777 [pid 7583] <... openat resumed>) = 4 [pid 7602] <... mkdir resumed>) = 0 [pid 7583] ioctl(4, LOOP_CLR_FD) = 0 [pid 7602] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7583] close(4) = 0 [pid 7583] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7583] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7583] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7583] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7583] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7583] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 165.459227][ T7603] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7603) [pid 7583] exit_group(0) = ? [pid 7583] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7583, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./20/binderfs") = 0 [ 165.523898][ T7603] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 165.534036][ T7602] BTRFS: device /dev/loop1 (7:1) using temp-fsid 0301a7f9-641b-44a9-a2b5-0bf43a2a5041 [ 165.534083][ T7602] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7602) [ 165.558427][ T7603] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5851] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7605] <... write resumed>) = 16777216 [pid 7605] munmap(0x7f362be00000, 138412032) = 0 [pid 7605] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 165.568636][ T7603] BTRFS info (device loop0): using free-space-tree [ 165.570318][ T7602] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7605] ioctl(4, LOOP_SET_FD, 3) = 0 [ 165.622620][ T7605] loop2: detected capacity change from 0 to 32768 [pid 7605] close(3) = 0 [pid 7605] close(4) = 0 [pid 7605] mkdir("./file0", 0777) = 0 [ 165.675467][ T7602] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 165.705025][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 165.715581][ T7605] BTRFS: device /dev/loop2 (7:2) using temp-fsid 8f9b895c-1663-4de8-9555-258c20731fdf [pid 7605] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 7604] <... write resumed>) = 16777216 [pid 7604] munmap(0x7f362be00000, 138412032) = 0 [pid 7604] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 165.764852][ T7602] BTRFS info (device loop1): using free-space-tree [ 165.784479][ T7605] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7605) [pid 7604] ioctl(4, LOOP_SET_FD, 3) = 0 [ 165.840346][ T7604] loop4: detected capacity change from 0 to 32768 [ 165.848942][ T7605] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 165.879605][ T7605] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 7604] close(3) = 0 [pid 7604] close(4) = 0 [pid 7604] mkdir("./file0", 0777) = 0 [pid 7604] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7603] <... mount resumed>) = 0 [pid 7603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7603] chdir("./file0") = 0 [ 165.904835][ T7605] BTRFS info (device loop2): using free-space-tree [ 165.922074][ T7604] BTRFS: device /dev/loop4 (7:4) using temp-fsid 674091b9-a13b-41fe-84ca-1e2ceb93dd96 [pid 7603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7603] ioctl(4, LOOP_CLR_FD) = 0 [pid 7603] close(4) = 0 [pid 7603] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 165.944851][ T7604] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7604) [pid 7603] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7603] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7603] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7603] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7603] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7603] exit_group(0) = ? [pid 7603] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7603, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- [pid 5848] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./20/binderfs") = 0 [ 166.009946][ T7604] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 166.040350][ T7604] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 5848] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7602] <... mount resumed>) = 0 [pid 7602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7602] chdir("./file0") = 0 [pid 7602] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7602] ioctl(4, LOOP_CLR_FD) = 0 [pid 7602] close(4) = 0 [pid 7602] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 166.066732][ T5848] BTRFS info (device loop0): last unmount of filesystem 9d8e2172-2cd4-4b31-8a28-39f8cbccc606 [ 166.092781][ T7604] BTRFS info (device loop4): using free-space-tree [pid 7602] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7602] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7602] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7602] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7602] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7602] exit_group(0) = ? [pid 7602] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7602, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=20 /* 0.20 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7605] <... mount resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./20/binderfs", [pid 7605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./20/binderfs" [pid 7605] <... openat resumed>) = 3 [pid 7605] chdir("./file0" [pid 5849] <... unlink resumed>) = 0 [pid 7605] <... chdir resumed>) = 0 [pid 5849] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7605] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7605] ioctl(4, LOOP_CLR_FD) = 0 [pid 7605] close(4) = 0 [pid 7605] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7605] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7605] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7605] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7605] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7605] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7605] exit_group(0) = ? [pid 7605] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7605, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 7604] <... mount resumed>) = 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 7604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7604] chdir("./file0" [ 166.282187][ T5849] BTRFS info (device loop1): last unmount of filesystem 0301a7f9-641b-44a9-a2b5-0bf43a2a5041 [pid 5850] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7604] <... chdir resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7604] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] newfstatat(3, "", [pid 7604] <... openat resumed>) = 4 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./20/binderfs") = 0 [pid 5850] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7604] ioctl(4, LOOP_CLR_FD) = 0 [pid 7604] close(4) = 0 [pid 7604] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7604] <... openat resumed>) = 4 [pid 5851] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 7604] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... close resumed>) = 0 [pid 7604] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] rmdir("./20/file0" [pid 5849] <... umount2 resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 7604] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5849] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7604] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] getdents64(3, [pid 7604] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7604] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] close(3 [pid 5849] newfstatat(AT_FDCWD, "./20/file0", [pid 7604] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] <... close resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7604] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] rmdir("./20" [pid 7604] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... rmdir resumed>) = 0 [pid 7604] exit_group(0 [pid 5851] mkdir("./21", 0777 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7604] <... exit_group resumed>) = ? [pid 5851] <... mkdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7604] +++ exited with 0 +++ [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... openat resumed>) = 4 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7604, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5851] <... openat resumed>) = 3 [pid 5849] newfstatat(4, "", [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] close(3 [pid 5849] getdents64(4, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] getdents64(4, [pid 5852] <... openat resumed>) = 3 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 7689 attached [pid 5852] newfstatat(3, "", [pid 5849] close(4 [pid 7689] set_robust_list(0x55558aa90660, 24 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7689] <... set_robust_list resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7689 [pid 5849] <... close resumed>) = 0 [pid 5852] getdents64(3, [pid 7689] chdir("./21" [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] rmdir("./20/file0" [pid 5852] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... rmdir resumed>) = 0 [pid 7689] <... chdir resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5849] getdents64(3, [pid 7689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 7689] setpgid(0, 0 [pid 5852] unlink("./20/binderfs" [pid 5849] close(3 [pid 5852] <... unlink resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 7689] <... setpgid resumed>) = 0 [pid 5849] rmdir("./20" [pid 7689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... rmdir resumed>) = 0 [pid 7689] write(3, "1000", 4 [pid 5849] mkdir("./21", 0777 [pid 7689] <... write resumed>) = 4 [ 166.443006][ T5850] BTRFS info (device loop2): last unmount of filesystem 8f9b895c-1663-4de8-9555-258c20731fdf [pid 7689] close(3 [pid 5849] <... mkdir resumed>) = 0 [pid 7689] <... close resumed>) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7689] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... openat resumed>) = 3 [pid 7689] <... symlink resumed>) = 0 [pid 7689] write(1, "executing program\n", 18 [pid 5849] ioctl(3, LOOP_CLR_FDexecuting program [pid 7689] <... write resumed>) = 18 [pid 5849] <... ioctl resumed>) = 0 [pid 5849] close(3) = 0 [pid 7689] memfd_create("syzkaller", 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7689] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 7690 attached [pid 7689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7690 [pid 7690] set_robust_list(0x55558aa90660, 24 [pid 7689] <... mmap resumed>) = 0x7f362be00000 [pid 7690] <... set_robust_list resumed>) = 0 [pid 7690] chdir("./21") = 0 [pid 7690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7690] setpgid(0, 0 [pid 5848] <... umount2 resumed>) = 0 [pid 7690] <... setpgid resumed>) = 0 [pid 7690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7690] <... openat resumed>) = 3 [pid 5848] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./20/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./20" [pid 7690] write(3, "1000", 4 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./21", 0777) = 0 [pid 7690] <... write resumed>) = 4 [pid 7690] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7690] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... openat resumed>) = 3 [ 166.566364][ T5852] BTRFS info (device loop4): last unmount of filesystem 674091b9-a13b-41fe-84ca-1e2ceb93dd96 executing program [pid 7690] <... symlink resumed>) = 0 [pid 7690] write(1, "executing program\n", 18) = 18 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7691 attached [pid 7691] set_robust_list(0x55558aa90660, 24 [pid 7690] memfd_create("syzkaller", 0 [pid 7691] <... set_robust_list resumed>) = 0 [pid 7690] <... memfd_create resumed>) = 3 [pid 7690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7691 [pid 7691] chdir("./21") = 0 [pid 7690] <... mmap resumed>) = 0x7f362be00000 [pid 7691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7691] setpgid(0, 0) = 0 [pid 7691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7691] write(3, "1000", 4) = 4 [pid 7691] close(3) = 0 [pid 7691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7691] write(1, "executing program\n", 18executing program ) = 18 [pid 7691] memfd_create("syzkaller", 0) = 3 [pid 7691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./20/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./20") = 0 [pid 5852] mkdir("./21", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7692 attached [pid 7692] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 7692 [pid 7692] <... set_robust_list resumed>) = 0 [pid 7692] chdir("./21") = 0 [pid 7692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7692] setpgid(0, 0) = 0 [pid 7692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7692] write(3, "1000", 4) = 4 [pid 7692] close(3) = 0 [pid 7692] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 7692] write(1, "executing program\n", 18) = 18 [pid 5850] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7692] memfd_create("syzkaller", 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./20/file0", [pid 7692] <... memfd_create resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7692] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./20/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./20") = 0 [pid 5850] mkdir("./21", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7693 attached [pid 7693] set_robust_list(0x55558aa90660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 7693 [pid 7693] <... set_robust_list resumed>) = 0 [pid 7693] chdir("./21") = 0 [pid 7693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7693] setpgid(0, 0) = 0 [pid 7693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7693] write(3, "1000", 4) = 4 [pid 7693] close(3 [pid 7690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7693] <... close resumed>) = 0 [pid 7693] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7693] write(1, "executing program\n", 18) = 18 [pid 7693] memfd_create("syzkaller", 0) = 3 [pid 7693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7689] <... write resumed>) = 16777216 [pid 7689] munmap(0x7f362be00000, 138412032) = 0 [pid 7689] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7689] close(3) = 0 [pid 7689] close(4) = 0 [pid 7689] mkdir("./file0", 0777) = 0 [pid 7693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 167.479671][ T7689] loop3: detected capacity change from 0 to 32768 [pid 7689] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7691] <... write resumed>) = 16777216 [ 167.536191][ T7689] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7689) [pid 7691] munmap(0x7f362be00000, 138412032 [pid 7690] <... write resumed>) = 16777216 [pid 7691] <... munmap resumed>) = 0 [pid 7690] munmap(0x7f362be00000, 138412032 [pid 7691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7691] ioctl(4, LOOP_SET_FD, 3 [pid 7690] <... munmap resumed>) = 0 [pid 7690] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7690] ioctl(4, LOOP_SET_FD, 3 [pid 7691] <... ioctl resumed>) = 0 [pid 7691] close(3) = 0 [pid 7691] close(4) = 0 [pid 7691] mkdir("./file0", 0777 [pid 7690] <... ioctl resumed>) = 0 [ 167.581783][ T7689] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 167.589844][ T7691] loop0: detected capacity change from 0 to 32768 [ 167.608458][ T7690] loop1: detected capacity change from 0 to 32768 [ 167.615106][ T7689] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 7690] close(3) = 0 [pid 7690] close(4 [pid 7691] <... mkdir resumed>) = 0 [pid 7690] <... close resumed>) = 0 [pid 7690] mkdir("./file0", 0777) = 0 [pid 7691] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 167.647298][ T7691] BTRFS: device /dev/loop0 (7:0) using temp-fsid 1f91f903-ad4a-482e-9faf-ea49f9c4d1eb [ 167.657880][ T7689] BTRFS info (device loop3): using free-space-tree [ 167.688386][ T7691] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7691) [ 167.713163][ T7690] BTRFS: device /dev/loop1 (7:1) using temp-fsid 6dee41be-401e-4174-874c-209714039d77 [pid 7690] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7692] <... write resumed>) = 16777216 [ 167.733366][ T7690] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7690) [ 167.747549][ T7691] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 167.760244][ T7691] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 7692] munmap(0x7f362be00000, 138412032) = 0 [pid 7692] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 167.784333][ T7691] BTRFS info (device loop0): using free-space-tree [ 167.800607][ T7690] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 167.818543][ T7692] loop4: detected capacity change from 0 to 32768 [pid 7692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7692] close(3) = 0 [pid 7692] close(4) = 0 [pid 7692] mkdir("./file0", 0777) = 0 [pid 7692] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7693] <... write resumed>) = 16777216 [pid 7693] munmap(0x7f362be00000, 138412032) = 0 [ 167.850052][ T7690] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 167.865609][ T7692] BTRFS: device /dev/loop4 (7:4) using temp-fsid 73a462d5-bdf1-4aca-9330-504e7651a095 [pid 7693] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7693] close(3) = 0 [pid 7693] close(4) = 0 [pid 7693] mkdir("./file0", 0777) = 0 [ 167.920994][ T7693] loop2: detected capacity change from 0 to 32768 [ 167.924518][ T7690] BTRFS info (device loop1): using free-space-tree [ 167.950607][ T7692] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7692) [ 168.021164][ T7693] BTRFS: device /dev/loop2 (7:2) using temp-fsid 9c362cd6-87cb-4a23-873a-b1da159a1a45 [ 168.035398][ T7692] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 168.056019][ T7692] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 7693] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 7689] <... mount resumed>) = 0 [pid 7689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7689] chdir("./file0") = 0 [pid 7689] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7689] ioctl(4, LOOP_CLR_FD) = 0 [pid 7689] close(4) = 0 [pid 7689] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7689] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7689] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [ 168.060032][ T7693] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7693) [ 168.089272][ T7692] BTRFS info (device loop4): using free-space-tree [pid 7689] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7689] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7691] <... mount resumed>) = 0 [pid 7689] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 7691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7689] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7691] <... openat resumed>) = 3 [pid 7689] exit_group(0 [pid 7691] chdir("./file0" [pid 7689] <... exit_group resumed>) = ? [pid 7691] <... chdir resumed>) = 0 [pid 7689] +++ exited with 0 +++ [pid 7691] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7689, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=23 /* 0.23 s */} --- [pid 7691] <... openat resumed>) = 4 [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 7691] ioctl(4, LOOP_CLR_FD [pid 5851] <... restart_syscall resumed>) = 0 [pid 7691] <... ioctl resumed>) = 0 [pid 5851] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7691] close(4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7691] <... close resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7691] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7691] <... openat resumed>) = 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./21/binderfs") = 0 [pid 5851] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 168.149665][ T7693] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 168.166270][ T7693] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 168.177406][ T7693] BTRFS info (device loop2): using free-space-tree [pid 7691] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7691] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7691] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7691] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7691] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7691] exit_group(0) = ? [pid 7691] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7691, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 5848] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./21/binderfs") = 0 [pid 5848] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7690] <... mount resumed>) = 0 [pid 7690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7690] chdir("./file0") = 0 [pid 7690] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7690] ioctl(4, LOOP_CLR_FD) = 0 [pid 7690] close(4) = 0 [pid 7690] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7690] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7690] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7690] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7690] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7690] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 168.298236][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 168.320250][ T5848] BTRFS info (device loop0): last unmount of filesystem 1f91f903-ad4a-482e-9faf-ea49f9c4d1eb [pid 7690] exit_group(0) = ? [pid 7690] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7690, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./21/binderfs") = 0 [pid 5849] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7693] <... mount resumed>) = 0 [pid 7692] <... mount resumed>) = 0 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] getdents64(4, [pid 7693] <... openat resumed>) = 3 [pid 7692] <... openat resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7693] chdir("./file0" [pid 7692] chdir("./file0" [pid 5848] getdents64(4, [pid 7693] <... chdir resumed>) = 0 [pid 7692] <... chdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7693] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] close(4 [pid 7692] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7693] <... openat resumed>) = 4 [pid 7692] <... openat resumed>) = 4 [pid 5848] <... close resumed>) = 0 [pid 7693] ioctl(4, LOOP_CLR_FD [pid 7692] ioctl(4, LOOP_CLR_FD [pid 5848] rmdir("./21/file0" [pid 7692] <... ioctl resumed>) = 0 [pid 7693] <... ioctl resumed>) = 0 [pid 7693] close(4 [pid 7692] close(4 [pid 5848] <... rmdir resumed>) = 0 [pid 7692] <... close resumed>) = 0 [ 168.547813][ T5849] BTRFS info (device loop1): last unmount of filesystem 6dee41be-401e-4174-874c-209714039d77 [pid 5848] getdents64(3, [pid 7693] <... close resumed>) = 0 [pid 7692] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7693] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 7692] <... openat resumed>) = 4 [pid 7693] <... openat resumed>) = 4 [pid 7692] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] close(3 [pid 7692] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... close resumed>) = 0 [pid 7692] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] rmdir("./21" [pid 7692] <... write resumed>) = 280 [pid 7692] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./22", 0777 [pid 7692] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7692] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... mkdir resumed>) = 0 [pid 7692] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7693] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] ioctl(3, LOOP_CLR_FD [pid 7693] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7692] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7692] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] close(3 [pid 7693] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] <... close resumed>) = 0 [pid 7693] <... write resumed>) = 280 [pid 7692] exit_group(0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7776 attached [pid 7693] bpf(BPF_MAP_CREATE, NULL, 0 [pid 7692] <... exit_group resumed>) = ? [pid 7693] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7693] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7693] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7693] exit_group(0) = ? [pid 7693] +++ exited with 0 +++ [pid 7776] set_robust_list(0x55558aa90660, 24 [pid 7692] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7693, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7776 [pid 7776] <... set_robust_list resumed>) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7692, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7776] chdir("./22" [pid 5852] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7776] <... chdir resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7776] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7776] <... prctl resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5850] newfstatat(3, "", [pid 7776] setpgid(0, 0 [pid 5852] newfstatat(3, "", [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7776] <... setpgid resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7776] <... openat resumed>) = 3 [pid 5852] getdents64(3, [pid 5851] <... umount2 resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] newfstatat(AT_FDCWD, "./21/binderfs", [pid 7776] write(3, "1000", 4 [pid 5852] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 7776] <... write resumed>) = 4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] unlink("./21/binderfs" [pid 5849] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7776] close(3 [pid 5852] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5851] newfstatat(AT_FDCWD, "./21/file0", [pid 5850] <... unlink resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] newfstatat(AT_FDCWD, "./21/file0", [pid 5850] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] unlink("./21/binderfs" [pid 7776] <... close resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... unlink resumed>) = 0 [pid 5849] <... openat resumed>) = 4 executing program [pid 7776] symlink("/dev/binderfs", "./binderfs" [pid 5852] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 5851] newfstatat(4, "", [pid 7776] <... symlink resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 5849] getdents64(4, [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7776] write(1, "executing program\n", 18 [pid 5849] getdents64(4, [pid 7776] <... write resumed>) = 18 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4 [pid 7776] memfd_create("syzkaller", 0 [pid 5849] <... close resumed>) = 0 [pid 7776] <... memfd_create resumed>) = 3 [pid 5849] rmdir("./21/file0" [pid 7776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] getdents64(4, [pid 5849] <... rmdir resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7776] <... mmap resumed>) = 0x7f362be00000 [pid 5851] close(4 [pid 5849] getdents64(3, [pid 5851] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] rmdir("./21/file0" [pid 5849] close(3 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5851] getdents64(3, [pid 5849] rmdir("./21" [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5851] close(3 [pid 5849] mkdir("./22", 0777 [pid 5851] <... close resumed>) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5851] rmdir("./21" [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5851] mkdir("./22", 0777) = 0 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5849] <... ioctl resumed>) = 0 [pid 5849] close(3 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5849] <... close resumed>) = 0 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7777 attached [pid 5851] close(3 [pid 7777] set_robust_list(0x55558aa90660, 24 [pid 5851] <... close resumed>) = 0 [pid 7777] <... set_robust_list resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7779 attached [pid 7777] chdir("./22" [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7777 [ 168.757833][ T5852] BTRFS info (device loop4): last unmount of filesystem 73a462d5-bdf1-4aca-9330-504e7651a095 [ 168.758047][ T5850] BTRFS info (device loop2): last unmount of filesystem 9c362cd6-87cb-4a23-873a-b1da159a1a45 [pid 7779] set_robust_list(0x55558aa90660, 24 [pid 7777] <... chdir resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7779 [pid 7777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7779] <... set_robust_list resumed>) = 0 [pid 7779] chdir("./22" [pid 7777] setpgid(0, 0) = 0 [pid 7779] <... chdir resumed>) = 0 [pid 7779] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7779] <... prctl resumed>) = 0 [pid 7777] write(3, "1000", 4) = 4 [pid 7779] setpgid(0, 0 [pid 7777] close(3) = 0 [pid 7777] symlink("/dev/binderfs", "./binderfs" [pid 7779] <... setpgid resumed>) = 0 [pid 7779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7777] <... symlink resumed>) = 0 executing program [pid 7779] write(3, "1000", 4 [pid 7777] write(1, "executing program\n", 18) = 18 [pid 7777] memfd_create("syzkaller", 0 [pid 7779] <... write resumed>) = 4 [pid 7779] close(3) = 0 [pid 7777] <... memfd_create resumed>) = 3 [pid 7779] symlink("/dev/binderfs", "./binderfs" [pid 7777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7779] <... symlink resumed>) = 0 [pid 7777] <... mmap resumed>) = 0x7f362be00000 executing program [pid 7779] write(1, "executing program\n", 18) = 18 [pid 7779] memfd_create("syzkaller", 0) = 3 [pid 7779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./21/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./21") = 0 [pid 5850] mkdir("./22", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 7780 ./strace-static-x86_64: Process 7780 attached [pid 7780] set_robust_list(0x55558aa90660, 24) = 0 [pid 7780] chdir("./22") = 0 [pid 7780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7780] setpgid(0, 0) = 0 [pid 7780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7780] write(3, "1000", 4) = 4 [pid 7780] close(3) = 0 [pid 7780] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7780] write(1, "executing program\n", 18) = 18 [pid 7780] memfd_create("syzkaller", 0) = 3 [pid 7780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 7777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] rmdir("./21/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./21") = 0 [pid 5852] mkdir("./22", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 7779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7781 attached , child_tidptr=0x55558aa90650) = 7781 [pid 7781] set_robust_list(0x55558aa90660, 24) = 0 [pid 7781] chdir("./22") = 0 [pid 7781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7781] setpgid(0, 0) = 0 [pid 7781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7781] write(3, "1000", 4) = 4 [pid 7781] close(3) = 0 [pid 7781] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7781] write(1, "executing program\n", 18) = 18 [pid 7781] memfd_create("syzkaller", 0) = 3 [pid 7781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7776] <... write resumed>) = 16777216 [pid 7776] munmap(0x7f362be00000, 138412032) = 0 [pid 7776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7776] close(3) = 0 [pid 7776] close(4) = 0 [pid 7776] mkdir("./file0", 0777) = 0 [ 169.744488][ T7776] loop0: detected capacity change from 0 to 32768 [pid 7776] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7777] <... write resumed>) = 16777216 [pid 7777] munmap(0x7f362be00000, 138412032 [pid 7779] <... write resumed>) = 16777216 [pid 7777] <... munmap resumed>) = 0 [pid 7777] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 169.807039][ T7776] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7776) [pid 7777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7779] munmap(0x7f362be00000, 138412032) = 0 [pid 7777] close(3) = 0 [pid 7777] close(4) = 0 [ 169.850704][ T7777] loop1: detected capacity change from 0 to 32768 [ 169.879215][ T7776] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7777] mkdir("./file0", 0777) = 0 [pid 7777] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7779] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 169.900591][ T7777] BTRFS: device /dev/loop1 (7:1) using temp-fsid 863ba352-5ac8-4802-ab66-23ba81a662f4 [ 169.917623][ T7776] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 7779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7779] close(3) = 0 [pid 7779] close(4) = 0 [pid 7779] mkdir("./file0", 0777) = 0 [ 169.941036][ T7777] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7777) [ 169.949479][ T7779] loop3: detected capacity change from 0 to 32768 [ 169.968026][ T7776] BTRFS info (device loop0): using free-space-tree [ 170.005268][ T7779] BTRFS: device /dev/loop3 (7:3) using temp-fsid 90e9f6ff-409e-42e6-816e-2dd7be7b64b6 [ 170.026392][ T7779] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7779) [ 170.043115][ T7777] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 170.074916][ T7777] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 170.103782][ T7779] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7779] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7780] <... write resumed>) = 16777216 [pid 7776] <... mount resumed>) = 0 [pid 7776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 170.130344][ T7777] BTRFS info (device loop1): using free-space-tree [pid 7780] munmap(0x7f362be00000, 138412032 [pid 7776] chdir("./file0" [pid 7780] <... munmap resumed>) = 0 [pid 7776] <... chdir resumed>) = 0 [pid 7776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7776] ioctl(4, LOOP_CLR_FD) = 0 [pid 7776] close(4) = 0 [pid 7776] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7776] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7776] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7776] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7776] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 170.174498][ T7779] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 7776] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7776] exit_group(0) = ? [pid 7776] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7776, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- [pid 5848] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7780] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] newfstatat(3, "", [pid 7780] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7780] ioctl(4, LOOP_SET_FD, 3 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./22/binderfs", [pid 7780] <... ioctl resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7780] close(3 [pid 5848] unlink("./22/binderfs" [pid 7780] <... close resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 7780] close(4 [pid 5848] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7780] <... close resumed>) = 0 [ 170.245351][ T7780] loop2: detected capacity change from 0 to 32768 [ 170.253395][ T7779] BTRFS info (device loop3): using free-space-tree [pid 7780] mkdir("./file0", 0777) = 0 [ 170.292175][ T7780] BTRFS: device /dev/loop2 (7:2) using temp-fsid 8cdbcc10-a682-4c95-b3d7-ae246b56d95f [ 170.337944][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 170.363044][ T7780] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7780) [pid 7780] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 7781] <... write resumed>) = 16777216 [pid 7781] munmap(0x7f362be00000, 138412032) = 0 [pid 7777] <... mount resumed>) = 0 [pid 7777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7777] chdir("./file0") = 0 [pid 7777] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7777] ioctl(4, LOOP_CLR_FD [pid 7781] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7777] <... ioctl resumed>) = 0 [pid 7777] close(4) = 0 [pid 7777] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7781] <... openat resumed>) = 4 [pid 7777] <... openat resumed>) = 4 [ 170.431414][ T7780] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 170.461110][ T7780] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 170.471083][ T7780] BTRFS info (device loop2): using free-space-tree [pid 7781] ioctl(4, LOOP_SET_FD, 3 [pid 7777] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7777] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7777] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7777] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7777] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7777] exit_group(0) = ? [pid 7777] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7777, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 7781] <... ioctl resumed>) = 0 [pid 7781] close(3) = 0 [pid 7781] close(4) = 0 [pid 7781] mkdir("./file0", 0777 [pid 5849] <... restart_syscall resumed>) = 0 [ 170.508282][ T7781] loop4: detected capacity change from 0 to 32768 [pid 7781] <... mkdir resumed>) = 0 [pid 7779] <... mount resumed>) = 0 [pid 5849] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7781] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7779] <... openat resumed>) = 3 [pid 5849] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... umount2 resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./22/binderfs") = 0 [pid 5849] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 7779] chdir("./file0") = 0 [pid 5848] getdents64(4, [pid 7779] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7779] <... openat resumed>) = 4 [pid 5848] close(4 [pid 7779] ioctl(4, LOOP_CLR_FD [pid 5848] <... close resumed>) = 0 [pid 7779] <... ioctl resumed>) = 0 [pid 5848] rmdir("./22/file0" [pid 7779] close(4 [pid 5848] <... rmdir resumed>) = 0 [pid 7779] <... close resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 7779] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 170.576501][ T7781] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7781) [pid 5848] rmdir("./22" [pid 7779] <... openat resumed>) = 4 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./23", 0777) = 0 [pid 7779] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7779] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7779] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7779] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... openat resumed>) = 3 [pid 7779] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 7779] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7779] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7779] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7779] exit_group(0) = ? [pid 7779] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7779, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7846 ./strace-static-x86_64: Process 7846 attached [pid 5851] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7846] set_robust_list(0x55558aa90660, 24 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", [pid 7846] <... set_robust_list resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7846] chdir("./23" [pid 5851] newfstatat(AT_FDCWD, "./22/binderfs", [pid 7846] <... chdir resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7846] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] unlink("./22/binderfs" [pid 7846] <... prctl resumed>) = 0 [pid 5851] <... unlink resumed>) = 0 [pid 7846] setpgid(0, 0 [pid 5851] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7846] <... setpgid resumed>) = 0 [pid 7846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 170.626036][ T7781] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7846] write(3, "1000", 4) = 4 [pid 7780] <... mount resumed>) = 0 [pid 7780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7846] close(3 [pid 7780] chdir("./file0" [pid 7846] <... close resumed>) = 0 [pid 7846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7780] <... chdir resumed>) = 0 [pid 7846] write(1, "executing program\n", 18 [pid 7780] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 7846] <... write resumed>) = 18 [pid 7780] <... openat resumed>) = 4 [pid 7846] memfd_create("syzkaller", 0) = 3 [pid 7780] ioctl(4, LOOP_CLR_FD [pid 7846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7780] <... ioctl resumed>) = 0 [pid 7846] <... mmap resumed>) = 0x7f362be00000 [pid 7780] close(4) = 0 [pid 7780] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7780] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7780] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7780] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 170.679465][ T7781] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 170.690510][ T5849] BTRFS info (device loop1): last unmount of filesystem 863ba352-5ac8-4802-ab66-23ba81a662f4 [ 170.715586][ T7781] BTRFS info (device loop4): using free-space-tree [pid 7780] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7780] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7780] exit_group(0) = ? [pid 7780] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7780, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5850] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./22/binderfs") = 0 [ 170.787782][ T5851] BTRFS info (device loop3): last unmount of filesystem 90e9f6ff-409e-42e6-816e-2dd7be7b64b6 [pid 5850] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./22/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./22") = 0 [pid 5849] mkdir("./23", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 170.843558][ T5850] BTRFS info (device loop2): last unmount of filesystem 8cdbcc10-a682-4c95-b3d7-ae246b56d95f [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7865 attached [pid 7865] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7865 [pid 7865] <... set_robust_list resumed>) = 0 [pid 7865] chdir("./23" [pid 7781] <... mount resumed>) = 0 [pid 7781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7781] chdir("./file0") = 0 [pid 7781] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7781] ioctl(4, LOOP_CLR_FD) = 0 [pid 7781] close(4) = 0 [pid 7781] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7865] <... chdir resumed>) = 0 [pid 7781] <... openat resumed>) = 4 [pid 7865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7865] setpgid(0, 0) = 0 [pid 7865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7865] write(3, "1000", 4) = 4 [pid 7865] close(3 [pid 7781] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7865] <... close resumed>) = 0 [pid 7781] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 7865] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7781] <... write resumed>) = 280 [pid 7865] write(1, "executing program\n", 18) = 18 [pid 7781] bpf(BPF_MAP_CREATE, NULL, 0 [pid 7865] memfd_create("syzkaller", 0 [pid 7781] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7865] <... memfd_create resumed>) = 3 [pid 7865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7781] bpf(BPF_PROG_LOAD, NULL, 0 [pid 7865] <... mmap resumed>) = 0x7f362be00000 [pid 7781] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 7781] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7781] exit_group(0) = ? [pid 7781] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7781, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./22/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./22") = 0 [pid 5852] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] mkdir("./23", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5852] getdents64(3, [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] <... ioctl resumed>) = 0 [pid 5851] close(3 [pid 5852] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./22/binderfs"./strace-static-x86_64: Process 7866 attached ) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7866 [pid 7866] set_robust_list(0x55558aa90660, 24) = 0 [pid 7866] chdir("./23" [pid 5852] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7866] <... chdir resumed>) = 0 [pid 7866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7866] setpgid(0, 0) = 0 [pid 7866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7866] write(3, "1000", 4) = 4 [pid 7866] close(3) = 0 [pid 7866] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7866] write(1, "executing program\n", 18) = 18 [pid 7866] memfd_create("syzkaller", 0) = 3 [pid 7866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 171.180008][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./22/file0") = 0 [pid 7865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./22") = 0 [pid 5850] mkdir("./23", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 7867 ./strace-static-x86_64: Process 7867 attached [pid 7867] set_robust_list(0x55558aa90660, 24) = 0 [pid 7867] chdir("./23") = 0 [pid 7867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7867] setpgid(0, 0) = 0 [pid 7867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... umount2 resumed>) = 0 [pid 7867] <... openat resumed>) = 3 [pid 7867] write(3, "1000", 4) = 4 [pid 7867] close(3) = 0 [pid 7867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7867] write(1, "executing program\n", 18executing program ) = 18 [pid 5852] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7867] memfd_create("syzkaller", 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7867] <... memfd_create resumed>) = 3 [pid 7867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] newfstatat(AT_FDCWD, "./22/file0", [pid 7867] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./22/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./22") = 0 [pid 5852] mkdir("./23", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7868 attached [pid 7868] set_robust_list(0x55558aa90660, 24) = 0 [pid 7868] chdir("./23") = 0 [pid 7868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7868] setpgid(0, 0) = 0 [pid 7868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7868] write(3, "1000", 4 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 7868 [pid 7868] <... write resumed>) = 4 [pid 7868] close(3) = 0 [pid 7868] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7868] write(1, "executing program\n", 18) = 18 [pid 7868] memfd_create("syzkaller", 0) = 3 [pid 7868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7846] <... write resumed>) = 16777216 [pid 7846] munmap(0x7f362be00000, 138412032) = 0 [pid 7846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7846] close(3) = 0 [pid 7846] close(4) = 0 [pid 7846] mkdir("./file0", 0777) = 0 [pid 7865] <... write resumed>) = 16777216 [pid 7846] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7865] munmap(0x7f362be00000, 138412032) = 0 [pid 7865] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 171.861549][ T7846] loop0: detected capacity change from 0 to 32768 [ 171.898006][ T7846] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7846) [pid 7865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7865] close(3) = 0 [pid 7865] close(4) = 0 [ 171.933174][ T7865] loop1: detected capacity change from 0 to 32768 [ 171.941391][ T7846] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7865] mkdir("./file0", 0777) = 0 [ 171.975976][ T7846] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 171.995947][ T7865] BTRFS: device /dev/loop1 (7:1) using temp-fsid 545735e4-cd8a-4b05-9fee-1892e6746254 [ 172.017193][ T7846] BTRFS info (device loop0): using free-space-tree [pid 7865] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 172.024539][ T7865] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7865) [pid 7867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 172.072999][ T7865] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 172.110072][ T7865] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 7868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7866] <... write resumed>) = 16777216 [pid 7866] munmap(0x7f362be00000, 138412032) = 0 [pid 7866] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 172.149344][ T7865] BTRFS info (device loop1): using free-space-tree [pid 7866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7866] close(3) = 0 [pid 7866] close(4) = 0 [pid 7866] mkdir("./file0", 0777) = 0 [ 172.197016][ T7866] loop3: detected capacity change from 0 to 32768 [pid 7866] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7846] <... mount resumed>) = 0 [pid 7846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7846] chdir("./file0") = 0 [pid 7846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7846] ioctl(4, LOOP_CLR_FD) = 0 [pid 7846] close(4) = 0 [pid 7846] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7846] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7846] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7846] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7846] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7846] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7846] exit_group(0) = ? [pid 7846] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7846, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [ 172.257648][ T7866] BTRFS: device /dev/loop3 (7:3) using temp-fsid 3a03affa-53c4-4968-b851-5f34eee8c688 [ 172.279281][ T7866] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7866) [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 172.338248][ T7866] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./23/binderfs") = 0 [ 172.399268][ T7866] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 5848] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7865] <... mount resumed>) = 0 [pid 7865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 172.458932][ T7866] BTRFS info (device loop3): using free-space-tree [pid 7865] chdir("./file0") = 0 [pid 7865] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7865] ioctl(4, LOOP_CLR_FD) = 0 [pid 7865] close(4) = 0 [ 172.501829][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7865] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7865] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7865] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7865] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7865] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7865] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7865] exit_group(0) = ? [pid 7865] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7865, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5849] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./23/binderfs") = 0 [pid 5849] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7867] <... write resumed>) = 16777216 [pid 7867] munmap(0x7f362be00000, 138412032 [pid 7866] <... mount resumed>) = 0 [pid 7866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7866] chdir("./file0") = 0 [pid 7866] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7866] ioctl(4, LOOP_CLR_FD) = 0 [pid 7866] close(4) = 0 [pid 7866] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7868] <... write resumed>) = 16777216 [pid 7868] munmap(0x7f362be00000, 138412032 [pid 7866] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7866] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7866] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7866] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7866] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7866] exit_group(0) = ? [pid 7866] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7866, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7868] <... munmap resumed>) = 0 [pid 7868] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7867] <... munmap resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7868] <... openat resumed>) = 4 [ 172.652583][ T5849] BTRFS info (device loop1): last unmount of filesystem 545735e4-cd8a-4b05-9fee-1892e6746254 [pid 7867] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7868] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 7867] <... openat resumed>) = 4 [pid 5851] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./23/binderfs") = 0 [pid 5851] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7868] <... ioctl resumed>) = 0 [pid 7868] close(3 [pid 7867] ioctl(4, LOOP_SET_FD, 3 [pid 7868] <... close resumed>) = 0 [pid 7868] close(4) = 0 [pid 7868] mkdir("./file0", 0777 [pid 7867] <... ioctl resumed>) = 0 [pid 7868] <... mkdir resumed>) = 0 [pid 7867] close(3 [pid 7868] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7867] <... close resumed>) = 0 [pid 7867] close(4) = 0 [ 172.699431][ T7868] loop4: detected capacity change from 0 to 32768 [ 172.727438][ T7867] loop2: detected capacity change from 0 to 32768 [pid 7867] mkdir("./file0", 0777) = 0 [ 172.770894][ T7868] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7868) [ 172.771582][ T5851] BTRFS info (device loop3): last unmount of filesystem 3a03affa-53c4-4968-b851-5f34eee8c688 [pid 7867] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] <... umount2 resumed>) = 0 [ 172.879260][ T7867] BTRFS: device /dev/loop2 (7:2) using temp-fsid ed99d7f8-3214-4884-afd0-64a99421c8a9 [ 172.888891][ T7867] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7867) [ 172.903864][ T7868] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] newfstatat(AT_FDCWD, "./23/file0", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] newfstatat(AT_FDCWD, "./23/file0", [pid 5849] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 172.936357][ T7868] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 172.958461][ T7867] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 5851] <... umount2 resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(4, [pid 5851] newfstatat(AT_FDCWD, "./23/file0", [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... openat resumed>) = 4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] getdents64(4, [pid 5848] newfstatat(4, "", [pid 5851] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] close(4 [pid 5851] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] getdents64(4, [pid 5849] <... close resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 5849] rmdir("./23/file0" [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] getdents64(4, [pid 5849] getdents64(3, [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [ 172.981602][ T7868] BTRFS info (device loop4): using free-space-tree [pid 5851] newfstatat(4, "", [pid 5848] close(4 [pid 5849] close(3) = 0 [pid 5848] <... close resumed>) = 0 [pid 5849] rmdir("./23" [pid 5848] rmdir("./23/file0" [pid 5849] <... rmdir resumed>) = 0 [pid 5849] mkdir("./24", 0777 [pid 5848] <... rmdir resumed>) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./23") = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 5848] mkdir("./24", 0777 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5851] close(4 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5851] <... close resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5851] rmdir("./23/file0" [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] close(3) = 0 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] getdents64(3, [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7923 attached [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3./strace-static-x86_64: Process 7924 attached [pid 7923] set_robust_list(0x55558aa90660, 24 [pid 5851] <... close resumed>) = 0 [pid 7924] set_robust_list(0x55558aa90660, 24 [pid 7923] <... set_robust_list resumed>) = 0 [pid 5851] rmdir("./23" [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 7923 [pid 7924] <... set_robust_list resumed>) = 0 [pid 7923] chdir("./24" [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 7924 [pid 7924] chdir("./24" [pid 7923] <... chdir resumed>) = 0 [pid 5851] mkdir("./24", 0777 [pid 7923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] <... mkdir resumed>) = 0 [pid 7924] <... chdir resumed>) = 0 [pid 7923] <... prctl resumed>) = 0 [ 173.012002][ T7867] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 7924] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7923] setpgid(0, 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7928 attached [pid 7924] <... prctl resumed>) = 0 [pid 7923] <... setpgid resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 7928 [pid 7923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7924] setpgid(0, 0 [pid 7923] write(3, "1000", 4 [pid 7924] <... setpgid resumed>) = 0 [pid 7923] <... write resumed>) = 4 [pid 7928] set_robust_list(0x55558aa90660, 24 [pid 7923] close(3 [pid 7928] <... set_robust_list resumed>) = 0 [pid 7924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7928] chdir("./24" [pid 7923] <... close resumed>) = 0 [pid 7928] <... chdir resumed>) = 0 [pid 7923] symlink("/dev/binderfs", "./binderfs"executing program [pid 7928] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7924] <... openat resumed>) = 3 [pid 7923] <... symlink resumed>) = 0 [pid 7924] write(3, "1000", 4 [pid 7928] <... prctl resumed>) = 0 [pid 7923] write(1, "executing program\n", 18) = 18 [pid 7928] setpgid(0, 0 [pid 7923] memfd_create("syzkaller", 0 [pid 7928] <... setpgid resumed>) = 0 [pid 7924] <... write resumed>) = 4 [pid 7928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7924] close(3 [pid 7923] <... memfd_create resumed>) = 3 [pid 7923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7924] <... close resumed>) = 0 [pid 7923] <... mmap resumed>) = 0x7f362be00000 [pid 7924] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7924] write(1, "executing program\n", 18 [pid 7928] <... openat resumed>) = 3 [pid 7924] <... write resumed>) = 18 [pid 7924] memfd_create("syzkaller", 0) = 3 [ 173.079099][ T7867] BTRFS info (device loop2): using free-space-tree [pid 7924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7928] write(3, "1000", 4) = 4 [pid 7928] close(3) = 0 [pid 7928] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7928] write(1, "executing program\n", 18) = 18 [pid 7928] memfd_create("syzkaller", 0) = 3 [pid 7928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7868] <... mount resumed>) = 0 [pid 7868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7868] chdir("./file0") = 0 [pid 7868] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7868] ioctl(4, LOOP_CLR_FD) = 0 [pid 7868] close(4) = 0 [pid 7868] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7868] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7868] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7868] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7868] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7868] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7868] exit_group(0) = ? [pid 7868] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7868, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=25 /* 0.25 s */} --- [pid 5852] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./23/binderfs") = 0 [pid 5852] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 173.347223][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7867] <... mount resumed>) = 0 [pid 7867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7867] chdir("./file0") = 0 [pid 7867] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7867] ioctl(4, LOOP_CLR_FD) = 0 [pid 7867] close(4) = 0 [pid 7867] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7867] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7867] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5852] <... umount2 resumed>) = 0 [pid 7867] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7867] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7867] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] newfstatat(AT_FDCWD, "./23/file0", [pid 7867] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 7867] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7867] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7867] exit_group(0) = ? [pid 7867] +++ exited with 0 +++ [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7867, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=34 /* 0.34 s */} --- [pid 5852] <... openat resumed>) = 4 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, [pid 5850] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] close(4) = 0 [pid 5850] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] rmdir("./23/file0") = 0 [pid 5850] newfstatat(3, "", [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] close(3 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] <... close resumed>) = 0 [pid 5850] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] rmdir("./23" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5852] <... rmdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./23/binderfs") = 0 [pid 5850] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] mkdir("./24", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7953 attached , child_tidptr=0x55558aa90650) = 7953 [pid 7953] set_robust_list(0x55558aa90660, 24) = 0 [pid 7953] chdir("./24") = 0 [pid 7953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7953] setpgid(0, 0) = 0 [pid 7953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7953] write(3, "1000", 4) = 4 [pid 7953] close(3) = 0 [pid 7953] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7953] write(1, "executing program\n", 18) = 18 [ 173.600310][ T5850] BTRFS info (device loop2): last unmount of filesystem ed99d7f8-3214-4884-afd0-64a99421c8a9 [pid 7953] memfd_create("syzkaller", 0) = 3 [pid 7953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7924] <... write resumed>) = 16777216 [pid 7924] munmap(0x7f362be00000, 138412032) = 0 [pid 7924] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7924] close(3) = 0 [pid 7924] close(4) = 0 [pid 7924] mkdir("./file0", 0777) = 0 [ 173.870445][ T7924] loop1: detected capacity change from 0 to 32768 [pid 7924] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./23/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./23") = 0 [ 173.914394][ T7924] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (7924) [pid 5850] mkdir("./24", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7923] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 7954 attached [pid 7954] set_robust_list(0x55558aa90660, 24 [pid 7923] munmap(0x7f362be00000, 138412032 [pid 7954] <... set_robust_list resumed>) = 0 [pid 7923] <... munmap resumed>) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 7954 [pid 7954] chdir("./24") = 0 [pid 7954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7954] setpgid(0, 0) = 0 [pid 7954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7923] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7954] <... openat resumed>) = 3 [pid 7954] write(3, "1000", 4) = 4 [pid 7923] <... openat resumed>) = 4 [pid 7923] ioctl(4, LOOP_SET_FD, 3executing program [pid 7954] close(3) = 0 [pid 7954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7954] write(1, "executing program\n", 18) = 18 [pid 7954] memfd_create("syzkaller", 0) = 3 [pid 7954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7923] <... ioctl resumed>) = 0 [pid 7923] close(3) = 0 [pid 7923] close(4) = 0 [pid 7923] mkdir("./file0", 0777) = 0 [ 174.012713][ T7924] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 174.038214][ T7923] loop0: detected capacity change from 0 to 32768 [ 174.048775][ T7924] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 174.081042][ T7923] BTRFS: device /dev/loop0 (7:0) using temp-fsid 682d0623-db25-4274-921c-f452520bf8f7 [ 174.099291][ T7924] BTRFS info (device loop1): using free-space-tree [pid 7923] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 7953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7928] <... write resumed>) = 16777216 [ 174.129845][ T7923] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (7923) [pid 7928] munmap(0x7f362be00000, 138412032) = 0 [pid 7928] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 174.181752][ T7923] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7928] close(3) = 0 [pid 7928] close(4) = 0 [pid 7928] mkdir("./file0", 0777) = 0 [ 174.228881][ T7928] loop3: detected capacity change from 0 to 32768 [ 174.252985][ T7923] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 174.278685][ T7928] BTRFS: device /dev/loop3 (7:3) using temp-fsid 331856e9-8f3c-409c-951b-df4479910a8c [ 174.290476][ T7928] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (7928) [ 174.308441][ T7928] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 174.317936][ T7923] BTRFS info (device loop0): using free-space-tree [pid 7928] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 7924] <... mount resumed>) = 0 [pid 7924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7924] chdir("./file0") = 0 [pid 7924] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7924] ioctl(4, LOOP_CLR_FD) = 0 [pid 7924] close(4) = 0 [pid 7924] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 174.326251][ T7928] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 174.336602][ T7928] BTRFS info (device loop3): using free-space-tree [pid 7924] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7924] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7924] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7924] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7924] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7924] exit_group(0) = ? [pid 7924] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7924, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=22 /* 0.22 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 7954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5849] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./24/binderfs") = 0 [pid 5849] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7928] <... mount resumed>) = 0 [pid 7923] <... mount resumed>) = 0 [pid 7928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7928] <... openat resumed>) = 3 [pid 7928] chdir("./file0" [pid 7923] <... openat resumed>) = 3 [pid 7928] <... chdir resumed>) = 0 [pid 7923] chdir("./file0" [pid 7928] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7923] <... chdir resumed>) = 0 [pid 7928] <... openat resumed>) = 4 [pid 7928] ioctl(4, LOOP_CLR_FD) = 0 [pid 7928] close(4) = 0 [pid 7928] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7928] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7928] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7923] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7928] bpf(BPF_MAP_CREATE, NULL, 0 [pid 7923] <... openat resumed>) = 4 [pid 7928] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7923] ioctl(4, LOOP_CLR_FD [pid 7928] bpf(BPF_PROG_LOAD, NULL, 0 [pid 7923] <... ioctl resumed>) = 0 [pid 7928] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 7923] close(4 [pid 7928] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 7923] <... close resumed>) = 0 [pid 7928] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 7923] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7928] exit_group(0) = ? [pid 7928] +++ exited with 0 +++ [pid 7923] <... openat resumed>) = 4 [pid 7923] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7928, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=23 /* 0.23 s */} --- [pid 7923] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 7923] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... restart_syscall resumed>) = 0 [pid 7923] <... write resumed>) = 280 [pid 7923] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7923] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(3, "", [pid 7923] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7923] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] getdents64(3, [pid 7923] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 174.593588][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 7923] exit_group(0 [pid 5851] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7923] <... exit_group resumed>) = ? [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7923] +++ exited with 0 +++ [pid 5851] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./24/binderfs" [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7923, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5848] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... unlink resumed>) = 0 [pid 5851] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./24/binderfs") = 0 [pid 5848] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7953] <... write resumed>) = 16777216 [ 174.740241][ T5851] BTRFS info (device loop3): last unmount of filesystem 331856e9-8f3c-409c-951b-df4479910a8c [ 174.761268][ T5848] BTRFS info (device loop0): last unmount of filesystem 682d0623-db25-4274-921c-f452520bf8f7 [pid 7953] munmap(0x7f362be00000, 138412032) = 0 [pid 7953] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7953] close(3) = 0 [pid 7953] close(4) = 0 [pid 7953] mkdir("./file0", 0777) = 0 [ 174.822829][ T7953] loop4: detected capacity change from 0 to 32768 [ 174.861074][ T7953] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (7953) [pid 7953] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 7954] <... write resumed>) = 16777216 [pid 7954] munmap(0x7f362be00000, 138412032 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7954] <... munmap resumed>) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./24/file0" [pid 7954] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5849] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 7954] <... openat resumed>) = 4 [pid 5849] rmdir("./24") = 0 [ 174.917738][ T7953] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 174.957724][ T7953] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 5849] mkdir("./25", 0777 [pid 7954] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... mkdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8003 attached , child_tidptr=0x55558aa90650) = 8003 [pid 8003] set_robust_list(0x55558aa90660, 24) = 0 [pid 8003] chdir("./25") = 0 [pid 8003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8003] setpgid(0, 0) = 0 [pid 8003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8003] write(3, "1000", 4) = 4 [pid 8003] close(3) = 0 [pid 8003] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8003] write(1, "executing program\n", 18) = 18 [pid 8003] memfd_create("syzkaller", 0) = 3 [pid 7954] <... ioctl resumed>) = 0 [pid 8003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 7954] close(3) = 0 [pid 7954] close(4) = 0 [pid 7954] mkdir("./file0", 0777) = 0 [ 174.974442][ T7954] loop2: detected capacity change from 0 to 32768 [ 174.999500][ T7953] BTRFS info (device loop4): using free-space-tree [ 175.044080][ T7954] BTRFS: device /dev/loop2 (7:2) using temp-fsid 7a56f574-ee3e-4e6c-a774-e2af8565a42d [pid 7954] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./24/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./24") = 0 [pid 5848] mkdir("./25", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [ 175.102336][ T7954] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (7954) [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8018 attached , child_tidptr=0x55558aa90650) = 8018 [pid 8018] set_robust_list(0x55558aa90660, 24) = 0 [pid 8018] chdir("./25") = 0 [pid 8018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8018] setpgid(0, 0) = 0 [pid 8003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 8018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8018] <... openat resumed>) = 3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8018] write(3, "1000", 4) = 4 [pid 5851] newfstatat(AT_FDCWD, "./24/file0", [pid 8018] close(3) = 0 [pid 7953] <... mount resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5851] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7953] <... openat resumed>) = 3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7953] chdir("./file0" [pid 5851] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7953] <... chdir resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 7953] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 175.216174][ T7954] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] newfstatat(4, "", executing program [pid 8018] write(1, "executing program\n", 18 [pid 7953] <... openat resumed>) = 4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8018] <... write resumed>) = 18 [pid 8018] memfd_create("syzkaller", 0 [pid 5851] getdents64(4, [pid 8018] <... memfd_create resumed>) = 3 [pid 8018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7953] ioctl(4, LOOP_CLR_FD [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8018] <... mmap resumed>) = 0x7f362be00000 [pid 7953] <... ioctl resumed>) = 0 [pid 5851] getdents64(4, [pid 7953] close(4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 7953] <... close resumed>) = 0 [pid 5851] close(4 [pid 7953] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... close resumed>) = 0 [pid 7953] <... openat resumed>) = 4 [pid 5851] rmdir("./24/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./24") = 0 [pid 7953] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 7953] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 7953] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] mkdir("./25", 0777 [pid 7953] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... mkdir resumed>) = 0 [pid 7953] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7953] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] <... openat resumed>) = 3 [pid 7953] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 7953] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7953] exit_group(0 [pid 5851] close(3) = 0 [pid 7953] <... exit_group resumed>) = ? [pid 7953] +++ exited with 0 +++ [ 175.273042][ T7954] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7953, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=32 /* 0.32 s */} --- [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 8022 attached ) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 8022 [pid 8022] set_robust_list(0x55558aa90660, 24 [pid 5852] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8022] <... set_robust_list resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, [pid 8022] chdir("./25" [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 8022] <... chdir resumed>) = 0 [pid 8022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8022] setpgid(0, 0) = 0 [pid 8022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8022] write(3, "1000", 4) = 4 [pid 8022] close(3) = 0 [pid 8022] symlink("/dev/binderfs", "./binderfs" [pid 5852] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8022] <... symlink resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5852] newfstatat(AT_FDCWD, "./24/binderfs", [pid 8022] write(1, "executing program\n", 18) = 18 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./24/binderfs" [pid 8022] memfd_create("syzkaller", 0 [pid 5852] <... unlink resumed>) = 0 [pid 8022] <... memfd_create resumed>) = 3 [pid 5852] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 175.349501][ T7954] BTRFS info (device loop2): using free-space-tree [ 175.453450][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./24/file0" [pid 8003] <... write resumed>) = 16777216 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./24") = 0 [pid 5852] mkdir("./25", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3 [pid 8003] munmap(0x7f362be00000, 138412032 [pid 5852] <... close resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8038 attached [pid 8038] set_robust_list(0x55558aa90660, 24) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 8038 [pid 8038] chdir("./25") = 0 [pid 8038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8038] setpgid(0, 0) = 0 [pid 8038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7954] <... mount resumed>) = 0 [pid 7954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8038] <... openat resumed>) = 3 [pid 7954] <... openat resumed>) = 3 [pid 8038] write(3, "1000", 4 [pid 8003] <... munmap resumed>) = 0 [pid 7954] chdir("./file0") = 0 [pid 8003] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7954] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8038] <... write resumed>) = 4 [pid 8038] close(3 [pid 7954] <... openat resumed>) = 4 [pid 8003] ioctl(4, LOOP_SET_FD, 3 [pid 8038] <... close resumed>) = 0 [pid 7954] ioctl(4, LOOP_CLR_FDexecuting program [pid 8038] symlink("/dev/binderfs", "./binderfs" [pid 7954] <... ioctl resumed>) = 0 [pid 8038] <... symlink resumed>) = 0 [pid 7954] close(4 [pid 8038] write(1, "executing program\n", 18 [pid 7954] <... close resumed>) = 0 [pid 8038] <... write resumed>) = 18 [pid 7954] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8038] memfd_create("syzkaller", 0) = 3 [pid 7954] <... openat resumed>) = 4 [pid 8038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8003] <... ioctl resumed>) = 0 [pid 7954] ioctl(-1, SIOCGIFINDEX, NULL [pid 8003] close(3 [pid 7954] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8003] <... close resumed>) = 0 [pid 7954] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8003] close(4) = 0 [pid 7954] <... write resumed>) = 280 [pid 8003] mkdir("./file0", 0777 [ 175.650290][ T8003] loop1: detected capacity change from 0 to 32768 [pid 7954] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8003] <... mkdir resumed>) = 0 [pid 7954] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8003] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 7954] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 7954] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7954] exit_group(0) = ? [pid 7954] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7954, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=24 /* 0.24 s */} --- [pid 5850] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./24/binderfs") = 0 [ 175.724482][ T8003] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8003) [ 175.789202][ T8003] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 175.826155][ T5850] BTRFS info (device loop2): last unmount of filesystem 7a56f574-ee3e-4e6c-a774-e2af8565a42d [ 175.849293][ T8003] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 175.858833][ T8003] BTRFS info (device loop1): using free-space-tree [pid 5850] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8018] <... write resumed>) = 16777216 [pid 8018] munmap(0x7f362be00000, 138412032) = 0 [pid 8018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8018] close(3) = 0 [pid 8018] close(4) = 0 [pid 8018] mkdir("./file0", 0777) = 0 [ 176.011296][ T8018] loop0: detected capacity change from 0 to 32768 [pid 8018] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 8003] <... mount resumed>) = 0 [pid 8003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 176.066287][ T8018] BTRFS: device /dev/loop0 (7:0) using temp-fsid b47aa72e-e638-4206-bf89-ded1eadae685 [pid 8003] chdir("./file0") = 0 [pid 8003] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8003] ioctl(4, LOOP_CLR_FD) = 0 [pid 8003] close(4) = 0 [pid 8003] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8003] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 176.124771][ T8018] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8018) [pid 8003] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8003] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8003] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8003] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8003] exit_group(0) = ? [pid 8003] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8003, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- [pid 5849] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./25/binderfs") = 0 [ 176.206072][ T8018] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 176.239641][ T8018] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5849] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8038] <... write resumed>) = 16777216 [ 176.279432][ T8018] BTRFS info (device loop0): using free-space-tree [pid 5850] <... umount2 resumed>) = 0 [pid 8038] munmap(0x7f362be00000, 138412032 [pid 5850] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8038] <... munmap resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8038] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8038] <... openat resumed>) = 4 [pid 5850] getdents64(4, [ 176.337664][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8038] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8022] <... write resumed>) = 16777216 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4 [pid 8038] <... ioctl resumed>) = 0 [pid 8038] close(3) = 0 [pid 8038] close(4 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./24/file0") = 0 [pid 8038] <... close resumed>) = 0 [pid 8038] mkdir("./file0", 0777) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8022] munmap(0x7f362be00000, 138412032 [pid 5850] close(3) = 0 [pid 5850] rmdir("./24" [pid 8022] <... munmap resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [ 176.393261][ T8038] loop4: detected capacity change from 0 to 32768 [pid 8022] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8038] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] mkdir("./25", 0777 [pid 8022] <... openat resumed>) = 4 [pid 8022] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... mkdir resumed>) = 0 [pid 8022] <... ioctl resumed>) = 0 [pid 8022] close(3) = 0 [pid 8022] close(4) = 0 [pid 8022] mkdir("./file0", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 8022] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] ioctl(3, LOOP_CLR_FD [pid 8018] <... mount resumed>) = 0 [pid 8018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8018] chdir("./file0") = 0 [pid 8018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8018] ioctl(4, LOOP_CLR_FD) = 0 [pid 8018] close(4) = 0 [pid 8018] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [ 176.460978][ T8022] loop3: detected capacity change from 0 to 32768 [ 176.467179][ T8038] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8038) [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8018] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8071 attached [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8071 [pid 8018] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8018] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8071] set_robust_list(0x55558aa90660, 24) = 0 [pid 8071] chdir("./25" [pid 8018] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8071] <... chdir resumed>) = 0 [pid 8018] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8018] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8018] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8018] exit_group(0 [pid 8071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8018] <... exit_group resumed>) = ? [pid 8071] <... prctl resumed>) = 0 [pid 8018] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8018, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 8071] setpgid(0, 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 8071] <... setpgid resumed>) = 0 executing program [pid 8071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] <... restart_syscall resumed>) = 0 [pid 8071] write(3, "1000", 4) = 4 [pid 8071] close(3) = 0 [pid 8071] symlink("/dev/binderfs", "./binderfs" [pid 5848] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8071] <... symlink resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 8071] write(1, "executing program\n", 18 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./25/binderfs") = 0 [pid 5848] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8071] <... write resumed>) = 18 [pid 8071] memfd_create("syzkaller", 0) = 3 [pid 8071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 176.563128][ T8022] BTRFS: device /dev/loop3 (7:3) using temp-fsid 7418dfea-49ac-4ecf-9abc-8c5eab2bf327 [ 176.594432][ T5848] BTRFS info (device loop0): last unmount of filesystem b47aa72e-e638-4206-bf89-ded1eadae685 [ 176.605975][ T8038] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 176.606013][ T8022] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8022) [ 176.653816][ T8022] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 176.664837][ T8038] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 176.699857][ T8022] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 176.719487][ T8022] BTRFS info (device loop3): using free-space-tree [ 176.722746][ T8038] BTRFS info (device loop4): using free-space-tree [pid 5849] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./25/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./25") = 0 [pid 5849] mkdir("./26", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8088 attached [pid 8088] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 8088 [pid 8088] <... set_robust_list resumed>) = 0 [pid 8088] chdir("./26") = 0 [pid 8088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8088] setpgid(0, 0) = 0 [pid 8088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8088] write(3, "1000", 4) = 4 [pid 8088] close(3) = 0 [pid 8088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8088] write(1, "executing program\n", 18executing program ) = 18 [pid 8088] memfd_create("syzkaller", 0) = 3 [pid 8088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8022] <... mount resumed>) = 0 [pid 8022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8022] chdir("./file0") = 0 [pid 8022] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8022] ioctl(4, LOOP_CLR_FD) = 0 [pid 8022] close(4) = 0 [pid 8022] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8022] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8022] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8022] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8022] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8022] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8022] exit_group(0) = ? [pid 8022] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8022, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=23 /* 0.23 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] unlink("./25/binderfs" [pid 8038] <... mount resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 8038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8038] chdir("./file0") = 0 [pid 8038] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8038] ioctl(4, LOOP_CLR_FD) = 0 [pid 8038] close(4) = 0 [pid 5851] <... unlink resumed>) = 0 [pid 5851] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8038] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8038] <... openat resumed>) = 4 [pid 8038] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5848] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8038] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8038] <... write resumed>) = 280 [pid 5848] newfstatat(AT_FDCWD, "./25/file0", [pid 8038] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8038] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8038] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8038] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8038] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... openat resumed>) = 4 [pid 8038] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(4, "", [pid 8038] exit_group(0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8038] <... exit_group resumed>) = ? [pid 5848] getdents64(4, [pid 8038] +++ exited with 0 +++ [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8038, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] getdents64(4, [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./25/file0") = 0 [pid 5852] <... restart_syscall resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 5852] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... close resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] rmdir("./25" [pid 5852] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] <... rmdir resumed>) = 0 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] mkdir("./26", 0777 [pid 5852] unlink("./25/binderfs") = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5852] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8105 attached [pid 8105] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 8105 [pid 8105] <... set_robust_list resumed>) = 0 [pid 8105] chdir("./26") = 0 [pid 8105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8105] setpgid(0, 0) = 0 [pid 8105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8105] write(3, "1000", 4) = 4 [pid 8105] close(3) = 0 [pid 8105] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8105] write(1, "executing program\n", 18) = 18 [pid 8105] memfd_create("syzkaller", 0) = 3 [pid 8105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 177.181148][ T5851] BTRFS info (device loop3): last unmount of filesystem 7418dfea-49ac-4ecf-9abc-8c5eab2bf327 [ 177.182686][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./25/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./25") = 0 [pid 5852] mkdir("./26", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8107 ./strace-static-x86_64: Process 8107 attached [pid 8107] set_robust_list(0x55558aa90660, 24) = 0 [pid 8107] chdir("./26") = 0 [pid 8107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8107] setpgid(0, 0) = 0 [pid 8107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8107] write(3, "1000", 4) = 4 [pid 8107] close(3) = 0 executing program [pid 8107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8107] write(1, "executing program\n", 18) = 18 [pid 8107] memfd_create("syzkaller", 0) = 3 [pid 8107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8071] <... write resumed>) = 16777216 [pid 8071] munmap(0x7f362be00000, 138412032 [pid 5851] <... umount2 resumed>) = 0 [pid 8088] <... write resumed>) = 16777216 [pid 8088] munmap(0x7f362be00000, 138412032) = 0 [pid 8071] <... munmap resumed>) = 0 [pid 5851] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8071] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8071] <... openat resumed>) = 4 [pid 5851] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8071] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] <... openat resumed>) = 4 [pid 5851] newfstatat(4, "", [pid 8088] <... openat resumed>) = 4 [pid 8088] ioctl(4, LOOP_SET_FD, 3 [pid 8071] <... ioctl resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 8071] close(3 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8071] <... close resumed>) = 0 [pid 5851] getdents64(4, [pid 8071] close(4 [pid 8088] <... ioctl resumed>) = 0 [pid 8088] close(3 [pid 8071] <... close resumed>) = 0 [pid 8088] <... close resumed>) = 0 [pid 8088] close(4) = 0 [pid 8088] mkdir("./file0", 0777) = 0 [pid 8071] mkdir("./file0", 0777 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 8088] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8071] <... mkdir resumed>) = 0 [pid 5851] <... close resumed>) = 0 [ 177.620084][ T8071] loop2: detected capacity change from 0 to 32768 [ 177.632459][ T8088] loop1: detected capacity change from 0 to 32768 [pid 5851] rmdir("./25/file0") = 0 [pid 8105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8071] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./25") = 0 [pid 5851] mkdir("./26", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8108 attached [pid 8108] set_robust_list(0x55558aa90660, 24) = 0 [ 177.669198][ T8088] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8088) [pid 8108] chdir("./26" [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 8108 [pid 8108] <... chdir resumed>) = 0 [ 177.725735][ T8088] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 177.730066][ T8071] BTRFS: device /dev/loop2 (7:2) using temp-fsid 4edf6ceb-8683-4e16-91e6-a283a5fdddd7 [ 177.755378][ T8088] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 8108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8108] setpgid(0, 0) = 0 [pid 8108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8108] write(3, "1000", 4) = 4 [pid 8108] close(3) = 0 executing program [pid 8108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8108] write(1, "executing program\n", 18) = 18 [ 177.779609][ T8071] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8071) [ 177.809601][ T8088] BTRFS info (device loop1): using free-space-tree [pid 8108] memfd_create("syzkaller", 0) = 3 [pid 8108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 177.842758][ T8071] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 177.889602][ T8071] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 177.909273][ T8071] BTRFS info (device loop2): using free-space-tree [pid 8107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8105] <... write resumed>) = 16777216 [pid 8105] munmap(0x7f362be00000, 138412032) = 0 [pid 8105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8105] ioctl(4, LOOP_SET_FD, 3 [pid 8088] <... mount resumed>) = 0 [pid 8071] <... mount resumed>) = 0 [pid 8071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8071] <... openat resumed>) = 3 [pid 8071] chdir("./file0" [pid 8088] <... openat resumed>) = 3 [pid 8071] <... chdir resumed>) = 0 [pid 8088] chdir("./file0" [pid 8071] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8088] <... chdir resumed>) = 0 [pid 8071] <... openat resumed>) = 4 [pid 8105] <... ioctl resumed>) = 0 [pid 8088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8071] ioctl(4, LOOP_CLR_FD [pid 8105] close(3 [pid 8088] <... openat resumed>) = 4 [pid 8088] ioctl(4, LOOP_CLR_FD [pid 8105] <... close resumed>) = 0 [pid 8088] <... ioctl resumed>) = 0 [pid 8071] <... ioctl resumed>) = 0 [pid 8105] close(4 [pid 8071] close(4 [pid 8105] <... close resumed>) = 0 [pid 8088] close(4 [pid 8071] <... close resumed>) = 0 [pid 8105] mkdir("./file0", 0777 [pid 8071] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8105] <... mkdir resumed>) = 0 [pid 8088] <... close resumed>) = 0 [pid 8071] <... openat resumed>) = 4 [pid 8105] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 178.128471][ T8105] loop0: detected capacity change from 0 to 32768 [pid 8088] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8088] ioctl(-1, SIOCGIFINDEX, NULL [pid 8071] ioctl(-1, SIOCGIFINDEX, NULL [pid 8088] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8088] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8071] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8088] <... write resumed>) = 280 [pid 8088] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8071] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8088] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8071] <... write resumed>) = 280 [pid 8088] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 8071] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8071] bpf(BPF_PROG_LOAD, NULL, 0 [pid 8088] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8088] exit_group(0 [pid 8071] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 8088] <... exit_group resumed>) = ? [pid 8071] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8071] exit_group(0) = ? [ 178.176498][ T8105] BTRFS: device /dev/loop0 (7:0) using temp-fsid f1d9c1e7-5726-4602-93ff-e11cca43635d [pid 8088] +++ exited with 0 +++ [pid 8071] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8071, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=24 /* 0.24 s */} --- [pid 5850] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8088, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] unlink("./25/binderfs" [pid 5849] <... openat resumed>) = 3 [pid 5850] <... unlink resumed>) = 0 [pid 5849] newfstatat(3, "", [pid 5850] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 178.230816][ T8105] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8105) [pid 5849] unlink("./26/binderfs") = 0 [pid 5849] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8107] <... write resumed>) = 16777216 [pid 8107] munmap(0x7f362be00000, 138412032) = 0 [ 178.284642][ T5850] BTRFS info (device loop2): last unmount of filesystem 4edf6ceb-8683-4e16-91e6-a283a5fdddd7 [ 178.286434][ T8105] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8107] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8107] close(3) = 0 [pid 8107] close(4) = 0 [ 178.357428][ T8105] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 178.379331][ T8107] loop4: detected capacity change from 0 to 32768 [ 178.386897][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 178.398944][ T8105] BTRFS info (device loop0): using free-space-tree [pid 8107] mkdir("./file0", 0777) = 0 [ 178.428923][ T8107] BTRFS: device /dev/loop4 (7:4) using temp-fsid 75114afa-91d1-4e9c-ba8d-a34dd66fcbbb [ 178.465024][ T8107] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8107) [pid 8107] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 8108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./25/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./25") = 0 [pid 5850] mkdir("./26", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8157 attached [pid 8157] set_robust_list(0x55558aa90660, 24) = 0 [pid 8157] chdir("./26") = 0 [pid 8157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8157] setpgid(0, 0 [pid 5849] <... umount2 resumed>) = 0 [pid 8157] <... setpgid resumed>) = 0 [pid 8157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8157] write(3, "1000", 4 [pid 5849] newfstatat(AT_FDCWD, "./26/file0", [pid 8157] <... write resumed>) = 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8157] close(3 [pid 5849] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8157] <... close resumed>) = 0 [pid 8157] symlink("/dev/binderfs", "./binderfs" [pid 5849] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 8157] <... symlink resumed>) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8157 [pid 5849] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8157] write(1, "executing program\n", 18 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, [pid 8157] <... write resumed>) = 18 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8157] memfd_create("syzkaller", 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./26/file0") = 0 [ 178.568184][ T8107] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8157] <... memfd_create resumed>) = 3 [pid 5849] getdents64(3, [pid 8157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8157] <... mmap resumed>) = 0x7f362be00000 [pid 5849] close(3) = 0 [pid 5849] rmdir("./26") = 0 [pid 5849] mkdir("./27", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8161 attached , child_tidptr=0x55558aa90650) = 8161 [pid 8161] set_robust_list(0x55558aa90660, 24) = 0 [pid 8161] chdir("./27" [pid 8105] <... mount resumed>) = 0 [pid 8161] <... chdir resumed>) = 0 [pid 8161] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8161] <... prctl resumed>) = 0 [pid 8161] setpgid(0, 0 [pid 8105] <... openat resumed>) = 3 [pid 8105] chdir("./file0" [pid 8161] <... setpgid resumed>) = 0 [pid 8161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8105] <... chdir resumed>) = 0 [ 178.649931][ T8107] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 178.689879][ T8107] BTRFS info (device loop4): using free-space-tree [pid 8161] <... openat resumed>) = 3 [pid 8105] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8161] write(3, "1000", 4 [pid 8105] <... openat resumed>) = 4 [pid 8161] <... write resumed>) = 4 [pid 8105] ioctl(4, LOOP_CLR_FD [pid 8161] close(3 [pid 8105] <... ioctl resumed>) = 0 [pid 8161] <... close resumed>) = 0 [pid 8105] close(4) = 0 [pid 8105] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8161] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8105] <... openat resumed>) = 4 [pid 8161] write(1, "executing program\n", 18) = 18 [pid 8161] memfd_create("syzkaller", 0 [pid 8105] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8161] <... memfd_create resumed>) = 3 [pid 8105] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8105] <... write resumed>) = 280 [pid 8105] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8105] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8105] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8105] exit_group(0) = ? [pid 8105] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8105, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./26/binderfs") = 0 [pid 5848] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8107] <... mount resumed>) = 0 [pid 8107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8107] chdir("./file0") = 0 [pid 8107] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8107] ioctl(4, LOOP_CLR_FD) = 0 [pid 8107] close(4) = 0 [pid 8107] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8107] ioctl(-1, SIOCGIFINDEX, NULL [pid 8157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8107] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8107] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8107] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8107] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8107] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8107] exit_group(0) = ? [pid 8107] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8107, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [ 178.940608][ T5848] BTRFS info (device loop0): last unmount of filesystem f1d9c1e7-5726-4602-93ff-e11cca43635d [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./26/binderfs") = 0 [ 179.091999][ T5852] BTRFS info (device loop4): last unmount of filesystem 75114afa-91d1-4e9c-ba8d-a34dd66fcbbb [pid 5852] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./26/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./26") = 0 [pid 5848] mkdir("./27", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8178 ./strace-static-x86_64: Process 8178 attached [pid 8178] set_robust_list(0x55558aa90660, 24) = 0 [pid 8178] chdir("./27") = 0 [pid 8178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8178] setpgid(0, 0) = 0 [pid 8178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8108] <... write resumed>) = 16777216 [pid 8178] <... openat resumed>) = 3 [pid 8178] write(3, "1000", 4 [pid 8108] munmap(0x7f362be00000, 138412032 [pid 8178] <... write resumed>) = 4 [pid 8178] close(3) = 0 [pid 8178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8178] write(1, "executing program\n", 18executing program ) = 18 [pid 8178] memfd_create("syzkaller", 0) = 3 [pid 8178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8108] <... munmap resumed>) = 0 [pid 8108] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8108] ioctl(4, LOOP_SET_FD, 3) = 0 [ 179.283639][ T8108] loop3: detected capacity change from 0 to 32768 [pid 8108] close(3) = 0 [pid 8108] close(4) = 0 [pid 8108] mkdir("./file0", 0777) = 0 [ 179.360547][ T8108] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8108) [ 179.450067][ T8108] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8108] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8157] <... write resumed>) = 16777216 [ 179.499274][ T8108] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 179.508822][ T8108] BTRFS info (device loop3): using free-space-tree [pid 8157] munmap(0x7f362be00000, 138412032) = 0 [pid 8157] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 8157] close(3 [pid 5852] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8157] <... close resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8157] close(4 [pid 5852] newfstatat(AT_FDCWD, "./26/file0", [pid 8157] <... close resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8157] mkdir("./file0", 0777 [pid 5852] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8157] <... mkdir resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8157] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 179.580424][ T8157] loop2: detected capacity change from 0 to 32768 [pid 5852] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./26/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./26") = 0 [ 179.639396][ T8157] BTRFS: device /dev/loop2 (7:2) using temp-fsid ad203113-3d3f-4a4e-8779-8e023ae382d1 [ 179.670178][ T8157] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8157) [pid 5852] mkdir("./27", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8193 ./strace-static-x86_64: Process 8193 attached [pid 8193] set_robust_list(0x55558aa90660, 24 [pid 8161] <... write resumed>) = 16777216 [pid 8193] <... set_robust_list resumed>) = 0 [pid 8193] chdir("./27" [pid 8178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8193] <... chdir resumed>) = 0 [pid 8193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8193] setpgid(0, 0) = 0 [pid 8193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8193] write(3, "1000", 4 [pid 8161] munmap(0x7f362be00000, 138412032 [pid 8193] <... write resumed>) = 4 [pid 8193] close(3) = 0 [pid 8193] symlink("/dev/binderfs", "./binderfs") = 0 [ 179.696680][ T8157] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 179.708818][ T8157] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 179.724734][ T8157] BTRFS info (device loop2): using free-space-tree [pid 8193] write(1, "executing program\n", 18executing program ) = 18 [pid 8193] memfd_create("syzkaller", 0) = 3 [pid 8193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8161] <... munmap resumed>) = 0 [pid 8108] <... mount resumed>) = 0 [pid 8108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8108] chdir("./file0") = 0 [pid 8108] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8108] ioctl(4, LOOP_CLR_FD) = 0 [pid 8108] close(4) = 0 [pid 8108] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8108] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8108] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8108] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8108] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8108] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8161] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8108] exit_group(0 [pid 8161] <... openat resumed>) = 4 [pid 8108] <... exit_group resumed>) = ? [pid 8161] ioctl(4, LOOP_SET_FD, 3 [pid 8108] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8108, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./26/binderfs") = 0 [pid 5851] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8161] <... ioctl resumed>) = 0 [pid 8161] close(3) = 0 [pid 8161] close(4) = 0 [pid 8161] mkdir("./file0", 0777) = 0 [ 179.838568][ T8161] loop1: detected capacity change from 0 to 32768 [ 179.876254][ T8161] BTRFS: device /dev/loop1 (7:1) using temp-fsid 2953f416-96c6-428d-a799-0b4f1d9db456 [ 179.901441][ T8161] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8161) [ 179.926830][ T8161] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 179.944991][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8161] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 179.984997][ T8161] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 8193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8157] <... mount resumed>) = 0 [pid 8157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8157] chdir("./file0") = 0 [pid 8157] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8157] ioctl(4, LOOP_CLR_FD) = 0 [pid 8157] close(4) = 0 [pid 8157] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8157] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8157] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [ 180.029359][ T8161] BTRFS info (device loop1): using free-space-tree [pid 8157] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8157] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8157] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8157] exit_group(0) = ? [pid 8157] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8157, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=25 /* 0.25 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./26/binderfs") = 0 [ 180.187258][ T5850] BTRFS info (device loop2): last unmount of filesystem ad203113-3d3f-4a4e-8779-8e023ae382d1 [pid 5850] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8161] <... mount resumed>) = 0 [pid 8161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8161] chdir("./file0") = 0 [pid 8161] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8161] ioctl(4, LOOP_CLR_FD) = 0 [pid 8161] close(4) = 0 [pid 8161] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8161] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8161] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8161] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8161] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8161] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8161] exit_group(0) = ? [pid 8161] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8161, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./27/binderfs") = 0 [pid 5849] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8178] <... write resumed>) = 16777216 [pid 8178] munmap(0x7f362be00000, 138412032 [pid 8193] <... write resumed>) = 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 8178] <... munmap resumed>) = 0 [pid 8178] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8193] munmap(0x7f362be00000, 138412032 [pid 8178] <... openat resumed>) = 4 [ 180.410700][ T5849] BTRFS info (device loop1): last unmount of filesystem 2953f416-96c6-428d-a799-0b4f1d9db456 [pid 5851] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8178] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8178] <... ioctl resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./26/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./26") = 0 [pid 5851] mkdir("./27", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3 [pid 8193] <... munmap resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8193] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 8228 [pid 8193] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8228 attached [pid 8193] ioctl(4, LOOP_SET_FD, 3 [pid 8178] close(3) = 0 [pid 8178] close(4) = 0 [pid 8178] mkdir("./file0", 0777) = 0 [pid 8228] set_robust_list(0x55558aa90660, 24 [ 180.462249][ T8178] loop0: detected capacity change from 0 to 32768 [ 180.485616][ T8193] loop4: detected capacity change from 0 to 32768 [pid 8178] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 8228] <... set_robust_list resumed>) = 0 [pid 8193] <... ioctl resumed>) = 0 [pid 8193] close(3) = 0 [pid 8228] chdir("./27" [pid 8193] close(4 [pid 8228] <... chdir resumed>) = 0 [pid 8228] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8193] <... close resumed>) = 0 [pid 8193] mkdir("./file0", 0777 [pid 8228] <... prctl resumed>) = 0 [ 180.502461][ T8178] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8178) [pid 8228] setpgid(0, 0 [pid 8193] <... mkdir resumed>) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 8228] <... setpgid resumed>) = 0 [pid 8228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8193] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8228] <... openat resumed>) = 3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./26/file0", [pid 8228] write(3, "1000", 4 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8228] <... write resumed>) = 4 [pid 8228] close(3) = 0 [ 180.537704][ T8178] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 180.550645][ T8193] BTRFS: device /dev/loop4 (7:4) using temp-fsid 9d0b6efb-c4ed-44a2-90ad-be4fd7d8475e [ 180.569740][ T8178] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8228] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8228] <... symlink resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8228] write(1, "executing program\n", 18executing program ) = 18 [pid 5850] <... openat resumed>) = 4 [pid 8228] memfd_create("syzkaller", 0 [pid 5850] newfstatat(4, "", [pid 8228] <... memfd_create resumed>) = 3 [pid 8228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 8228] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./26/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [ 180.581699][ T8193] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8193) [ 180.601682][ T8178] BTRFS info (device loop0): using free-space-tree [pid 5850] close(3) = 0 [pid 5850] rmdir("./26") = 0 [pid 5850] mkdir("./27", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8233 attached [pid 8233] set_robust_list(0x55558aa90660, 24) = 0 [pid 8233] chdir("./27") = 0 [pid 8233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8233] setpgid(0, 0) = 0 [pid 8233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8233] write(3, "1000", 4) = 4 [pid 8233] close(3) = 0 [pid 8233] symlink("/dev/binderfs", "./binderfs") = 0 [ 180.650723][ T8193] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 executing program [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8233 [pid 8233] write(1, "executing program\n", 18) = 18 [pid 8233] memfd_create("syzkaller", 0) = 3 [pid 8233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 180.719334][ T8193] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 180.730850][ T8193] BTRFS info (device loop4): using free-space-tree [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./27/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./27") = 0 [pid 5849] mkdir("./28", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8246 attached [pid 8246] set_robust_list(0x55558aa90660, 24) = 0 [pid 8246] chdir("./28") = 0 [pid 8246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8246] setpgid(0, 0) = 0 [pid 8246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8246] write(3, "1000", 4) = 4 [pid 8246] close(3) = 0 [pid 8246] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8246] write(1, "executing program\n", 18) = 18 [pid 8246] memfd_create("syzkaller", 0) = 3 [pid 8246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 8246 [pid 8178] <... mount resumed>) = 0 [pid 8178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8178] chdir("./file0") = 0 [pid 8178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8178] ioctl(4, LOOP_CLR_FD) = 0 [pid 8178] close(4) = 0 [pid 8178] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8178] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8178] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8178] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8193] <... mount resumed>) = 0 [pid 8178] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8193] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8178] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 8193] <... openat resumed>) = 3 [pid 8178] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8193] chdir("./file0" [pid 8178] exit_group(0) = ? [pid 8193] <... chdir resumed>) = 0 [pid 8178] +++ exited with 0 +++ [pid 8193] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8178, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=25 /* 0.25 s */} --- [pid 8193] <... openat resumed>) = 4 [pid 8193] ioctl(4, LOOP_CLR_FD) = 0 [pid 8193] close(4) = 0 [pid 5848] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8193] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8193] <... openat resumed>) = 4 [pid 5848] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8193] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... openat resumed>) = 3 [pid 8193] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8193] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] getdents64(3, [pid 8193] <... write resumed>) = 280 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 8193] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8193] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8193] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8193] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 8193] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] newfstatat(AT_FDCWD, "./27/binderfs", [pid 8193] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8193] exit_group(0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8193] <... exit_group resumed>) = ? [pid 8193] +++ exited with 0 +++ [pid 5848] unlink("./27/binderfs" [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8193, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... unlink resumed>) = 0 [pid 5848] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... restart_syscall resumed>) = 0 [pid 5852] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./27/binderfs") = 0 [pid 5852] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 181.132571][ T5852] BTRFS info (device loop4): last unmount of filesystem 9d0b6efb-c4ed-44a2-90ad-be4fd7d8475e [ 181.150132][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./27/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./27") = 0 [pid 5852] mkdir("./28", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8264 attached , child_tidptr=0x55558aa90650) = 8264 [pid 8264] set_robust_list(0x55558aa90660, 24) = 0 [pid 8264] chdir("./28") = 0 [pid 8264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8264] setpgid(0, 0) = 0 [pid 8264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8264] write(3, "1000", 4) = 4 [pid 8264] close(3) = 0 [pid 8264] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8264] write(1, "executing program\n", 18) = 18 [pid 8264] memfd_create("syzkaller", 0) = 3 [pid 8264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./27/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./27") = 0 [pid 8228] <... write resumed>) = 16777216 [pid 5848] mkdir("./28", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 8228] munmap(0x7f362be00000, 138412032 [pid 5848] close(3 [pid 8228] <... munmap resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8265 attached , child_tidptr=0x55558aa90650) = 8265 [pid 8265] set_robust_list(0x55558aa90660, 24) = 0 [pid 8228] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8265] chdir("./28" [pid 8228] <... openat resumed>) = 4 [pid 8265] <... chdir resumed>) = 0 [pid 8228] ioctl(4, LOOP_SET_FD, 3 [pid 8246] <... write resumed>) = 16777216 [pid 8265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8265] setpgid(0, 0) = 0 [pid 8228] <... ioctl resumed>) = 0 [pid 8265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8246] munmap(0x7f362be00000, 138412032 [pid 8228] close(3) = 0 [pid 8228] close(4) = 0 [pid 8228] mkdir("./file0", 0777) = 0 [ 181.657820][ T8228] loop3: detected capacity change from 0 to 32768 [pid 8228] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8246] <... munmap resumed>) = 0 [pid 8265] <... openat resumed>) = 3 [pid 8246] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8246] ioctl(4, LOOP_SET_FD, 3 [pid 8265] write(3, "1000", 4) = 4 [pid 8265] close(3) = 0 [ 181.699659][ T8228] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8228) [ 181.725800][ T8246] loop1: detected capacity change from 0 to 32768 [pid 8265] symlink("/dev/binderfs", "./binderfs" [pid 8233] <... write resumed>) = 16777216 [pid 8265] <... symlink resumed>) = 0 [pid 8246] <... ioctl resumed>) = 0 [pid 8265] write(1, "executing program\n", 18 [pid 8246] close(3executing program [pid 8233] munmap(0x7f362be00000, 138412032 [pid 8265] <... write resumed>) = 18 [pid 8246] <... close resumed>) = 0 [pid 8233] <... munmap resumed>) = 0 [pid 8246] close(4) = 0 [pid 8265] memfd_create("syzkaller", 0 [pid 8246] mkdir("./file0", 0777) = 0 [ 181.747475][ T8228] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 181.782766][ T8228] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 8246] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8265] <... memfd_create resumed>) = 3 [pid 8265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8233] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8233] close(3) = 0 [pid 8233] close(4) = 0 [pid 8233] mkdir("./file0", 0777) = 0 [ 181.792616][ T8246] BTRFS: device /dev/loop1 (7:1) using temp-fsid 89b45e85-ca52-48d2-94e8-4745736529a0 [ 181.817263][ T8246] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8246) [ 181.831662][ T8228] BTRFS info (device loop3): using free-space-tree [ 181.838356][ T8233] loop2: detected capacity change from 0 to 32768 [ 181.868535][ T8233] BTRFS: device /dev/loop2 (7:2) using temp-fsid ae4fa6c5-bbdb-418d-a19b-348c12150c3d [ 181.890893][ T8246] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 181.909755][ T8233] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8233) [ 181.924189][ T8246] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 181.935417][ T8246] BTRFS info (device loop1): using free-space-tree [pid 8233] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 181.970529][ T8233] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 182.008404][ T8233] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 182.050376][ T8233] BTRFS info (device loop2): using free-space-tree [pid 8264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8228] <... mount resumed>) = 0 [pid 8228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8228] chdir("./file0") = 0 [pid 8228] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8228] ioctl(4, LOOP_CLR_FD) = 0 [pid 8228] close(4) = 0 [pid 8228] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8228] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8228] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8228] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8228] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8228] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8228] exit_group(0) = ? [pid 8228] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8228, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./27/binderfs") = 0 [pid 5851] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8246] <... mount resumed>) = 0 [ 182.232058][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8246] chdir("./file0") = 0 [pid 8246] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8246] ioctl(4, LOOP_CLR_FD) = 0 [pid 8246] close(4) = 0 [pid 8246] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8233] <... mount resumed>) = 0 [pid 8246] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8246] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8233] chdir("./file0" [pid 8246] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8233] <... chdir resumed>) = 0 [pid 8246] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8233] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8246] bpf(BPF_PROG_LOAD, NULL, 0 [pid 8233] ioctl(4, LOOP_CLR_FD [pid 8246] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 8233] <... ioctl resumed>) = 0 [pid 8233] close(4 [pid 8246] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8246] exit_group(0) = ? [pid 8246] +++ exited with 0 +++ [pid 8233] <... close resumed>) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8246, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 8233] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8233] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8233] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8233] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8233] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8233] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8233] exit_group(0) = ? [pid 8233] +++ exited with 0 +++ [pid 5849] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8233, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=21 /* 0.21 s */} --- [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5849] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5849] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5850] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8264] <... write resumed>) = 16777216 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8264] munmap(0x7f362be00000, 138412032 [pid 5849] unlink("./28/binderfs" [pid 5850] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] <... unlink resumed>) = 0 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./27/binderfs") = 0 [pid 8264] <... munmap resumed>) = 0 [pid 5850] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8264] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8264] close(3) = 0 [pid 8264] close(4) = 0 [ 182.460752][ T8264] loop4: detected capacity change from 0 to 32768 [pid 8264] mkdir("./file0", 0777) = 0 [ 182.517522][ T5849] BTRFS info (device loop1): last unmount of filesystem 89b45e85-ca52-48d2-94e8-4745736529a0 [ 182.542039][ T5850] BTRFS info (device loop2): last unmount of filesystem ae4fa6c5-bbdb-418d-a19b-348c12150c3d [pid 8264] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [ 182.555344][ T8264] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8264) [pid 5851] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./27/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./27") = 0 [pid 5851] mkdir("./28", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8315 attached , child_tidptr=0x55558aa90650) = 8315 [pid 8315] set_robust_list(0x55558aa90660, 24) = 0 [pid 8315] chdir("./28") = 0 [pid 8315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8315] setpgid(0, 0) = 0 [pid 8315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 182.658099][ T8264] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 182.689232][ T8264] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 8315] write(3, "1000", 4) = 4 [pid 8315] close(3) = 0 [pid 8315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 8315] write(1, "executing program\n", 18 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 executing program [pid 8315] <... write resumed>) = 18 [pid 5850] close(4 [pid 8315] memfd_create("syzkaller", 0 [pid 5850] <... close resumed>) = 0 [pid 8315] <... memfd_create resumed>) = 3 [pid 5850] rmdir("./27/file0" [pid 8315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./27" [pid 8265] <... write resumed>) = 16777216 [pid 5850] <... rmdir resumed>) = 0 [ 182.724529][ T8264] BTRFS info (device loop4): using free-space-tree [pid 5850] mkdir("./28", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 8265] munmap(0x7f362be00000, 138412032 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8328 attached [pid 8328] set_robust_list(0x55558aa90660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8328 [pid 8265] <... munmap resumed>) = 0 [pid 8328] <... set_robust_list resumed>) = 0 [pid 8265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8328] chdir("./28" [pid 8265] ioctl(4, LOOP_SET_FD, 3 [pid 8328] <... chdir resumed>) = 0 [pid 8328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8328] setpgid(0, 0) = 0 [pid 8328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8328] write(3, "1000", 4) = 4 [pid 8328] close(3) = 0 [pid 8328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8265] <... ioctl resumed>) = 0 [pid 8328] write(1, "executing program\n", 18 [pid 8265] close(3executing program ) = 0 [pid 8328] <... write resumed>) = 18 [ 182.854028][ T8265] loop0: detected capacity change from 0 to 32768 [pid 8265] close(4 [pid 8328] memfd_create("syzkaller", 0 [pid 8265] <... close resumed>) = 0 [pid 8265] mkdir("./file0", 0777 [pid 8328] <... memfd_create resumed>) = 3 [pid 8265] <... mkdir resumed>) = 0 [pid 8328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8265] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 8328] <... mmap resumed>) = 0x7f362be00000 [ 182.921925][ T8265] BTRFS: device /dev/loop0 (7:0) using temp-fsid 1c7cdfae-b6bd-46e2-9e9f-f50389230dbd [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./28/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./28") = 0 [pid 5849] mkdir("./29", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3 [pid 8264] <... mount resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8333 attached [pid 8264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 8333 [pid 8333] set_robust_list(0x55558aa90660, 24) = 0 [pid 8333] chdir("./29") = 0 [pid 8333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8333] setpgid(0, 0) = 0 [pid 8333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8333] write(3, "1000", 4) = 4 [pid 8264] <... openat resumed>) = 3 [ 182.959253][ T8265] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8265) [pid 8333] close(3) = 0 [pid 8333] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8333] write(1, "executing program\n", 18 [pid 8264] chdir("./file0") = 0 [pid 8333] <... write resumed>) = 18 [pid 8264] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8264] ioctl(4, LOOP_CLR_FD [pid 8333] memfd_create("syzkaller", 0 [pid 8264] <... ioctl resumed>) = 0 [pid 8333] <... memfd_create resumed>) = 3 [pid 8264] close(4 [pid 8333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8264] <... close resumed>) = 0 [pid 8264] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8264] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8264] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [ 183.051191][ T8265] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8264] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8264] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8264] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8264] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8264] exit_group(0) = ? [pid 8264] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8264, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=24 /* 0.24 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 183.099646][ T8265] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./28/binderfs") = 0 [ 183.142299][ T8265] BTRFS info (device loop0): using free-space-tree [ 183.238112][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8265] <... mount resumed>) = 0 [pid 8265] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8265] chdir("./file0") = 0 [pid 8265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8265] ioctl(4, LOOP_CLR_FD) = 0 [pid 8265] close(4) = 0 [pid 8265] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8265] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8265] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8265] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8265] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8265] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8265] exit_group(0) = ? [pid 8265] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8265, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=30 /* 0.30 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./28/binderfs") = 0 [pid 5848] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8315] <... write resumed>) = 16777216 [ 183.488101][ T5848] BTRFS info (device loop0): last unmount of filesystem 1c7cdfae-b6bd-46e2-9e9f-f50389230dbd [pid 8315] munmap(0x7f362be00000, 138412032) = 0 [pid 8315] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8315] ioctl(4, LOOP_SET_FD, 3 [pid 8328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8315] <... ioctl resumed>) = 0 [pid 5848] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", [pid 8315] close(3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./28/file0" [pid 8315] <... close resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, [pid 8315] close(4 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8315] <... close resumed>) = 0 [pid 5848] close(3 [pid 8315] mkdir("./file0", 0777 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./28" [pid 8315] <... mkdir resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 8315] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] mkdir("./29", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8351 ./strace-static-x86_64: Process 8351 attached [ 183.594521][ T8315] loop3: detected capacity change from 0 to 32768 [pid 8351] set_robust_list(0x55558aa90660, 24) = 0 [pid 8351] chdir("./29") = 0 [pid 8333] <... write resumed>) = 16777216 [pid 8351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8351] setpgid(0, 0) = 0 [ 183.653618][ T8315] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8315) [pid 8351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8333] munmap(0x7f362be00000, 138412032 [pid 8351] write(3, "1000", 4) = 4 [pid 8351] close(3) = 0 [pid 8351] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8351] write(1, "executing program\n", 18) = 18 [pid 8351] memfd_create("syzkaller", 0) = 3 [pid 5852] <... umount2 resumed>) = 0 [pid 8351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [ 183.723624][ T8315] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] rmdir("./28/file0" [pid 8333] <... munmap resumed>) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./28") = 0 [pid 5852] mkdir("./29", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8353 attached , child_tidptr=0x55558aa90650) = 8353 [pid 8353] set_robust_list(0x55558aa90660, 24) = 0 [pid 8353] chdir("./29") = 0 [pid 8353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8353] setpgid(0, 0 [pid 8333] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8353] <... setpgid resumed>) = 0 [pid 8333] <... openat resumed>) = 4 executing program [pid 8353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8333] ioctl(4, LOOP_SET_FD, 3 [pid 8353] <... openat resumed>) = 3 [pid 8353] write(3, "1000", 4) = 4 [pid 8353] close(3) = 0 [pid 8353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8353] write(1, "executing program\n", 18) = 18 [pid 8353] memfd_create("syzkaller", 0) = 3 [pid 8353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 183.770590][ T8315] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 183.809465][ T8333] loop1: detected capacity change from 0 to 32768 [pid 8333] <... ioctl resumed>) = 0 [pid 8333] close(3) = 0 [ 183.819584][ T8315] BTRFS info (device loop3): using free-space-tree [pid 8333] close(4) = 0 [pid 8333] mkdir("./file0", 0777) = 0 [ 183.877712][ T8333] BTRFS: device /dev/loop1 (7:1) using temp-fsid 15016e60-64af-4226-8566-e17f5ae96e12 [ 183.913406][ T8333] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8333) [pid 8333] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8328] <... write resumed>) = 16777216 [pid 8328] munmap(0x7f362be00000, 138412032) = 0 [pid 8328] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 184.019186][ T8333] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 184.029964][ T8333] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 8328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8328] close(3) = 0 [pid 8328] close(4) = 0 [pid 8315] <... mount resumed>) = 0 [pid 8315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8315] chdir("./file0") = 0 [pid 8328] mkdir("./file0", 0777 [pid 8315] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8328] <... mkdir resumed>) = 0 [pid 8315] ioctl(4, LOOP_CLR_FD [pid 8328] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 8315] <... ioctl resumed>) = 0 [pid 8315] close(4) = 0 [pid 8315] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 184.078866][ T8328] loop2: detected capacity change from 0 to 32768 [ 184.086735][ T8333] BTRFS info (device loop1): using free-space-tree [pid 8315] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8315] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8315] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8315] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8315] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8315] exit_group(0) = ? [pid 8315] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8315, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=19 /* 0.19 s */} --- [pid 5851] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 184.126192][ T8328] BTRFS: device /dev/loop2 (7:2) using temp-fsid b07fe510-280b-4c49-ae45-4074cf57c85d [pid 5851] unlink("./28/binderfs") = 0 [ 184.193134][ T8328] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8328) [ 184.254536][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 184.295990][ T8328] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8333] <... mount resumed>) = 0 [pid 8333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8333] chdir("./file0") = 0 [pid 8333] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8333] ioctl(4, LOOP_CLR_FD) = 0 [ 184.344275][ T8328] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 8333] close(4) = 0 [pid 8333] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] <... umount2 resumed>) = 0 [pid 8333] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5851] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8333] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8333] <... write resumed>) = 280 [pid 5851] newfstatat(AT_FDCWD, "./28/file0", [pid 8333] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8333] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8333] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8333] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8333] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... openat resumed>) = 4 [pid 8333] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(4, "", [pid 8333] exit_group(0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8333] <... exit_group resumed>) = ? [pid 5851] getdents64(4, [pid 8333] +++ exited with 0 +++ [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8333, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5851] close(4) = 0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5851] rmdir("./28/file0") = 0 [pid 5851] getdents64(3, [pid 5849] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] close(3 [pid 5849] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... close resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5851] rmdir("./28" [pid 5849] newfstatat(3, "", [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] mkdir("./29", 0777 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... mkdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./29/binderfs" [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... unlink resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5849] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8388 attached , child_tidptr=0x55558aa90650) = 8388 [ 184.417411][ T8328] BTRFS info (device loop2): using free-space-tree [pid 8388] set_robust_list(0x55558aa90660, 24) = 0 [pid 8388] chdir("./29") = 0 [pid 8388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8388] setpgid(0, 0) = 0 [pid 8388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8388] write(3, "1000", 4) = 4 [pid 8388] close(3) = 0 [pid 8388] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8388] write(1, "executing program\n", 18) = 18 [pid 8388] memfd_create("syzkaller", 0) = 3 [pid 8388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 184.590178][ T5849] BTRFS info (device loop1): last unmount of filesystem 15016e60-64af-4226-8566-e17f5ae96e12 [pid 8353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8328] <... mount resumed>) = 0 [pid 8328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8328] chdir("./file0") = 0 [pid 8328] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8328] ioctl(4, LOOP_CLR_FD) = 0 [pid 8328] close(4) = 0 [pid 8328] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8328] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8328] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8328] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8328] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8328] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8328] exit_group(0) = ? [pid 8328] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8328, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./29/file0", [pid 5850] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] getdents64(3, [pid 5849] newfstatat(4, "", [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8351] <... write resumed>) = 16777216 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] close(4 [pid 5850] unlink("./28/binderfs") = 0 [pid 5849] <... close resumed>) = 0 [pid 5850] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] rmdir("./29/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8353] <... write resumed>) = 16777216 [pid 5849] close(3) = 0 [pid 5849] rmdir("./29" [pid 8353] munmap(0x7f362be00000, 138412032 [pid 8351] munmap(0x7f362be00000, 138412032 [pid 5849] <... rmdir resumed>) = 0 [pid 8353] <... munmap resumed>) = 0 [pid 8351] <... munmap resumed>) = 0 [pid 5849] mkdir("./30", 0777 [pid 8353] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5849] <... mkdir resumed>) = 0 [pid 8353] ioctl(4, LOOP_SET_FD, 3 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8405 attached [pid 8351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8351] ioctl(4, LOOP_SET_FD, 3 [pid 8405] set_robust_list(0x55558aa90660, 24) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 8405 [pid 8405] chdir("./30" [pid 8353] <... ioctl resumed>) = 0 [pid 8405] <... chdir resumed>) = 0 [pid 8353] close(3) = 0 [pid 8405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8405] setpgid(0, 0 [ 184.919537][ T8353] loop4: detected capacity change from 0 to 32768 [ 184.938613][ T8351] loop0: detected capacity change from 0 to 32768 [pid 8353] close(4 [pid 8405] <... setpgid resumed>) = 0 [pid 8353] <... close resumed>) = 0 [pid 8351] <... ioctl resumed>) = 0 [pid 8351] close(3 [pid 8405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8353] mkdir("./file0", 0777 [pid 8351] <... close resumed>) = 0 [pid 8353] <... mkdir resumed>) = 0 [pid 8351] close(4) = 0 [pid 8351] mkdir("./file0", 0777) = 0 [pid 8351] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 8405] <... openat resumed>) = 3 [pid 8353] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 8405] write(3, "1000", 4) = 4 [pid 8405] close(3) = 0 executing program [pid 8405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8405] write(1, "executing program\n", 18) = 18 [pid 8388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8405] memfd_create("syzkaller", 0) = 3 [ 184.960811][ T5850] BTRFS info (device loop2): last unmount of filesystem b07fe510-280b-4c49-ae45-4074cf57c85d [ 184.982178][ T8351] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8351) [pid 8405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 185.072500][ T8353] BTRFS: device /dev/loop4 (7:4) using temp-fsid 7cdde044-7ece-4f5c-bca0-ffd30b4aaabc [ 185.090712][ T8351] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 185.109257][ T8353] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8353) [ 185.129457][ T8351] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 185.149533][ T8351] BTRFS info (device loop0): using free-space-tree [ 185.162257][ T8353] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./28/file0") = 0 [ 185.231384][ T8353] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./28") = 0 [pid 5850] mkdir("./29", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8419 attached [ 185.319509][ T8353] BTRFS info (device loop4): using free-space-tree [pid 8419] set_robust_list(0x55558aa90660, 24) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8419 [pid 8419] chdir("./29") = 0 [pid 8419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8419] setpgid(0, 0) = 0 [pid 8419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8419] write(3, "1000", 4) = 4 [pid 8419] close(3) = 0 [pid 8419] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8419] write(1, "executing program\n", 18) = 18 [pid 8419] memfd_create("syzkaller", 0) = 3 [pid 8419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8351] <... mount resumed>) = 0 [pid 8351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8351] chdir("./file0") = 0 [pid 8351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8351] ioctl(4, LOOP_CLR_FD) = 0 [pid 8351] close(4) = 0 [pid 8351] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8351] ioctl(-1, SIOCGIFINDEX, NULL [pid 8353] <... mount resumed>) = 0 [pid 8351] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8351] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8353] chdir("./file0" [pid 8388] <... write resumed>) = 16777216 [pid 8353] <... chdir resumed>) = 0 [pid 8351] <... write resumed>) = 280 [pid 8388] munmap(0x7f362be00000, 138412032 [pid 8353] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8351] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8353] <... openat resumed>) = 4 [pid 8351] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8351] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8351] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8351] exit_group(0) = ? [pid 8351] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8351, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 8353] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 8388] <... munmap resumed>) = 0 [pid 8353] close(4 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./29/binderfs" [pid 8388] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8353] <... close resumed>) = 0 [pid 8388] <... openat resumed>) = 4 [pid 8353] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... unlink resumed>) = 0 [pid 8388] ioctl(4, LOOP_SET_FD, 3 [pid 5848] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8388] <... ioctl resumed>) = 0 [pid 8353] <... openat resumed>) = 4 [pid 8388] close(3 [pid 8353] ioctl(-1, SIOCGIFINDEX, NULL [pid 8388] <... close resumed>) = 0 [pid 8353] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8388] close(4 [pid 8353] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8388] <... close resumed>) = 0 [pid 8388] mkdir("./file0", 0777 [pid 8353] <... write resumed>) = 280 [pid 8388] <... mkdir resumed>) = 0 [pid 8353] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8388] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8353] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8353] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8353] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8353] exit_group(0) = ? [ 185.610408][ T8388] loop3: detected capacity change from 0 to 32768 [pid 8353] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8353, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=25 /* 0.25 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./29/binderfs" [pid 8405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... unlink resumed>) = 0 [ 185.666093][ T8388] BTRFS: device /dev/loop3 (7:3) using temp-fsid e64fa7bd-7429-45cb-aed6-2348a1f56d4a [ 185.684097][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 185.720119][ T8388] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8388) [ 185.768912][ T5852] BTRFS info (device loop4): last unmount of filesystem 7cdde044-7ece-4f5c-bca0-ffd30b4aaabc [ 185.807189][ T8388] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 185.856158][ T8388] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5852] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./29/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./29") = 0 [pid 5852] mkdir("./30", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8442 ./strace-static-x86_64: Process 8442 attached [pid 8442] set_robust_list(0x55558aa90660, 24) = 0 [pid 8442] chdir("./30") = 0 [pid 8442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8442] setpgid(0, 0) = 0 [pid 8442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8442] write(3, "1000", 4) = 4 [pid 8442] close(3) = 0 [pid 8442] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8442] write(1, "executing program\n", 18) = 18 [ 185.909316][ T8388] BTRFS info (device loop3): using free-space-tree [pid 8442] memfd_create("syzkaller", 0) = 3 [pid 8442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8388] <... mount resumed>) = 0 [pid 8388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8388] chdir("./file0") = 0 [pid 8388] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5848] <... umount2 resumed>) = 0 [pid 8388] ioctl(4, LOOP_CLR_FD) = 0 [pid 8388] close(4) = 0 [pid 8388] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8388] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8388] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8388] <... write resumed>) = 280 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8388] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] newfstatat(AT_FDCWD, "./29/file0", [pid 8388] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8388] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8388] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8388] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8388] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8388] exit_group(0 [pid 5848] <... openat resumed>) = 4 [pid 8388] <... exit_group resumed>) = ? [pid 8388] +++ exited with 0 +++ [pid 5848] newfstatat(4, "", [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8388, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... restart_syscall resumed>) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(4, [pid 5851] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] close(4 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] <... close resumed>) = 0 [pid 5851] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] rmdir("./29/file0" [pid 5851] newfstatat(AT_FDCWD, "./29/binderfs", [pid 5848] <... rmdir resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] getdents64(3, [pid 5851] unlink("./29/binderfs" [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] <... unlink resumed>) = 0 [pid 5848] close(3 [pid 8405] <... write resumed>) = 16777216 [pid 5851] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./29") = 0 [pid 5848] mkdir("./30", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 8405] munmap(0x7f362be00000, 138412032 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8457 attached , child_tidptr=0x55558aa90650) = 8457 [pid 8457] set_robust_list(0x55558aa90660, 24) = 0 [pid 8457] chdir("./30" [pid 8405] <... munmap resumed>) = 0 [pid 8457] <... chdir resumed>) = 0 [pid 8457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8457] setpgid(0, 0) = 0 [pid 8457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8457] write(3, "1000", 4) = 4 [pid 8457] close(3) = 0 [pid 8457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8405] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 186.295923][ T5851] BTRFS info (device loop3): last unmount of filesystem e64fa7bd-7429-45cb-aed6-2348a1f56d4a executing program [pid 8405] ioctl(4, LOOP_SET_FD, 3 [pid 8457] write(1, "executing program\n", 18) = 18 [pid 8457] memfd_create("syzkaller", 0) = 3 [pid 8457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8405] <... ioctl resumed>) = 0 [pid 8405] close(3) = 0 [pid 8405] close(4) = 0 [pid 8405] mkdir("./file0", 0777) = 0 [ 186.349601][ T8405] loop1: detected capacity change from 0 to 32768 [pid 8405] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 186.416547][ T8405] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8405) [ 186.495789][ T8405] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 186.531103][ T8405] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 186.558345][ T8405] BTRFS info (device loop1): using free-space-tree [pid 8442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8419] <... write resumed>) = 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 8419] munmap(0x7f362be00000, 138412032 [pid 5851] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8419] <... munmap resumed>) = 0 [pid 8419] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8419] ioctl(4, LOOP_SET_FD, 3 [pid 5851] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8419] <... ioctl resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8419] close(3) = 0 [pid 8419] close(4) = 0 [pid 8419] mkdir("./file0", 0777 [pid 5851] <... openat resumed>) = 4 [pid 8419] <... mkdir resumed>) = 0 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 8419] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./29/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./29") = 0 [pid 5851] mkdir("./30", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 186.663979][ T8419] loop2: detected capacity change from 0 to 32768 [ 186.696111][ T8419] BTRFS: device /dev/loop2 (7:2) using temp-fsid 93cbf3d5-3c38-4a35-abae-6c5a9f2eefef [pid 5851] close(3) = 0 [ 186.749342][ T8419] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8419) [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 8472 attached [pid 8472] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 8472 [pid 8472] <... set_robust_list resumed>) = 0 [pid 8472] chdir("./30") = 0 [pid 8472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8472] setpgid(0, 0) = 0 [pid 8472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8442] <... write resumed>) = 16777216 [ 186.795668][ T8419] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8472] write(3, "1000", 4) = 4 [pid 8472] close(3) = 0 [pid 8472] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8472] write(1, "executing program\n", 18) = 18 [pid 8472] memfd_create("syzkaller", 0 [pid 8442] munmap(0x7f362be00000, 138412032 [pid 8405] <... mount resumed>) = 0 [pid 8405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8472] <... memfd_create resumed>) = 3 [pid 8405] chdir("./file0") = 0 [pid 8405] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8405] <... openat resumed>) = 4 [pid 8472] <... mmap resumed>) = 0x7f362be00000 [pid 8442] <... munmap resumed>) = 0 [pid 8405] ioctl(4, LOOP_CLR_FD) = 0 [pid 8405] close(4) = 0 [pid 8405] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8442] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8405] ioctl(-1, SIOCGIFINDEX, NULL [pid 8442] ioctl(4, LOOP_SET_FD, 3 [pid 8405] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8405] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8405] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 186.844138][ T8419] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 186.873704][ T8419] BTRFS info (device loop2): using free-space-tree [pid 8405] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8405] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8405] exit_group(0) = ? [pid 8405] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8405, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=20 /* 0.20 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 8442] <... ioctl resumed>) = 0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 8442] close(3) = 0 [pid 8442] close(4 [pid 5849] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 186.890532][ T8442] loop4: detected capacity change from 0 to 32768 [pid 8442] <... close resumed>) = 0 [pid 5849] getdents64(3, [pid 8442] mkdir("./file0", 0777 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 8442] <... mkdir resumed>) = 0 [pid 5849] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./30/binderfs", [pid 8442] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./30/binderfs") = 0 [ 186.952677][ T8442] BTRFS: device /dev/loop4 (7:4) using temp-fsid f05f0b09-5f22-4f3e-9f80-75bc6a5c38a4 [ 186.963114][ T8442] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8442) [pid 5849] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8457] <... write resumed>) = 16777216 [ 187.034303][ T8442] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 187.047754][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8419] <... mount resumed>) = 0 [pid 8419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8457] munmap(0x7f362be00000, 138412032 [pid 8419] chdir("./file0") = 0 [pid 8419] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8419] ioctl(4, LOOP_CLR_FD [pid 8457] <... munmap resumed>) = 0 [pid 8419] <... ioctl resumed>) = 0 [pid 8457] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8419] close(4 [pid 8457] <... openat resumed>) = 4 [pid 8419] <... close resumed>) = 0 [ 187.089893][ T8442] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 187.123902][ T8442] BTRFS info (device loop4): using free-space-tree [pid 8457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8419] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8457] close(3) = 0 [pid 8457] close(4) = 0 [pid 8419] <... openat resumed>) = 4 [pid 8457] mkdir("./file0", 0777) = 0 [pid 8457] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 8419] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8419] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [ 187.142283][ T8457] loop0: detected capacity change from 0 to 32768 [ 187.181783][ T8457] BTRFS: device /dev/loop0 (7:0) using temp-fsid 7c43dc64-5772-4033-8778-ecda9c91d720 [pid 8419] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8419] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8419] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8419] exit_group(0) = ? [pid 8419] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8419, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./29/binderfs") = 0 [pid 5850] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 187.250636][ T8457] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8457) [pid 8472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8442] <... mount resumed>) = 0 [pid 8442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8442] chdir("./file0") = 0 [pid 8442] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8442] ioctl(4, LOOP_CLR_FD) = 0 [ 187.323555][ T5850] BTRFS info (device loop2): last unmount of filesystem 93cbf3d5-3c38-4a35-abae-6c5a9f2eefef [ 187.349883][ T8457] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8442] close(4) = 0 [pid 8442] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8442] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8442] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8442] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8442] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8442] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8442] exit_group(0) = ? [pid 8442] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8442, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [ 187.403189][ T8457] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./30/binderfs") = 0 [ 187.450089][ T8457] BTRFS info (device loop0): using free-space-tree [ 187.554695][ T5852] BTRFS info (device loop4): last unmount of filesystem f05f0b09-5f22-4f3e-9f80-75bc6a5c38a4 [pid 5852] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 8472] <... write resumed>) = 16777216 [pid 5849] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8472] munmap(0x7f362be00000, 138412032 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8457] <... mount resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./30/file0", [pid 8457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8457] <... openat resumed>) = 3 [pid 5849] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8457] chdir("./file0" [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8457] <... chdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] <... openat resumed>) = 4 [pid 8457] ioctl(4, LOOP_CLR_FD [pid 5849] newfstatat(4, "", [pid 8457] <... ioctl resumed>) = 0 [pid 8457] close(4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8457] <... close resumed>) = 0 [pid 5849] getdents64(4, [pid 8457] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8472] <... munmap resumed>) = 0 [pid 8457] <... openat resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8457] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] getdents64(4, [pid 8457] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8457] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] close(4 [pid 8457] <... write resumed>) = 280 [pid 5849] <... close resumed>) = 0 [pid 8457] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] rmdir("./30/file0" [pid 8457] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8457] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] <... umount2 resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 8457] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] getdents64(3, [pid 8457] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8457] exit_group(0 [pid 5849] close(3 [pid 8457] <... exit_group resumed>) = ? [pid 5849] <... close resumed>) = 0 [pid 8472] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8457] +++ exited with 0 +++ [pid 5852] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = 0 [pid 5849] rmdir("./30" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8457, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} --- [pid 8472] <... openat resumed>) = 4 [pid 5852] newfstatat(AT_FDCWD, "./30/file0", [pid 8472] ioctl(4, LOOP_SET_FD, 3 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... rmdir resumed>) = 0 [pid 5848] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] mkdir("./31", 0777 [pid 5850] newfstatat(AT_FDCWD, "./29/file0", [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... mkdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... openat resumed>) = 3 [pid 5848] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5852] <... openat resumed>) = 4 [pid 5850] <... openat resumed>) = 4 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5848] <... openat resumed>) = 3 [pid 5850] newfstatat(4, "", [pid 5849] close(3 [pid 5852] newfstatat(4, "", [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... close resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] getdents64(4, [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, [pid 5850] getdents64(4, [pid 5848] getdents64(3, [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] getdents64(4, [pid 5848] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] close(4 [pid 5848] newfstatat(AT_FDCWD, "./30/binderfs", [pid 5852] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] rmdir("./30/file0" [pid 5848] unlink("./30/binderfs" [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8524 attached [pid 5850] close(4 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 8524 [pid 8524] set_robust_list(0x55558aa90660, 24 [pid 5852] <... rmdir resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 8524] <... set_robust_list resumed>) = 0 [pid 5852] getdents64(3, [pid 5850] rmdir("./29/file0" [pid 5848] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8524] chdir("./31" [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5852] rmdir("./30" [pid 8524] <... chdir resumed>) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, [pid 5852] mkdir("./31", 0777 [pid 8524] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... mkdir resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8524] <... prctl resumed>) = 0 [pid 8472] <... ioctl resumed>) = 0 [ 187.737499][ T8472] loop3: detected capacity change from 0 to 32768 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] close(3 [pid 8524] setpgid(0, 0 [pid 8472] close(3 [pid 8524] <... setpgid resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 8524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8472] <... close resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5850] rmdir("./29" [pid 8472] close(4 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 8524] <... openat resumed>) = 3 [pid 5850] <... rmdir resumed>) = 0 [pid 8524] write(3, "1000", 4 [pid 5850] mkdir("./30", 0777 [pid 8524] <... write resumed>) = 4 [pid 8524] close(3 [pid 8472] <... close resumed>) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 8524] <... close resumed>) = 0 [pid 8524] symlink("/dev/binderfs", "./binderfs" [pid 5852] close(3executing program [pid 8524] <... symlink resumed>) = 0 [pid 8472] mkdir("./file0", 0777 [pid 5852] <... close resumed>) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8524] write(1, "executing program\n", 18) = 18 [pid 8472] <... mkdir resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8524] memfd_create("syzkaller", 0 [pid 5850] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8525 attached [pid 8524] <... memfd_create resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 8472] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8525] set_robust_list(0x55558aa90660, 24 [pid 8524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8525] <... set_robust_list resumed>) = 0 [pid 5850] close(3 [pid 8524] <... mmap resumed>) = 0x7f362be00000 [pid 8525] chdir("./31" [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 8525 [pid 5850] <... close resumed>) = 0 [pid 8525] <... chdir resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8525] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 8526 attached ) = 0 [pid 8525] setpgid(0, 0 [pid 8526] set_robust_list(0x55558aa90660, 24 [pid 8525] <... setpgid resumed>) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8526 [pid 8525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8526] <... set_robust_list resumed>) = 0 [pid 8526] chdir("./30" [pid 8525] <... openat resumed>) = 3 [pid 8526] <... chdir resumed>) = 0 [pid 8526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8525] write(3, "1000", 4 [pid 8526] setpgid(0, 0 [pid 8525] <... write resumed>) = 4 [pid 8526] <... setpgid resumed>) = 0 [pid 8525] close(3) = 0 [pid 8526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8525] symlink("/dev/binderfs", "./binderfs" [pid 8526] write(3, "1000", 4) = 4 [pid 8526] close(3 [pid 8525] <... symlink resumed>) = 0 [pid 8526] <... close resumed>) = 0 [pid 8525] write(1, "executing program\n", 18executing program executing program [pid 8526] symlink("/dev/binderfs", "./binderfs" [pid 8525] <... write resumed>) = 18 [pid 8526] <... symlink resumed>) = 0 [pid 8525] memfd_create("syzkaller", 0) = 3 [pid 8526] write(1, "executing program\n", 18 [pid 8525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8526] <... write resumed>) = 18 [pid 8526] memfd_create("syzkaller", 0) = 3 [pid 8526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 187.823293][ T5848] BTRFS info (device loop0): last unmount of filesystem 7c43dc64-5772-4033-8778-ecda9c91d720 [ 187.836164][ T8472] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8472) [ 187.895794][ T8472] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 187.918932][ T8472] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 187.967564][ T8472] BTRFS info (device loop3): using free-space-tree [pid 8526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8472] <... mount resumed>) = 0 [pid 8472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8472] chdir("./file0") = 0 [pid 8472] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8472] ioctl(4, LOOP_CLR_FD) = 0 [pid 8472] close(4) = 0 [pid 8472] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8472] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8472] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8472] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8472] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8472] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8472] exit_group(0) = ? [pid 8472] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8472, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./30/binderfs") = 0 [pid 5851] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 188.247032][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./30/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./30") = 0 [pid 5848] mkdir("./31", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8543 attached , child_tidptr=0x55558aa90650) = 8543 [pid 8543] set_robust_list(0x55558aa90660, 24) = 0 [pid 8543] chdir("./31") = 0 [pid 8543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8543] setpgid(0, 0) = 0 [pid 8543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8543] write(3, "1000", 4) = 4 [pid 8543] close(3) = 0 [pid 8543] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8543] write(1, "executing program\n", 18) = 18 [pid 8543] memfd_create("syzkaller", 0) = 3 [pid 8543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./30/file0") = 0 [pid 8526] <... write resumed>) = 16777216 [pid 8526] munmap(0x7f362be00000, 138412032 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 8526] <... munmap resumed>) = 0 [pid 5851] rmdir("./30") = 0 [pid 5851] mkdir("./31", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8544 attached [pid 8526] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 8544 [pid 8526] <... openat resumed>) = 4 [pid 8526] ioctl(4, LOOP_SET_FD, 3 [pid 8544] set_robust_list(0x55558aa90660, 24) = 0 [pid 8544] chdir("./31") = 0 [pid 8544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8544] setpgid(0, 0) = 0 [pid 8544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 8526] <... ioctl resumed>) = 0 [pid 8544] write(3, "1000", 4) = 4 [pid 8544] close(3) = 0 [pid 8544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8544] write(1, "executing program\n", 18) = 18 [pid 8526] close(3) = 0 [pid 8526] close(4) = 0 [pid 8544] memfd_create("syzkaller", 0 [ 188.642324][ T8526] loop2: detected capacity change from 0 to 32768 [pid 8526] mkdir("./file0", 0777) = 0 [pid 8526] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 8544] <... memfd_create resumed>) = 3 [pid 8544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8524] <... write resumed>) = 16777216 [ 188.690367][ T8526] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8526) [pid 8524] munmap(0x7f362be00000, 138412032) = 0 [pid 8524] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 188.764802][ T8526] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 188.804850][ T8526] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 8524] ioctl(4, LOOP_SET_FD, 3 [pid 8543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8524] <... ioctl resumed>) = 0 [pid 8524] close(3) = 0 [pid 8524] close(4) = 0 [ 188.822040][ T8526] BTRFS info (device loop2): using free-space-tree [ 188.831363][ T8524] loop1: detected capacity change from 0 to 32768 [pid 8524] mkdir("./file0", 0777) = 0 [pid 8524] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8525] <... write resumed>) = 16777216 [pid 8525] munmap(0x7f362be00000, 138412032) = 0 [ 188.890961][ T8524] BTRFS: device /dev/loop1 (7:1) using temp-fsid 211f4ae1-a0b5-4aa4-87fc-9e91dd787527 [ 188.915360][ T8524] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8524) [pid 8525] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8525] close(3) = 0 [pid 8525] close(4) = 0 [pid 8525] mkdir("./file0", 0777) = 0 [ 188.991629][ T8525] loop4: detected capacity change from 0 to 32768 [ 188.992108][ T8524] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 189.012356][ T8525] BTRFS: device /dev/loop4 (7:4) using temp-fsid c1c812bf-6afb-46ef-a82e-2a2c5bad8a09 [ 189.052859][ T8525] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8525) [ 189.121520][ T8524] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 189.158375][ T8525] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8525] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 8526] <... mount resumed>) = 0 [pid 8526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8526] chdir("./file0") = 0 [pid 8526] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8526] ioctl(4, LOOP_CLR_FD) = 0 [pid 8526] close(4) = 0 [pid 8526] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 189.174101][ T8524] BTRFS info (device loop1): using free-space-tree [ 189.185645][ T8525] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 189.209731][ T8525] BTRFS info (device loop4): using free-space-tree [pid 8526] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8526] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8526] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8526] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8526] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8526] exit_group(0) = ? [pid 8526] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8526, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./30/binderfs") = 0 [pid 5850] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8543] <... write resumed>) = 16777216 [pid 8543] munmap(0x7f362be00000, 138412032) = 0 [ 189.341983][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8543] close(3) = 0 [pid 8543] close(4) = 0 [pid 8543] mkdir("./file0", 0777) = 0 [pid 8544] <... write resumed>) = 16777216 [pid 8543] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 8524] <... mount resumed>) = 0 [pid 8524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 189.392697][ T8543] loop0: detected capacity change from 0 to 32768 [pid 8524] chdir("./file0") = 0 [pid 8544] munmap(0x7f362be00000, 138412032 [pid 8524] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8524] ioctl(4, LOOP_CLR_FD) = 0 [pid 8524] close(4) = 0 [pid 8524] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8524] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8524] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8524] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8524] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8524] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8524] exit_group(0) = ? [pid 8524] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8524, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 189.439793][ T8543] BTRFS: device /dev/loop0 (7:0) using temp-fsid 7d99131f-1fc4-4663-893f-190c03fb0c99 [pid 5849] unlink("./31/binderfs" [pid 8544] <... munmap resumed>) = 0 [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8544] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8544] close(3) = 0 [pid 8544] close(4) = 0 [pid 8544] mkdir("./file0", 0777) = 0 [ 189.480373][ T8543] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8543) [ 189.495049][ T8544] loop3: detected capacity change from 0 to 32768 [ 189.526511][ T8544] BTRFS: device /dev/loop3 (7:3) using temp-fsid 685822c9-e698-49d4-af90-e804909fb76d [ 189.537218][ T8543] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 189.547760][ T8543] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 189.559856][ T5849] BTRFS info (device loop1): last unmount of filesystem 211f4ae1-a0b5-4aa4-87fc-9e91dd787527 [pid 8544] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8525] <... mount resumed>) = 0 [pid 8525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8525] chdir("./file0") = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 8525] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8525] <... openat resumed>) = 4 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8525] ioctl(4, LOOP_CLR_FD [pid 5850] newfstatat(AT_FDCWD, "./30/file0", [pid 8525] <... ioctl resumed>) = 0 [ 189.563003][ T8544] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8544) [ 189.599734][ T8543] BTRFS info (device loop0): using free-space-tree [ 189.616027][ T8544] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8525] close(4 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8525] <... close resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8525] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5850] <... openat resumed>) = 4 [pid 8525] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 8525] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8525] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5850] getdents64(4, [pid 8525] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8525] <... write resumed>) = 280 [pid 5850] close(4 [pid 8525] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5850] <... close resumed>) = 0 [pid 8525] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5850] rmdir("./30/file0" [pid 8525] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 8525] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 189.667506][ T8544] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 8525] exit_group(0 [pid 5850] <... rmdir resumed>) = 0 [pid 8525] <... exit_group resumed>) = ? [pid 5850] getdents64(3, [pid 8525] +++ exited with 0 +++ [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8525, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5850] close(3) = 0 [pid 5850] rmdir("./30" [pid 5852] <... restart_syscall resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5850] mkdir("./31", 0777 [pid 5849] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] <... mkdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] <... openat resumed>) = 3 [pid 5850] <... openat resumed>) = 3 [pid 5849] newfstatat(AT_FDCWD, "./31/file0", [pid 5852] newfstatat(3, "", [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... ioctl resumed>) = 0 [pid 5852] getdents64(3, [pid 5850] close(3 [pid 5849] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... close resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8613 attached [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(4, "", [pid 8613] set_robust_list(0x55558aa90660, 24 [pid 5852] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8613 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8613] <... set_robust_list resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] getdents64(4, [pid 8613] chdir("./31" [pid 5852] unlink("./31/binderfs" [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... unlink resumed>) = 0 [pid 5849] getdents64(4, [pid 8613] <... chdir resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8613] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] close(4 [pid 8613] <... prctl resumed>) = 0 [pid 5852] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... close resumed>) = 0 [pid 8613] setpgid(0, 0 [pid 5849] rmdir("./31/file0" [pid 8613] <... setpgid resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] close(3 [pid 8613] <... openat resumed>) = 3 [pid 5849] <... close resumed>) = 0 [ 189.713753][ T8544] BTRFS info (device loop3): using free-space-tree [pid 5849] rmdir("./31"executing program ) = 0 [pid 5849] mkdir("./32", 0777 [pid 8613] write(3, "1000", 4 [pid 5849] <... mkdir resumed>) = 0 [pid 8613] <... write resumed>) = 4 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8613] close(3 [pid 5849] <... openat resumed>) = 3 [pid 8613] <... close resumed>) = 0 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3 [pid 8613] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... close resumed>) = 0 [pid 8613] <... symlink resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8618 [pid 8613] write(1, "executing program\n", 18./strace-static-x86_64: Process 8618 attached [pid 8543] <... mount resumed>) = 0 [pid 8613] <... write resumed>) = 18 [pid 8543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8543] chdir("./file0") = 0 [pid 8543] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8618] set_robust_list(0x55558aa90660, 24 [pid 8543] <... openat resumed>) = 4 [pid 8618] <... set_robust_list resumed>) = 0 [pid 8618] chdir("./32") = 0 [pid 8618] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8543] ioctl(4, LOOP_CLR_FD [pid 8618] <... prctl resumed>) = 0 [pid 8618] setpgid(0, 0) = 0 [pid 8618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8543] <... ioctl resumed>) = 0 [pid 8618] <... openat resumed>) = 3 [pid 8543] close(4 [pid 8618] write(3, "1000", 4) = 4 [pid 8543] <... close resumed>) = 0 [pid 8618] close(3 [pid 8543] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8618] <... close resumed>) = 0 [pid 8543] <... openat resumed>) = 4 [pid 8618] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8618] write(1, "executing program\n", 18) = 18 [pid 8618] memfd_create("syzkaller", 0) = 3 [pid 8613] memfd_create("syzkaller", 0 [pid 8543] ioctl(-1, SIOCGIFINDEX, NULL [pid 8618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8543] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8613] <... memfd_create resumed>) = 3 [pid 8543] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8543] <... write resumed>) = 280 [pid 8613] <... mmap resumed>) = 0x7f362be00000 [pid 8543] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8543] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8543] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8543] exit_group(0) = ? [pid 8543] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8543, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./31/binderfs") = 0 [ 189.858099][ T5852] BTRFS info (device loop4): last unmount of filesystem c1c812bf-6afb-46ef-a82e-2a2c5bad8a09 [ 189.985810][ T5848] BTRFS info (device loop0): last unmount of filesystem 7d99131f-1fc4-4663-893f-190c03fb0c99 [pid 5848] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8544] <... mount resumed>) = 0 [pid 8544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8544] chdir("./file0") = 0 [pid 8544] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8544] ioctl(4, LOOP_CLR_FD) = 0 [pid 8544] close(4) = 0 [pid 8544] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8544] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8544] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8544] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8544] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8544] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8544] exit_group(0) = ? [pid 8544] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8544, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./31/binderfs") = 0 [pid 5851] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./31/file0") = 0 [pid 5852] newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./31" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./32", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5852] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, [pid 5848] <... ioctl resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] close(3 [pid 5852] getdents64(4, [pid 5848] <... close resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8630 attached [pid 5852] close(4 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 8630 [pid 8630] set_robust_list(0x55558aa90660, 24) = 0 [pid 8630] chdir("./32") = 0 [pid 8630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8630] setpgid(0, 0) = 0 [pid 8630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8630] write(3, "1000", 4) = 4 [pid 8630] close(3) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./31/file0"executing program [pid 8630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8630] write(1, "executing program\n", 18) = 18 [pid 8630] memfd_create("syzkaller", 0 [pid 5852] <... rmdir resumed>) = 0 [pid 8630] <... memfd_create resumed>) = 3 [pid 8630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [ 190.260048][ T5851] BTRFS info (device loop3): last unmount of filesystem 685822c9-e698-49d4-af90-e804909fb76d [pid 5852] close(3) = 0 [pid 5852] rmdir("./31") = 0 [pid 5852] mkdir("./32", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8631 attached , child_tidptr=0x55558aa90650) = 8631 [pid 8631] set_robust_list(0x55558aa90660, 24) = 0 [pid 8631] chdir("./32") = 0 [pid 8631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8631] setpgid(0, 0) = 0 [pid 8631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8631] write(3, "1000", 4 [pid 5851] newfstatat(AT_FDCWD, "./31/file0", [pid 8631] <... write resumed>) = 4 [pid 8631] close(3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8631] <... close resumed>) = 0 [pid 5851] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8631] symlink("/dev/binderfs", "./binderfs" [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8631] <... symlink resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 8631] write(1, "executing program\n", 18 [pid 5851] <... openat resumed>) = 4 [pid 8631] <... write resumed>) = 18 [pid 5851] newfstatat(4, "", [pid 8631] memfd_create("syzkaller", 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 8631] <... memfd_create resumed>) = 3 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] getdents64(4, [pid 8631] <... mmap resumed>) = 0x7f362be00000 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 8613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./31/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./31" [pid 8618] <... write resumed>) = 16777216 [pid 5851] <... rmdir resumed>) = 0 [pid 8618] munmap(0x7f362be00000, 138412032 [pid 5851] mkdir("./32", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8632 attached [pid 8632] set_robust_list(0x55558aa90660, 24 [pid 8618] <... munmap resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 8632 [pid 8632] <... set_robust_list resumed>) = 0 [pid 8632] chdir("./32" [pid 8618] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8632] <... chdir resumed>) = 0 [pid 8632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8618] close(3) = 0 [pid 8632] setpgid(0, 0 [pid 8618] close(4 [pid 8632] <... setpgid resumed>) = 0 [pid 8632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8618] <... close resumed>) = 0 [pid 8632] <... openat resumed>) = 3 [pid 8618] mkdir("./file0", 0777 [pid 8632] write(3, "1000", 4 [pid 8618] <... mkdir resumed>) = 0 [ 190.651422][ T8618] loop1: detected capacity change from 0 to 32768 [pid 8632] <... write resumed>) = 4 [pid 8618] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8632] close(3) = 0 [pid 8632] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8632] write(1, "executing program\n", 18) = 18 [pid 8632] memfd_create("syzkaller", 0) = 3 [pid 8632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 190.730985][ T8618] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8618) [ 190.834785][ T8618] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 190.879236][ T8618] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 190.921701][ T8618] BTRFS info (device loop1): using free-space-tree [pid 8630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8613] <... write resumed>) = 16777216 [pid 8613] munmap(0x7f362be00000, 138412032 [pid 8631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8613] <... munmap resumed>) = 0 [pid 8613] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8613] close(3) = 0 [pid 8613] close(4) = 0 [pid 8613] mkdir("./file0", 0777) = 0 [pid 8613] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 8618] <... mount resumed>) = 0 [pid 8618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8618] chdir("./file0") = 0 [pid 8618] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8618] ioctl(4, LOOP_CLR_FD) = 0 [pid 8618] close(4) = 0 [pid 8618] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8618] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8618] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8618] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8618] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8618] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8618] exit_group(0) = ? [pid 8618] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8618, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./32/binderfs") = 0 [ 191.111470][ T8613] loop2: detected capacity change from 0 to 32768 [ 191.148373][ T8613] BTRFS: device /dev/loop2 (7:2) using temp-fsid bac242c8-10ba-43f4-bb18-6dbec1282c75 [pid 5849] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8630] <... write resumed>) = 16777216 [pid 8630] munmap(0x7f362be00000, 138412032) = 0 [ 191.200405][ T8613] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8613) [ 191.229696][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8630] close(3) = 0 [pid 8630] close(4) = 0 [pid 8630] mkdir("./file0", 0777) = 0 [ 191.261321][ T8613] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 191.271481][ T8630] loop0: detected capacity change from 0 to 32768 [ 191.289395][ T8630] BTRFS: device /dev/loop0 (7:0) using temp-fsid 169f2e1b-2b3a-4747-8243-c6bc4accab49 [ 191.315584][ T8613] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 8630] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 191.356330][ T8630] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8630) [ 191.384106][ T8613] BTRFS info (device loop2): using free-space-tree [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./32/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./32") = 0 [pid 5849] mkdir("./33", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8659 attached , child_tidptr=0x55558aa90650) = 8659 [pid 8659] set_robust_list(0x55558aa90660, 24) = 0 [pid 8659] chdir("./33") = 0 [pid 8659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8659] setpgid(0, 0) = 0 [ 191.442724][ T8630] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8659] write(3, "1000", 4) = 4 [pid 8659] close(3) = 0 [pid 8659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8659] write(1, "executing program\n", 18executing program ) = 18 [pid 8659] memfd_create("syzkaller", 0) = 3 [pid 8659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 191.499730][ T8630] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 8613] <... mount resumed>) = 0 [pid 8613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8613] chdir("./file0") = 0 [pid 8613] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8613] ioctl(4, LOOP_CLR_FD) = 0 [pid 8613] close(4) = 0 [pid 8613] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8613] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 191.580768][ T8630] BTRFS info (device loop0): using free-space-tree [pid 8613] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8613] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8613] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8613] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8613] exit_group(0) = ? [pid 8613] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8613, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 8631] <... write resumed>) = 16777216 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5850] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./31/binderfs") = 0 [pid 5850] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8631] munmap(0x7f362be00000, 138412032 [pid 8632] <... write resumed>) = 16777216 [pid 8631] <... munmap resumed>) = 0 [pid 8632] munmap(0x7f362be00000, 138412032 [pid 8631] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8631] ioctl(4, LOOP_SET_FD, 3 [pid 8632] <... munmap resumed>) = 0 [pid 8631] <... ioctl resumed>) = 0 [pid 8631] close(3) = 0 [pid 8631] close(4) = 0 [pid 8631] mkdir("./file0", 0777) = 0 [pid 8631] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 8632] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 191.753139][ T5850] BTRFS info (device loop2): last unmount of filesystem bac242c8-10ba-43f4-bb18-6dbec1282c75 [ 191.778750][ T8631] loop4: detected capacity change from 0 to 32768 [pid 8632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8632] close(3) = 0 [pid 8632] close(4) = 0 [pid 8630] <... mount resumed>) = 0 [pid 8632] mkdir("./file0", 0777) = 0 [pid 8630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8632] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8630] <... openat resumed>) = 3 [pid 8630] chdir("./file0") = 0 [pid 8630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 191.811581][ T8631] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8631) [ 191.825340][ T8632] loop3: detected capacity change from 0 to 32768 [pid 8630] ioctl(4, LOOP_CLR_FD) = 0 [pid 8630] close(4) = 0 [pid 8630] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8630] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8630] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8630] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8630] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 191.852084][ T8632] BTRFS: device /dev/loop3 (7:3) using temp-fsid 4e45c07b-c051-41e4-9315-10643b75f2e9 [ 191.869254][ T8631] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8630] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8630] exit_group(0) = ? [pid 8630] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8630, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=24 /* 0.24 s */} --- [pid 5848] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./32/binderfs") = 0 [ 191.898715][ T8632] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8632) [ 191.919970][ T8631] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 191.945340][ T8631] BTRFS info (device loop4): using free-space-tree [pid 5848] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 191.975582][ T5848] BTRFS info (device loop0): last unmount of filesystem 169f2e1b-2b3a-4747-8243-c6bc4accab49 [ 192.004944][ T8632] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 192.053109][ T8632] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 192.109635][ T8632] BTRFS info (device loop3): using free-space-tree [pid 8659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8631] <... mount resumed>) = 0 [pid 8631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8631] chdir("./file0") = 0 [pid 8631] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8631] ioctl(4, LOOP_CLR_FD) = 0 [pid 8631] close(4) = 0 [pid 8631] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8631] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8631] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8631] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8631] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8631] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8631] exit_group(0) = ? [pid 8631] +++ exited with 0 +++ [pid 5850] <... umount2 resumed>) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8631, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5850] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] newfstatat(AT_FDCWD, "./31/file0", [pid 5852] <... openat resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] newfstatat(3, "", [pid 5850] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] getdents64(3, [pid 5850] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] <... openat resumed>) = 4 [pid 5852] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] newfstatat(4, "", [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] newfstatat(AT_FDCWD, "./32/binderfs", [pid 5850] getdents64(4, [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] unlink("./32/binderfs" [pid 5850] getdents64(4, [pid 5852] <... unlink resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] close(4) = 0 [pid 5850] rmdir("./31/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./31") = 0 [pid 5850] mkdir("./32", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8716 attached [pid 8716] set_robust_list(0x55558aa90660, 24 [pid 8632] <... mount resumed>) = 0 [pid 8632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8632] chdir("./file0" [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 8716 [pid 8716] <... set_robust_list resumed>) = 0 [pid 8632] <... chdir resumed>) = 0 [pid 8716] chdir("./32" [pid 8632] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8632] ioctl(4, LOOP_CLR_FD) = 0 [pid 8632] close(4 [pid 8716] <... chdir resumed>) = 0 [pid 8632] <... close resumed>) = 0 [pid 8632] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8716] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8632] <... openat resumed>) = 4 [pid 8716] <... prctl resumed>) = 0 [pid 8716] setpgid(0, 0) = 0 [pid 8716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8716] write(3, "1000", 4 [pid 8632] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8632] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8716] <... write resumed>) = 4 [pid 8632] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8716] close(3) = 0 executing program [pid 8716] symlink("/dev/binderfs", "./binderfs" [pid 8632] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8632] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8632] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 8716] <... symlink resumed>) = 0 [pid 8632] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8716] write(1, "executing program\n", 18) = 18 [pid 8632] exit_group(0 [pid 8716] memfd_create("syzkaller", 0 [pid 8632] <... exit_group resumed>) = ? [pid 8632] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8632, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8716] <... memfd_create resumed>) = 3 [pid 5851] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./32/binderfs") = 0 [pid 5851] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 192.444624][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 192.531478][ T5851] BTRFS info (device loop3): last unmount of filesystem 4e45c07b-c051-41e4-9315-10643b75f2e9 [pid 8659] <... write resumed>) = 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 8659] munmap(0x7f362be00000, 138412032 [pid 5848] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./32/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./32" [pid 8659] <... munmap resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./33", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8717 ./strace-static-x86_64: Process 8717 attached [pid 8659] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8717] set_robust_list(0x55558aa90660, 24 [pid 8659] <... openat resumed>) = 4 [pid 8659] ioctl(4, LOOP_SET_FD, 3 [pid 8717] <... set_robust_list resumed>) = 0 [pid 8717] chdir("./33") = 0 [pid 8717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8717] setpgid(0, 0) = 0 executing program [pid 8717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8717] write(3, "1000", 4) = 4 [pid 8717] close(3) = 0 [pid 8717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8717] write(1, "executing program\n", 18) = 18 [pid 8717] memfd_create("syzkaller", 0 [pid 8659] <... ioctl resumed>) = 0 [pid 8659] close(3) = 0 [pid 8659] close(4 [pid 8717] <... memfd_create resumed>) = 3 [pid 8717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8659] <... close resumed>) = 0 [pid 8659] mkdir("./file0", 0777) = 0 [ 192.694757][ T8659] loop1: detected capacity change from 0 to 32768 [ 192.767111][ T8659] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8659) [pid 8659] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = 0 [ 192.846585][ T8659] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 192.885208][ T8659] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] <... umount2 resumed>) = 0 [pid 5851] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./32/file0", [pid 5852] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./32/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./32") = 0 [pid 5852] mkdir("./33", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5851] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... openat resumed>) = 4 [pid 5851] newfstatat(4, "", [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 8721 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, ./strace-static-x86_64: Process 8721 attached 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8721] set_robust_list(0x55558aa90660, 24 [pid 5851] close(4 [pid 8721] <... set_robust_list resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 8721] chdir("./33" [pid 5851] rmdir("./32/file0" [pid 8721] <... chdir resumed>) = 0 [pid 8721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8721] setpgid(0, 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8721] <... setpgid resumed>) = 0 [ 192.923092][ T8659] BTRFS info (device loop1): using free-space-tree [pid 5851] close(3 [pid 8721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./32" [pid 8721] <... openat resumed>) = 3 [pid 5851] <... rmdir resumed>) = 0 [pid 8721] write(3, "1000", 4 [pid 5851] mkdir("./33", 0777 [pid 8721] <... write resumed>) = 4 [pid 8721] close(3 [pid 5851] <... mkdir resumed>) = 0 [pid 8721] <... close resumed>) = 0 [pid 8721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8721] write(1, "executing program\n", 18 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 8721] <... write resumed>) = 18 [pid 5851] <... openat resumed>) = 3 [pid 8721] memfd_create("syzkaller", 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 8721] <... memfd_create resumed>) = 3 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] close(3 [pid 8721] <... mmap resumed>) = 0x7f362be00000 [pid 5851] <... close resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8735 attached , child_tidptr=0x55558aa90650) = 8735 [pid 8735] set_robust_list(0x55558aa90660, 24) = 0 [pid 8735] chdir("./33") = 0 [pid 8735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8735] setpgid(0, 0) = 0 [pid 8735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8659] <... mount resumed>) = 0 [pid 8735] <... openat resumed>) = 3 [pid 8659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8735] write(3, "1000", 4 [pid 8659] chdir("./file0" [pid 8735] <... write resumed>) = 4 [pid 8735] close(3 [pid 8659] <... chdir resumed>) = 0 [pid 8735] <... close resumed>) = 0 [pid 8659] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8735] symlink("/dev/binderfs", "./binderfs"executing program [pid 8659] <... openat resumed>) = 4 [pid 8735] <... symlink resumed>) = 0 [pid 8659] ioctl(4, LOOP_CLR_FD [pid 8735] write(1, "executing program\n", 18 [pid 8659] <... ioctl resumed>) = 0 [pid 8735] <... write resumed>) = 18 [pid 8659] close(4 [pid 8735] memfd_create("syzkaller", 0 [pid 8659] <... close resumed>) = 0 [pid 8735] <... memfd_create resumed>) = 3 [pid 8659] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8659] ioctl(-1, SIOCGIFINDEX, NULL [pid 8735] <... mmap resumed>) = 0x7f362be00000 [pid 8659] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8659] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8659] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8659] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8659] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8659] exit_group(0) = ? [pid 8659] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8659, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./33/binderfs") = 0 [ 193.220066][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8716] <... write resumed>) = 16777216 [pid 8716] munmap(0x7f362be00000, 138412032) = 0 [pid 8716] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8716] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8716] close(3) = 0 [pid 8716] close(4 [pid 8717] <... write resumed>) = 16777216 [pid 8717] munmap(0x7f362be00000, 138412032 [pid 8716] <... close resumed>) = 0 [pid 8716] mkdir("./file0", 0777) = 0 [ 193.409596][ T8716] loop2: detected capacity change from 0 to 32768 [pid 8716] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 8717] <... munmap resumed>) = 0 [pid 8717] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8717] <... openat resumed>) = 4 [pid 8717] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... umount2 resumed>) = 0 [pid 8717] <... ioctl resumed>) = 0 [ 193.467081][ T8716] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8716) [ 193.503732][ T8717] loop0: detected capacity change from 0 to 32768 [pid 5849] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] close(3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8717] <... close resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./33/file0", [pid 8717] close(4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8717] <... close resumed>) = 0 [pid 8717] mkdir("./file0", 0777 [pid 5849] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] <... mkdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8717] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 193.523460][ T8716] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 193.534316][ T8716] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 193.544438][ T8716] BTRFS info (device loop2): using free-space-tree [pid 8735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [ 193.568598][ T8717] BTRFS: device /dev/loop0 (7:0) using temp-fsid 8a0ba8cd-b149-4f68-8617-d90354ffe98b [pid 5849] rmdir("./33/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./33") = 0 [pid 5849] mkdir("./34", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8749 [ 193.611198][ T8717] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8717) ./strace-static-x86_64: Process 8749 attached [pid 8749] set_robust_list(0x55558aa90660, 24) = 0 [pid 8749] chdir("./34") = 0 [pid 8749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8749] setpgid(0, 0) = 0 [pid 8749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8749] write(3, "1000", 4) = 4 [pid 8749] close(3) = 0 [pid 8749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8749] write(1, "executing program\n", 18executing program ) = 18 [ 193.710991][ T8717] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8749] memfd_create("syzkaller", 0) = 3 [pid 8721] <... write resumed>) = 16777216 [pid 8749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8721] munmap(0x7f362be00000, 138412032 [pid 8716] <... mount resumed>) = 0 [pid 8716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8721] <... munmap resumed>) = 0 [pid 8716] <... openat resumed>) = 3 [pid 8716] chdir("./file0") = 0 [pid 8716] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8716] ioctl(4, LOOP_CLR_FD) = 0 [pid 8716] close(4) = 0 [pid 8716] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8721] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8721] ioctl(4, LOOP_SET_FD, 3 [pid 8749] <... mmap resumed>) = 0x7f362be00000 [pid 8716] <... openat resumed>) = 4 [pid 8721] <... ioctl resumed>) = 0 [pid 8716] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8716] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8716] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8716] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8716] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 8721] close(3 [pid 8716] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8721] <... close resumed>) = 0 [pid 8721] close(4 [pid 8716] exit_group(0 [pid 8721] <... close resumed>) = 0 [pid 8716] <... exit_group resumed>) = ? [pid 8721] mkdir("./file0", 0777) = 0 [pid 8716] +++ exited with 0 +++ [pid 8721] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8716, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 193.758144][ T8717] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 193.768114][ T8717] BTRFS info (device loop0): using free-space-tree [ 193.791308][ T8721] loop4: detected capacity change from 0 to 32768 [pid 5850] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./32/binderfs") = 0 [ 193.814451][ T8721] BTRFS: device /dev/loop4 (7:4) using temp-fsid 4eb8bc49-153a-4f9c-a7a0-b7915cd22771 [ 193.850492][ T8721] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8721) [ 193.872605][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 193.952383][ T8721] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] <... mount resumed>) = 0 [pid 8717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8717] chdir("./file0") = 0 [pid 8717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 194.026140][ T8721] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 8717] ioctl(4, LOOP_CLR_FD) = 0 [pid 8717] close(4) = 0 [pid 8717] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8717] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8717] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8717] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8717] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8717] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8717] exit_group(0) = ? [pid 8717] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8717, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 194.093958][ T8721] BTRFS info (device loop4): using free-space-tree [pid 5848] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./33/binderfs") = 0 [pid 5848] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8735] <... write resumed>) = 16777216 [pid 8735] munmap(0x7f362be00000, 138412032 [pid 5850] <... umount2 resumed>) = 0 [pid 8735] <... munmap resumed>) = 0 [pid 5850] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 8735] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8735] <... openat resumed>) = 4 [pid 5850] close(4) = 0 [pid 8735] ioctl(4, LOOP_SET_FD, 3 [pid 5850] rmdir("./32/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./32") = 0 [pid 5850] mkdir("./33", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8780 attached , child_tidptr=0x55558aa90650) = 8780 [pid 8780] set_robust_list(0x55558aa90660, 24) = 0 [pid 8735] <... ioctl resumed>) = 0 [pid 8780] chdir("./33" [pid 8735] close(3) = 0 [pid 8735] close(4 [pid 8780] <... chdir resumed>) = 0 [pid 8735] <... close resumed>) = 0 [pid 8735] mkdir("./file0", 0777 [pid 8780] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8735] <... mkdir resumed>) = 0 [pid 8780] <... prctl resumed>) = 0 [pid 8780] setpgid(0, 0) = 0 [pid 8735] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 194.205825][ T5848] BTRFS info (device loop0): last unmount of filesystem 8a0ba8cd-b149-4f68-8617-d90354ffe98b [ 194.242640][ T8735] loop3: detected capacity change from 0 to 32768 [pid 8780] write(3, "1000", 4 [pid 8749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8780] <... write resumed>) = 4 executing program [pid 8780] close(3) = 0 [pid 8780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8780] write(1, "executing program\n", 18) = 18 [pid 8780] memfd_create("syzkaller", 0) = 3 [pid 8780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 194.290284][ T8735] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8735) [pid 8721] <... mount resumed>) = 0 [ 194.358784][ T8735] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8721] chdir("./file0") = 0 [pid 8721] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8721] ioctl(4, LOOP_CLR_FD) = 0 [pid 8721] close(4) = 0 [pid 8721] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8721] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8721] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8721] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8721] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8721] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8721] exit_group(0) = ? [pid 8721] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8721, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [ 194.409625][ T8735] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 194.444836][ T8735] BTRFS info (device loop3): using free-space-tree [pid 5852] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./33/binderfs") = 0 [pid 5852] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 8735] <... mount resumed>) = 0 [pid 8735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8735] chdir("./file0") = 0 [pid 8735] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8735] ioctl(4, LOOP_CLR_FD) = 0 [pid 8735] close(4) = 0 [ 194.656964][ T5852] BTRFS info (device loop4): last unmount of filesystem 4eb8bc49-153a-4f9c-a7a0-b7915cd22771 [pid 8735] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8749] <... write resumed>) = 16777216 [pid 8749] munmap(0x7f362be00000, 138412032 [pid 8735] ioctl(-1, SIOCGIFINDEX, NULL [pid 8780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8735] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8735] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8735] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8735] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8735] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8735] exit_group(0) = ? [pid 8735] +++ exited with 0 +++ [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8735, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- [pid 5848] newfstatat(AT_FDCWD, "./33/file0", [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... restart_syscall resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", [pid 5851] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] getdents64(4, [pid 5851] <... openat resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] newfstatat(3, "", [pid 5848] close(4 [pid 8749] <... munmap resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... close resumed>) = 0 [pid 5851] getdents64(3, [pid 5848] rmdir("./33/file0" [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] <... rmdir resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5848] getdents64(3, [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] unlink("./33/binderfs" [pid 5848] close(3 [pid 5851] <... unlink resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5851] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] rmdir("./33" [pid 8749] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8749] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./34", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8749] <... ioctl resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 8749] close(3) = 0 [pid 8749] close(4) = 0 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8749] mkdir("./file0", 0777 [pid 5848] close(3 [pid 8749] <... mkdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 8749] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8803 attached [pid 8803] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 8803 [pid 8803] <... set_robust_list resumed>) = 0 [ 194.783606][ T8749] loop1: detected capacity change from 0 to 32768 [ 194.819838][ T8749] BTRFS: device /dev/loop1 (7:1) using temp-fsid 24fb0b2b-8a66-4b0e-ba3d-cc13e6722d2e [pid 8803] chdir("./34") = 0 [pid 8803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8803] setpgid(0, 0) = 0 [pid 8803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8803] write(3, "1000", 4) = 4 [pid 8803] close(3) = 0 [pid 8803] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8803] write(1, "executing program\n", 18) = 18 [ 194.869762][ T8749] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8749) [ 194.891955][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8803] memfd_create("syzkaller", 0) = 3 [pid 8803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 194.932046][ T8749] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 194.967747][ T8749] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] <... umount2 resumed>) = 0 [pid 8780] <... write resumed>) = 16777216 [pid 5852] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./33/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./33") = 0 [pid 8780] munmap(0x7f362be00000, 138412032 [pid 5852] mkdir("./34", 0777) = 0 [ 195.001386][ T8749] BTRFS info (device loop1): using free-space-tree [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 8780] <... munmap resumed>) = 0 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8780] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 ./strace-static-x86_64: Process 8815 attached [pid 8815] set_robust_list(0x55558aa90660, 24) = 0 [pid 8815] chdir("./34" [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 8815 [pid 8780] ioctl(4, LOOP_SET_FD, 3 [pid 8815] <... chdir resumed>) = 0 [pid 8815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8815] setpgid(0, 0) = 0 [pid 8815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8815] write(3, "1000", 4) = 4 [pid 8815] close(3) = 0 [pid 8815] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8815] write(1, "executing program\n", 18) = 18 [pid 8815] memfd_create("syzkaller", 0) = 3 [pid 8815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8780] <... ioctl resumed>) = 0 [pid 8780] close(3) = 0 [pid 8780] close(4) = 0 [pid 8780] mkdir("./file0", 0777) = 0 [ 195.100870][ T8780] loop2: detected capacity change from 0 to 32768 [pid 8780] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 8749] <... mount resumed>) = 0 [pid 8749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8749] chdir("./file0") = 0 [pid 8749] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8749] ioctl(4, LOOP_CLR_FD) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 8749] close(4 [pid 5851] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8749] <... close resumed>) = 0 [pid 8749] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8749] <... openat resumed>) = 4 [pid 5851] newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 195.178765][ T8780] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8780) [pid 5851] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", [pid 8749] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8749] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] getdents64(4, [pid 8749] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8749] <... write resumed>) = 280 [pid 8749] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] getdents64(4, [pid 8749] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8749] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8749] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] close(4 [pid 8749] exit_group(0 [pid 5851] <... close resumed>) = 0 [pid 8749] <... exit_group resumed>) = ? [pid 5851] rmdir("./33/file0" [pid 8749] +++ exited with 0 +++ [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8749, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] close(3 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./33") = 0 [pid 5851] mkdir("./34", 0777 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5851] <... mkdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... openat resumed>) = 3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5849] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] <... openat resumed>) = 3 [pid 5851] close(3 [pid 5849] newfstatat(3, "", [pid 5851] <... close resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./34/binderfs") = 0 [pid 5849] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8822 attached , child_tidptr=0x55558aa90650) = 8822 [pid 8822] set_robust_list(0x55558aa90660, 24) = 0 [pid 8803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8822] chdir("./34") = 0 [ 195.287100][ T8780] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8822] setpgid(0, 0) = 0 [pid 8822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8822] write(3, "1000", 4) = 4 [pid 8822] close(3) = 0 [pid 8822] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8822] write(1, "executing program\n", 18) = 18 [pid 8822] memfd_create("syzkaller", 0) = 3 [pid 8822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 195.339274][ T8780] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 195.352561][ T5849] BTRFS info (device loop1): last unmount of filesystem 24fb0b2b-8a66-4b0e-ba3d-cc13e6722d2e [ 195.371120][ T8780] BTRFS info (device loop2): using free-space-tree [pid 8815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8780] <... mount resumed>) = 0 [pid 8780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8780] chdir("./file0") = 0 [pid 8780] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5849] <... umount2 resumed>) = 0 [pid 8780] ioctl(4, LOOP_CLR_FD [pid 5849] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8780] <... ioctl resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8780] close(4 [pid 5849] newfstatat(AT_FDCWD, "./34/file0", [pid 8780] <... close resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8780] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8780] <... openat resumed>) = 4 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8780] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] getdents64(4, [pid 8780] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8780] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] close(4 [pid 8780] <... write resumed>) = 280 [pid 5849] <... close resumed>) = 0 [pid 8780] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] rmdir("./34/file0" [pid 8780] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8780] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8780] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... rmdir resumed>) = 0 [pid 8780] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8780] exit_group(0 [pid 5849] getdents64(3, [pid 8780] <... exit_group resumed>) = ? [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8780] +++ exited with 0 +++ [pid 5849] close(3) = 0 [pid 5849] rmdir("./34" [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8780, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=18 /* 0.18 s */} --- [pid 5849] <... rmdir resumed>) = 0 [pid 5850] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] mkdir("./35", 0777 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./33/binderfs") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8838 attached [pid 8838] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 8838 [pid 8838] <... set_robust_list resumed>) = 0 [pid 8838] chdir("./35") = 0 [pid 8838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8838] setpgid(0, 0) = 0 [pid 8838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8838] write(3, "1000", 4) = 4 [pid 8838] close(3) = 0 executing program [pid 8838] symlink("/dev/binderfs", "./binderfs" [pid 8822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8838] <... symlink resumed>) = 0 [pid 8838] write(1, "executing program\n", 18) = 18 [ 195.749966][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8838] memfd_create("syzkaller", 0) = 3 [pid 8838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8803] <... write resumed>) = 16777216 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./33/file0", [pid 8803] munmap(0x7f362be00000, 138412032 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8803] <... munmap resumed>) = 0 [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", [pid 8803] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 8803] <... openat resumed>) = 4 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8803] ioctl(4, LOOP_SET_FD, 3 [pid 5850] getdents64(4, [pid 8803] <... ioctl resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./33/file0" [pid 8803] close(3 [pid 5850] <... rmdir resumed>) = 0 [pid 8803] <... close resumed>) = 0 [pid 8803] close(4 [pid 5850] getdents64(3, [pid 8803] <... close resumed>) = 0 [pid 8803] mkdir("./file0", 0777 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 8803] <... mkdir resumed>) = 0 [pid 5850] close(3 [pid 8803] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... close resumed>) = 0 [ 195.930762][ T8803] loop0: detected capacity change from 0 to 32768 [pid 5850] rmdir("./33") = 0 [pid 5850] mkdir("./34", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8840 attached , child_tidptr=0x55558aa90650) = 8840 [pid 8840] set_robust_list(0x55558aa90660, 24 [pid 8815] <... write resumed>) = 16777216 [pid 8840] <... set_robust_list resumed>) = 0 [pid 8840] chdir("./34") = 0 [pid 8815] munmap(0x7f362be00000, 138412032 [ 195.991510][ T8803] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8803) [pid 8840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8815] <... munmap resumed>) = 0 [pid 8840] setpgid(0, 0) = 0 [pid 8840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 8840] write(3, "1000", 4) = 4 [pid 8840] close(3) = 0 [pid 8840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8840] write(1, "executing program\n", 18) = 18 [pid 8840] memfd_create("syzkaller", 0) = 3 [pid 8840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 196.062269][ T8803] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8815] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8815] close(3) = 0 [pid 8815] close(4) = 0 [pid 8815] mkdir("./file0", 0777) = 0 [ 196.105861][ T8803] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 196.120908][ T8815] loop4: detected capacity change from 0 to 32768 [ 196.138260][ T8803] BTRFS info (device loop0): using free-space-tree [ 196.150434][ T8815] BTRFS: device /dev/loop4 (7:4) using temp-fsid 0c54063d-ac81-4190-b41c-2620546165b8 [ 196.196771][ T8815] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8815) [pid 8815] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 8822] <... write resumed>) = 16777216 [ 196.285665][ T8815] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8822] munmap(0x7f362be00000, 138412032) = 0 [pid 8822] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8822] close(3) = 0 [ 196.350228][ T8815] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 196.362892][ T8822] loop3: detected capacity change from 0 to 32768 [pid 8822] close(4) = 0 [pid 8822] mkdir("./file0", 0777) = 0 [pid 8822] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8803] <... mount resumed>) = 0 [pid 8803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8803] chdir("./file0") = 0 [pid 8803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8803] ioctl(4, LOOP_CLR_FD) = 0 [pid 8803] close(4) = 0 [pid 8803] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 196.411796][ T8815] BTRFS info (device loop4): using free-space-tree [ 196.421721][ T8822] BTRFS: device /dev/loop3 (7:3) using temp-fsid 4d596449-708b-44a9-817b-657b1faf10d9 [pid 8803] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8803] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8803] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8803] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8803] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8803] exit_group(0) = ? [pid 8803] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8803, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=23 /* 0.23 s */} --- [pid 5848] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 196.476473][ T8822] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8822) [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./34/binderfs") = 0 [pid 5848] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 196.569689][ T8822] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 196.591202][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8815] <... mount resumed>) = 0 [ 196.629302][ T8822] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 196.638864][ T8822] BTRFS info (device loop3): using free-space-tree [pid 8815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8815] chdir("./file0") = 0 [pid 8815] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8815] ioctl(4, LOOP_CLR_FD) = 0 [pid 8815] close(4) = 0 [pid 8815] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8815] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8815] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8815] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8815] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8815] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8815] exit_group(0) = ? [pid 8815] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8815, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5852] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./34/binderfs") = 0 [ 196.777616][ T5852] BTRFS info (device loop4): last unmount of filesystem 0c54063d-ac81-4190-b41c-2620546165b8 [pid 5852] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8822] <... mount resumed>) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 8822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8822] chdir("./file0" [pid 5852] newfstatat(AT_FDCWD, "./34/file0", [pid 8822] <... chdir resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8822] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8822] <... openat resumed>) = 4 [pid 5852] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8822] ioctl(4, LOOP_CLR_FD [pid 5852] <... openat resumed>) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8822] <... ioctl resumed>) = 0 [pid 5852] getdents64(4, [pid 8822] close(4 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8822] <... close resumed>) = 0 [pid 5852] getdents64(4, [pid 8822] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8822] <... openat resumed>) = 4 [pid 5852] close(4) = 0 [pid 5852] rmdir("./34/file0") = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3 [pid 8822] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... close resumed>) = 0 [pid 5848] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8822] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] rmdir("./34" [pid 8822] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8822] <... write resumed>) = 280 [pid 5852] mkdir("./35", 0777 [pid 8822] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./34/file0", [pid 8822] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8822] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8822] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 8822] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8840] <... write resumed>) = 16777216 [pid 8822] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8822] exit_group(0 [pid 5852] <... openat resumed>) = 3 [pid 8822] <... exit_group resumed>) = ? [pid 5852] ioctl(3, LOOP_CLR_FD [pid 8822] +++ exited with 0 +++ [pid 5852] <... ioctl resumed>) = 0 [pid 5852] close(3 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8822, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- [pid 5852] <... close resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8890 attached [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 8890 [pid 5851] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", [pid 8840] munmap(0x7f362be00000, 138412032 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... openat resumed>) = 4 [pid 8890] set_robust_list(0x55558aa90660, 24 [pid 5851] getdents64(3, [pid 8890] <... set_robust_list resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 8890] chdir("./35" [pid 5851] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8890] <... chdir resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] newfstatat(AT_FDCWD, "./34/binderfs", [pid 8890] <... prctl resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8890] setpgid(0, 0 [pid 5851] unlink("./34/binderfs"executing program [pid 8890] <... setpgid resumed>) = 0 [pid 5851] <... unlink resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 8890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8890] <... openat resumed>) = 3 [pid 8890] write(3, "1000", 4) = 4 [pid 8890] close(3) = 0 [pid 8890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8890] write(1, "executing program\n", 18) = 18 [pid 8890] memfd_create("syzkaller", 0) = 3 [pid 8890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8890] <... mmap resumed>) = 0x7f362be00000 [pid 5848] getdents64(4, [pid 8840] <... munmap resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 8840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] <... close resumed>) = 0 [pid 8840] <... openat resumed>) = 4 [pid 5848] rmdir("./34/file0" [pid 8840] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... rmdir resumed>) = 0 [pid 8840] <... ioctl resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./34" [pid 8840] close(3 [pid 5848] <... rmdir resumed>) = 0 [pid 8840] <... close resumed>) = 0 [pid 5848] mkdir("./35", 0777 [pid 8840] close(4 [pid 5848] <... mkdir resumed>) = 0 [pid 8840] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8840] mkdir("./file0", 0777) = 0 [pid 5848] <... openat resumed>) = 3 [pid 8840] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 197.002256][ T8840] loop2: detected capacity change from 0 to 32768 [ 197.027301][ T5851] BTRFS info (device loop3): last unmount of filesystem 4d596449-708b-44a9-817b-657b1faf10d9 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8891 ./strace-static-x86_64: Process 8891 attached [pid 8891] set_robust_list(0x55558aa90660, 24) = 0 [pid 8891] chdir("./35") = 0 [pid 8891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8891] setpgid(0, 0) = 0 [pid 8891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 197.063628][ T8840] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8840) executing program [pid 8891] write(3, "1000", 4) = 4 [pid 8891] close(3) = 0 [pid 8891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8891] write(1, "executing program\n", 18) = 18 [pid 8891] memfd_create("syzkaller", 0) = 3 [pid 8838] <... write resumed>) = 16777216 [pid 8891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8838] munmap(0x7f362be00000, 138412032 [pid 5851] <... umount2 resumed>) = 0 [pid 8838] <... munmap resumed>) = 0 [ 197.139265][ T8840] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5851] newfstatat(AT_FDCWD, "./34/file0", [pid 8838] close(3) = 0 [pid 8838] close(4) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8838] mkdir("./file0", 0777 [pid 5851] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8838] <... mkdir resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", [pid 8838] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 197.190526][ T8838] loop1: detected capacity change from 0 to 32768 [ 197.199655][ T8840] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./34/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [ 197.232362][ T8840] BTRFS info (device loop2): using free-space-tree [ 197.232408][ T8838] BTRFS: device /dev/loop1 (7:1) using temp-fsid 5615692d-4769-4344-befa-1c225f0f3f5b [pid 5851] close(3) = 0 [pid 5851] rmdir("./34") = 0 [pid 5851] mkdir("./35", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8900 attached , child_tidptr=0x55558aa90650) = 8900 [pid 8900] set_robust_list(0x55558aa90660, 24) = 0 [pid 8900] chdir("./35") = 0 [pid 8900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8900] setpgid(0, 0) = 0 [pid 8900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8900] write(3, "1000", 4) = 4 [pid 8900] close(3) = 0 executing program [pid 8900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8900] write(1, "executing program\n", 18) = 18 [ 197.327779][ T8838] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8838) [pid 8900] memfd_create("syzkaller", 0) = 3 [pid 8900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 197.393147][ T8838] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8840] <... mount resumed>) = 0 [pid 8840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8840] chdir("./file0") = 0 [pid 8840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8840] ioctl(4, LOOP_CLR_FD) = 0 [pid 8840] close(4) = 0 [pid 8840] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8840] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 197.480938][ T8838] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 197.491077][ T8838] BTRFS info (device loop1): using free-space-tree [pid 8840] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8840] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8840] bpf(BPF_PROG_LOAD, NULL, 0 [pid 8890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8840] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 8840] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8840] exit_group(0) = ? [pid 8840] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8840, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./34/binderfs") = 0 [pid 5850] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8838] <... mount resumed>) = 0 [pid 8838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8838] chdir("./file0") = 0 [pid 8838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 197.659586][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8838] ioctl(4, LOOP_CLR_FD) = 0 [pid 8838] close(4) = 0 [pid 8838] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8838] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8838] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8838] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8838] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8838] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8838] exit_group(0) = ? [pid 8838] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8838, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=23 /* 0.23 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./35/binderfs") = 0 [pid 5849] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8891] <... write resumed>) = 16777216 [pid 8891] munmap(0x7f362be00000, 138412032) = 0 [ 197.919886][ T5849] BTRFS info (device loop1): last unmount of filesystem 5615692d-4769-4344-befa-1c225f0f3f5b [pid 8891] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5850] <... umount2 resumed>) = 0 [pid 8891] <... openat resumed>) = 4 [pid 5850] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8891] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8891] <... ioctl resumed>) = 0 [pid 5850] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8891] close(3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8891] <... close resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8891] close(4 [pid 5850] <... openat resumed>) = 4 [pid 8891] <... close resumed>) = 0 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8891] mkdir("./file0", 0777 [pid 5850] getdents64(4, [pid 8891] <... mkdir resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [ 197.987454][ T8891] loop0: detected capacity change from 0 to 32768 [pid 8891] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./34/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./34") = 0 [pid 5850] mkdir("./35", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [ 198.062070][ T8891] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8891) [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8926 ./strace-static-x86_64: Process 8926 attached [pid 8926] set_robust_list(0x55558aa90660, 24 [pid 8890] <... write resumed>) = 16777216 [pid 8926] <... set_robust_list resumed>) = 0 [pid 8890] munmap(0x7f362be00000, 138412032 [pid 8926] chdir("./35") = 0 [pid 8926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8926] setpgid(0, 0) = 0 [pid 8926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 198.134033][ T8891] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 198.162696][ T8891] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 8926] write(3, "1000", 4) = 4 [pid 8890] <... munmap resumed>) = 0 [pid 8926] close(3) = 0 [pid 8926] symlink("/dev/binderfs", "./binderfs" [pid 8890] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8926] <... symlink resumed>) = 0 [pid 8890] <... openat resumed>) = 4 [pid 8890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8926] write(1, "executing program\n", 18executing program ) = 18 [pid 8926] memfd_create("syzkaller", 0) = 3 [pid 8890] close(3) = 0 [pid 8890] close(4 [pid 8926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8900] <... write resumed>) = 16777216 [pid 8890] <... close resumed>) = 0 [pid 8926] <... mmap resumed>) = 0x7f362be00000 [pid 8900] munmap(0x7f362be00000, 138412032 [pid 8890] mkdir("./file0", 0777) = 0 [ 198.192143][ T8891] BTRFS info (device loop0): using free-space-tree [ 198.212385][ T8890] loop4: detected capacity change from 0 to 32768 [pid 8890] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 8900] <... munmap resumed>) = 0 [pid 8900] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 198.243015][ T8890] BTRFS: device /dev/loop4 (7:4) using temp-fsid 6c3eedfc-c9fa-49b6-8d7d-5fa0bf5fe3f1 [ 198.280119][ T8890] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8890) [pid 8900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8900] close(3) = 0 [pid 8900] close(4) = 0 [pid 8900] mkdir("./file0", 0777) = 0 [ 198.294437][ T8900] loop3: detected capacity change from 0 to 32768 [pid 8900] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./35/file0") = 0 [ 198.370465][ T8900] BTRFS: device /dev/loop3 (7:3) using temp-fsid 162366ba-b66e-45d1-a3b2-5b948fc086aa [ 198.385486][ T8890] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 198.398290][ T8900] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8900) [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./35") = 0 [pid 5849] mkdir("./36", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8941 ./strace-static-x86_64: Process 8941 attached [pid 8941] set_robust_list(0x55558aa90660, 24) = 0 [ 198.441853][ T8890] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 8941] chdir("./36") = 0 [pid 8941] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 8941] setpgid(0, 0) = 0 [pid 8941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8941] write(3, "1000", 4) = 4 [pid 8941] close(3) = 0 [pid 8941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8941] write(1, "executing program\n", 18) = 18 [pid 8941] memfd_create("syzkaller", 0) = 3 [pid 8941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 198.495257][ T8890] BTRFS info (device loop4): using free-space-tree [ 198.502514][ T8900] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8891] <... mount resumed>) = 0 [pid 8891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8891] chdir("./file0") = 0 [pid 8891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8891] ioctl(4, LOOP_CLR_FD) = 0 [pid 8891] close(4) = 0 [pid 8891] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 198.542137][ T8900] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 198.555738][ T8900] BTRFS info (device loop3): using free-space-tree [pid 8891] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8891] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8891] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8891] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8891] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8891] exit_group(0) = ? [pid 8891] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8891, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./35/binderfs") = 0 [pid 5848] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8890] <... mount resumed>) = 0 [pid 8890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8890] chdir("./file0") = 0 [pid 8890] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8890] ioctl(4, LOOP_CLR_FD) = 0 [pid 8890] close(4) = 0 [pid 8890] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 198.700665][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8890] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8890] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8890] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8890] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8890] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8890] exit_group(0) = ? [pid 8890] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8890, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [pid 5852] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 8900] <... mount resumed>) = 0 [pid 5852] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./35/binderfs") = 0 [pid 5852] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8900] <... openat resumed>) = 3 [pid 5848] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8900] chdir("./file0" [pid 5848] <... openat resumed>) = 4 [pid 8900] <... chdir resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 8900] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8900] <... openat resumed>) = 4 [pid 5848] getdents64(4, [pid 8900] ioctl(4, LOOP_CLR_FD [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8900] <... ioctl resumed>) = 0 [pid 5848] getdents64(4, [pid 8900] close(4 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 8900] <... close resumed>) = 0 [pid 5848] close(4 [pid 8900] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... close resumed>) = 0 [pid 8900] <... openat resumed>) = 4 [pid 5848] rmdir("./35/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./35") = 0 [pid 8900] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8900] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5848] mkdir("./36", 0777 [pid 8900] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... mkdir resumed>) = 0 [pid 8900] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8900] bpf(BPF_PROG_LOAD, NULL, 0 [pid 8926] <... write resumed>) = 16777216 [pid 8900] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8900] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... openat resumed>) = 3 [pid 8900] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] ioctl(3, LOOP_CLR_FD [pid 8900] exit_group(0 [pid 5848] <... ioctl resumed>) = 0 [pid 8926] munmap(0x7f362be00000, 138412032 [pid 8900] <... exit_group resumed>) = ? [pid 5848] close(3 [pid 8900] +++ exited with 0 +++ [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 8976 ./strace-static-x86_64: Process 8976 attached [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8900, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8976] set_robust_list(0x55558aa90660, 24) = 0 [pid 8976] chdir("./36") = 0 [pid 8976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8976] setpgid(0, 0) = 0 [pid 8976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8976] write(3, "1000", 4) = 4 [pid 8976] close(3) = 0 [pid 8976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] <... openat resumed>) = 3 executing program [pid 8976] write(1, "executing program\n", 18) = 18 [pid 8976] memfd_create("syzkaller", 0) = 3 [ 198.858327][ T5852] BTRFS info (device loop4): last unmount of filesystem 6c3eedfc-c9fa-49b6-8d7d-5fa0bf5fe3f1 [pid 8976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 8926] <... munmap resumed>) = 0 [pid 5851] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8926] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8926] ioctl(4, LOOP_SET_FD, 3 [pid 5851] newfstatat(AT_FDCWD, "./35/binderfs", [pid 8926] <... ioctl resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./35/binderfs") = 0 [pid 5851] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8926] close(3) = 0 [pid 8926] close(4) = 0 [pid 8926] mkdir("./file0", 0777) = 0 [ 198.940706][ T8926] loop2: detected capacity change from 0 to 32768 [ 199.017162][ T8926] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8926) [ 199.041114][ T5851] BTRFS info (device loop3): last unmount of filesystem 162366ba-b66e-45d1-a3b2-5b948fc086aa [ 199.082013][ T8926] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 199.138269][ T8926] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 8926] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 199.179498][ T8926] BTRFS info (device loop2): using free-space-tree [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./35/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./35") = 0 [pid 5851] mkdir("./36", 0777) = 0 [pid 8941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8988 attached [pid 8988] set_robust_list(0x55558aa90660, 24 [pid 5852] <... umount2 resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 8988 [pid 8988] <... set_robust_list resumed>) = 0 [pid 5852] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8988] chdir("./36" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8988] <... chdir resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./35/file0", [pid 8988] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8988] <... prctl resumed>) = 0 [pid 5852] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8988] setpgid(0, 0) = 0 [pid 8988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8988] <... openat resumed>) = 3 [pid 8988] write(3, "1000", 4) = 4 executing program [pid 8988] close(3 [pid 5852] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8988] <... close resumed>) = 0 [pid 8988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8988] write(1, "executing program\n", 18) = 18 [pid 8988] memfd_create("syzkaller", 0) = 3 [pid 8988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... openat resumed>) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./35/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./35") = 0 [pid 8926] <... mount resumed>) = 0 [pid 5852] mkdir("./36", 0777 [pid 8926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] <... mkdir resumed>) = 0 [pid 8926] <... openat resumed>) = 3 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8926] chdir("./file0") = 0 [pid 5852] <... openat resumed>) = 3 [pid 8926] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] ioctl(3, LOOP_CLR_FD [pid 8926] <... openat resumed>) = 4 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8926] ioctl(4, LOOP_CLR_FD [pid 5852] close(3 [pid 8926] <... ioctl resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 8926] close(4 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8926] <... close resumed>) = 0 ./strace-static-x86_64: Process 8995 attached [pid 8926] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8995] set_robust_list(0x55558aa90660, 24 [pid 8926] <... openat resumed>) = 4 [pid 8995] <... set_robust_list resumed>) = 0 [pid 8926] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 8995 [pid 8995] chdir("./36" [pid 8926] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8926] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 8995] <... chdir resumed>) = 0 [pid 8995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8926] <... write resumed>) = 280 [pid 8995] <... prctl resumed>) = 0 [pid 8926] bpf(BPF_MAP_CREATE, NULL, 0 [pid 8995] setpgid(0, 0 [pid 8926] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 8926] bpf(BPF_PROG_LOAD, NULL, 0 [pid 8995] <... setpgid resumed>) = 0 [pid 8995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8926] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 8995] <... openat resumed>) = 3 [pid 8926] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8995] write(3, "1000", 4) = 4 [pid 8926] exit_group(0) = ? [pid 8995] close(3) = 0 [pid 8995] symlink("/dev/binderfs", "./binderfs" [pid 8926] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8926, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 5850] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./35/binderfs") = 0 [pid 5850] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8995] <... symlink resumed>) = 0 [pid 8995] write(1, "executing program\n", 18 [pid 8976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216executing program [pid 8995] <... write resumed>) = 18 [pid 8995] memfd_create("syzkaller", 0) = 3 [pid 8995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 199.578380][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8941] <... write resumed>) = 16777216 [pid 8941] munmap(0x7f362be00000, 138412032) = 0 [pid 8941] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8941] close(3) = 0 [pid 8941] close(4) = 0 [pid 8941] mkdir("./file0", 0777) = 0 [ 199.911010][ T8941] loop1: detected capacity change from 0 to 32768 [pid 8941] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8976] <... write resumed>) = 16777216 [pid 5850] <... umount2 resumed>) = 0 [ 199.963714][ T8941] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (8941) [pid 8976] munmap(0x7f362be00000, 138412032 [pid 8995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 200.009617][ T8941] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8976] <... munmap resumed>) = 0 [pid 8976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8976] ioctl(4, LOOP_SET_FD, 3 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [ 200.051687][ T8941] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 200.063277][ T8976] loop0: detected capacity change from 0 to 32768 [ 200.082243][ T8941] BTRFS info (device loop1): using free-space-tree [pid 5850] rmdir("./35/file0") = 0 [pid 5850] getdents64(3, [pid 8976] <... ioctl resumed>) = 0 [pid 8976] close(3) = 0 [pid 8976] close(4) = 0 [pid 8976] mkdir("./file0", 0777) = 0 [pid 8976] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./35") = 0 [pid 5850] mkdir("./36", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8998 attached , child_tidptr=0x55558aa90650) = 8998 [pid 8998] set_robust_list(0x55558aa90660, 24) = 0 [pid 8998] chdir("./36") = 0 [pid 8998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8998] setpgid(0, 0) = 0 [pid 8998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8998] write(3, "1000", 4) = 4 [pid 8998] close(3) = 0 [pid 8998] symlink("/dev/binderfs", "./binderfs") = 0 [ 200.100432][ T8976] BTRFS: device /dev/loop0 (7:0) using temp-fsid 906a1fb1-e272-4a62-8192-2980e6bbe74d executing program [pid 8998] write(1, "executing program\n", 18) = 18 [pid 8998] memfd_create("syzkaller", 0) = 3 [pid 8998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 200.182879][ T8976] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (8976) [ 200.291254][ T8976] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 200.317374][ T8976] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 200.339267][ T8976] BTRFS info (device loop0): using free-space-tree [pid 8988] <... write resumed>) = 16777216 [pid 8988] munmap(0x7f362be00000, 138412032 [pid 8941] <... mount resumed>) = 0 [pid 8941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8941] chdir("./file0") = 0 [pid 8941] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8988] <... munmap resumed>) = 0 [pid 8941] <... openat resumed>) = 4 [pid 8941] ioctl(4, LOOP_CLR_FD) = 0 [pid 8941] close(4) = 0 [pid 8941] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8988] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8941] ioctl(-1, SIOCGIFINDEX, NULL [pid 8988] ioctl(4, LOOP_SET_FD, 3 [pid 8941] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8941] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8941] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8941] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8941] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8941] exit_group(0) = ? [pid 8976] <... mount resumed>) = 0 [pid 8941] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8941, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=22 /* 0.22 s */} --- [pid 5849] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8988] <... ioctl resumed>) = 0 [pid 8976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8988] close(3) = 0 [pid 8976] <... openat resumed>) = 3 [pid 5849] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8988] close(4) = 0 [pid 8976] chdir("./file0" [pid 5849] <... openat resumed>) = 3 [pid 8976] <... chdir resumed>) = 0 [pid 5849] newfstatat(3, "", [pid 8976] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8988] mkdir("./file0", 0777) = 0 [pid 8988] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 8976] <... openat resumed>) = 4 [pid 5849] getdents64(3, [pid 8976] ioctl(4, LOOP_CLR_FD) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 8976] close(4 [pid 5849] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8976] <... close resumed>) = 0 [ 200.445805][ T8988] loop3: detected capacity change from 0 to 32768 [ 200.482656][ T8988] BTRFS: device /dev/loop3 (7:3) using temp-fsid de562d51-198d-4f90-a5fb-b210cb033d72 [pid 8976] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8976] <... openat resumed>) = 4 [pid 5849] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./36/binderfs" [pid 8976] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] <... unlink resumed>) = 0 [pid 8976] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8976] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8976] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8976] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8976] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 200.529833][ T8988] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (8988) [pid 8976] exit_group(0) = ? [pid 8976] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8976, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=27 /* 0.27 s */} --- [ 200.600669][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8995] <... write resumed>) = 16777216 [pid 5848] <... openat resumed>) = 3 [pid 8995] munmap(0x7f362be00000, 138412032 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./36/binderfs") = 0 [ 200.652615][ T8988] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8995] <... munmap resumed>) = 0 [pid 8995] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8995] close(3) = 0 [ 200.697573][ T5848] BTRFS info (device loop0): last unmount of filesystem 906a1fb1-e272-4a62-8192-2980e6bbe74d [ 200.707228][ T8988] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 200.728743][ T8995] loop4: detected capacity change from 0 to 32768 [pid 8998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8995] close(4) = 0 [pid 8995] mkdir("./file0", 0777) = 0 [ 200.756637][ T8988] BTRFS info (device loop3): using free-space-tree [ 200.787098][ T8995] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (8995) [pid 8995] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 8988] <... mount resumed>) = 0 [pid 8988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8988] chdir("./file0") = 0 [pid 8988] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8988] ioctl(4, LOOP_CLR_FD) = 0 [pid 8988] close(4) = 0 [ 200.929330][ T8995] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8988] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8988] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8988] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8988] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8988] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8988] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8988] exit_group(0) = ? [pid 8988] +++ exited with 0 +++ [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./36/file0") = 0 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8988, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=20 /* 0.20 s */} --- [pid 5849] getdents64(3, [pid 5851] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./36") = 0 [pid 5849] mkdir("./37", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] close(3 [pid 5851] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... close resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./36/binderfs"./strace-static-x86_64: Process 9047 attached ) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9047 [pid 5851] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 201.020660][ T8995] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 201.055811][ T8995] BTRFS info (device loop4): using free-space-tree [pid 9047] set_robust_list(0x55558aa90660, 24) = 0 [pid 9047] chdir("./37") = 0 [pid 9047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9047] setpgid(0, 0) = 0 [pid 9047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9047] write(3, "1000", 4) = 4 [pid 9047] close(3) = 0 [pid 9047] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9047] write(1, "executing program\n", 18) = 18 [pid 9047] memfd_create("syzkaller", 0) = 3 [pid 9047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 201.151351][ T5851] BTRFS info (device loop3): last unmount of filesystem de562d51-198d-4f90-a5fb-b210cb033d72 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./36/file0", [pid 8995] <... mount resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8995] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8995] chdir("./file0" [pid 5848] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8995] <... chdir resumed>) = 0 [pid 8995] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] <... openat resumed>) = 4 [pid 8995] <... openat resumed>) = 4 [pid 8995] ioctl(4, LOOP_CLR_FD [pid 5848] newfstatat(4, "", [pid 8995] <... ioctl resumed>) = 0 [pid 8995] close(4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8995] <... close resumed>) = 0 [pid 5848] getdents64(4, [pid 8995] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 8995] <... openat resumed>) = 4 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./36/file0") = 0 [pid 5848] getdents64(3, [pid 8995] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./36" [pid 8995] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./37", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9062 [pid 8995] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280./strace-static-x86_64: Process 9062 attached ) = 280 [pid 9062] set_robust_list(0x55558aa90660, 24 [pid 8995] bpf(BPF_MAP_CREATE, NULL, 0 [pid 9062] <... set_robust_list resumed>) = 0 [pid 8995] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9062] chdir("./37" [pid 8995] bpf(BPF_PROG_LOAD, NULL, 0 [pid 9062] <... chdir resumed>) = 0 [pid 8995] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9062] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8995] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9062] <... prctl resumed>) = 0 [pid 8995] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9062] setpgid(0, 0 [pid 8995] exit_group(0 [pid 9062] <... setpgid resumed>) = 0 [pid 8995] <... exit_group resumed>) = ? [pid 9062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8995] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8995, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- [pid 5852] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9062] <... openat resumed>) = 3 [pid 9047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./36/binderfs") = 0 [pid 5852] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9062] write(3, "1000", 4) = 4 [pid 9062] close(3) = 0 [pid 9062] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9062] write(1, "executing program\n", 18) = 18 [pid 9062] memfd_create("syzkaller", 0) = 3 [pid 9062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 8998] <... write resumed>) = 16777216 [pid 8998] munmap(0x7f362be00000, 138412032) = 0 [pid 8998] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 201.395641][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 8998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8998] close(3) = 0 [pid 8998] close(4) = 0 [pid 8998] mkdir("./file0", 0777) = 0 [ 201.447565][ T8998] loop2: detected capacity change from 0 to 32768 [ 201.494278][ T8998] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (8998) [pid 8998] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 201.572186][ T8998] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 201.599067][ T8998] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 201.608714][ T8998] BTRFS info (device loop2): using free-space-tree [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... umount2 resumed>) = 0 [pid 5851] getdents64(4, [pid 5852] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./36/file0", [pid 5851] <... close resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] rmdir("./36/file0") = 0 [pid 5852] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] close(3) = 0 [pid 5852] <... openat resumed>) = 4 [pid 5851] rmdir("./36") = 0 [pid 5852] newfstatat(4, "", [pid 9047] <... write resumed>) = 16777216 [pid 5851] mkdir("./37", 0777 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, [pid 5851] <... mkdir resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5852] close(4) = 0 [pid 5852] rmdir("./36/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5852] rmdir("./36") = 0 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] mkdir("./37", 0777 [pid 5851] close(3 [pid 5852] <... mkdir resumed>) = 0 [pid 9047] munmap(0x7f362be00000, 138412032 [pid 5851] <... close resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9072 attached [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 9072] set_robust_list(0x55558aa90660, 24 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 9072] <... set_robust_list resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9072 ./strace-static-x86_64: Process 9074 attached [pid 9072] chdir("./37" [pid 9074] set_robust_list(0x55558aa90660, 24 [pid 9072] <... chdir resumed>) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 9074 [pid 9074] <... set_robust_list resumed>) = 0 [pid 9072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9074] chdir("./37" [pid 9072] <... prctl resumed>) = 0 [pid 9074] <... chdir resumed>) = 0 [pid 9072] setpgid(0, 0) = 0 [pid 9074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9074] <... prctl resumed>) = 0 [pid 9074] setpgid(0, 0) = 0 [pid 9072] <... openat resumed>) = 3 [pid 9074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9072] write(3, "1000", 4 [pid 9074] <... openat resumed>) = 3 [pid 9072] <... write resumed>) = 4 executing program executing program [pid 9074] write(3, "1000", 4 [pid 9072] close(3) = 0 [pid 9074] <... write resumed>) = 4 [pid 9074] close(3 [pid 9072] symlink("/dev/binderfs", "./binderfs" [pid 9074] <... close resumed>) = 0 [pid 9072] <... symlink resumed>) = 0 [pid 9074] symlink("/dev/binderfs", "./binderfs" [pid 9072] write(1, "executing program\n", 18 [pid 9074] <... symlink resumed>) = 0 [pid 9072] <... write resumed>) = 18 [pid 9074] write(1, "executing program\n", 18 [pid 9072] memfd_create("syzkaller", 0 [pid 9074] <... write resumed>) = 18 [pid 9072] <... memfd_create resumed>) = 3 [pid 9074] memfd_create("syzkaller", 0 [pid 9072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9074] <... memfd_create resumed>) = 3 [pid 9072] <... mmap resumed>) = 0x7f362be00000 [pid 9074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9047] <... munmap resumed>) = 0 [pid 9074] <... mmap resumed>) = 0x7f362be00000 [pid 9047] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9047] close(3) = 0 [pid 9047] close(4) = 0 [pid 9047] mkdir("./file0", 0777) = 0 [ 201.787245][ T9047] loop1: detected capacity change from 0 to 32768 [ 201.811650][ T9047] BTRFS: device /dev/loop1 (7:1) using temp-fsid 285c1bcf-bade-424a-af7b-0e75502003b6 [ 201.821778][ T9047] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9047) [pid 9047] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 8998] <... mount resumed>) = 0 [pid 8998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8998] chdir("./file0") = 0 [pid 9062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8998] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8998] ioctl(4, LOOP_CLR_FD) = 0 [pid 8998] close(4) = 0 [pid 8998] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8998] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 8998] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 8998] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8998] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 8998] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 8998] exit_group(0) = ? [pid 8998] +++ exited with 0 +++ [ 201.882686][ T9047] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8998, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 5850] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 201.933102][ T9047] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./36/binderfs") = 0 [ 201.977401][ T9047] BTRFS info (device loop1): using free-space-tree [ 202.052660][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5850] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9062] <... write resumed>) = 16777216 [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", [pid 9074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9047] <... mount resumed>) = 0 [pid 5850] getdents64(4, [pid 9047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 9047] <... openat resumed>) = 3 [pid 5850] getdents64(4, [pid 9047] chdir("./file0" [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9047] <... chdir resumed>) = 0 [pid 5850] close(4 [pid 9062] munmap(0x7f362be00000, 138412032 [pid 9047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] <... close resumed>) = 0 [pid 9047] <... openat resumed>) = 4 [pid 5850] rmdir("./36/file0" [pid 9047] ioctl(4, LOOP_CLR_FD [pid 5850] <... rmdir resumed>) = 0 [pid 9062] <... munmap resumed>) = 0 [pid 9047] <... ioctl resumed>) = 0 [pid 5850] getdents64(3, [pid 9047] close(4 [pid 9062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 9047] <... close resumed>) = 0 [pid 9062] <... openat resumed>) = 4 [pid 9062] ioctl(4, LOOP_SET_FD, 3 [pid 9047] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5850] close(3 [pid 9072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9062] <... ioctl resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 9047] <... openat resumed>) = 4 [pid 5850] rmdir("./36" [pid 9062] close(3) = 0 [pid 9062] close(4 [pid 5850] <... rmdir resumed>) = 0 [pid 9062] <... close resumed>) = 0 [pid 9047] ioctl(-1, SIOCGIFINDEX, NULL [pid 9062] mkdir("./file0", 0777) = 0 [pid 9062] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] mkdir("./37", 0777 [pid 9047] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9047] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... mkdir resumed>) = 0 [pid 9047] <... write resumed>) = 280 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9047] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5850] <... openat resumed>) = 3 [pid 9047] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9047] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 9047] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9047] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5850] close(3 [pid 9047] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... close resumed>) = 0 [pid 9047] exit_group(0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9047] <... exit_group resumed>) = ? [pid 9047] +++ exited with 0 +++ [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9098 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9047, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 9098 attached [pid 9098] set_robust_list(0x55558aa90660, 24) = 0 [pid 9098] chdir("./37") = 0 [pid 9098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9098] setpgid(0, 0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 9098] <... setpgid resumed>) = 0 [pid 5849] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9098] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 3 [pid 9098] write(3, "1000", 4) = 4 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./37/binderfs") = 0 [ 202.310196][ T9062] loop0: detected capacity change from 0 to 32768 [ 202.333347][ T9062] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9062) [pid 5849] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9098] close(3) = 0 [pid 9098] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9098] write(1, "executing program\n", 18) = 18 [pid 9098] memfd_create("syzkaller", 0) = 3 [pid 9098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 202.400309][ T9062] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 202.428402][ T9062] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 202.463959][ T5849] BTRFS info (device loop1): last unmount of filesystem 285c1bcf-bade-424a-af7b-0e75502003b6 [ 202.489349][ T9062] BTRFS info (device loop0): using free-space-tree [pid 9062] <... mount resumed>) = 0 [pid 9062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9062] chdir("./file0") = 0 [pid 9062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9062] ioctl(4, LOOP_CLR_FD) = 0 [pid 9062] close(4) = 0 [pid 9062] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9062] ioctl(-1, SIOCGIFINDEX, NULL [pid 9074] <... write resumed>) = 16777216 [pid 9062] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9074] munmap(0x7f362be00000, 138412032 [pid 9062] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9074] <... munmap resumed>) = 0 [pid 9062] <... write resumed>) = 280 [pid 9062] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9062] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9062] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9062] exit_group(0) = ? [pid 9062] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9062, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=18 /* 0.18 s */} --- [pid 5848] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./37/binderfs", [pid 9074] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9074] <... openat resumed>) = 4 [pid 5848] unlink("./37/binderfs" [pid 9074] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... unlink resumed>) = 0 [pid 5848] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9074] <... ioctl resumed>) = 0 [pid 9074] close(3) = 0 [pid 9074] close(4) = 0 [pid 9074] mkdir("./file0", 0777) = 0 [ 202.741017][ T9074] loop4: detected capacity change from 0 to 32768 [ 202.773169][ T9074] BTRFS: device /dev/loop4 (7:4) using temp-fsid 937cffb0-3a29-4474-85aa-666f5e8ee5b6 [ 202.807474][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 202.819518][ T9074] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9074) [pid 9074] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 9072] <... write resumed>) = 16777216 [pid 5849] <... umount2 resumed>) = 0 [pid 9072] munmap(0x7f362be00000, 138412032 [pid 5849] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [ 202.904975][ T9074] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9072] <... munmap resumed>) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./37/file0") = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5849] getdents64(3, [pid 5848] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] close(3 [pid 5848] newfstatat(AT_FDCWD, "./37/file0", [pid 5849] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] rmdir("./37" [pid 5848] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", [pid 5849] mkdir("./38", 0777 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9072] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... openat resumed>) = 3 [pid 5848] close(4 [pid 9072] <... openat resumed>) = 4 [pid 5848] <... close resumed>) = 0 [pid 9072] ioctl(4, LOOP_SET_FD, 3 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] rmdir("./37/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5848] close(3 [pid 5849] close(3 [pid 5848] <... close resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5848] rmdir("./37" [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./38", 0777./strace-static-x86_64: Process 9115 attached [pid 9072] <... ioctl resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 9072] close(3 [pid 9115] set_robust_list(0x55558aa90660, 24 [pid 9072] <... close resumed>) = 0 [pid 9115] <... set_robust_list resumed>) = 0 [pid 9072] close(4 [pid 9115] chdir("./38" [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9115 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9115] <... chdir resumed>) = 0 [pid 9115] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9117 attached , child_tidptr=0x55558aa90650) = 9117 [ 202.945489][ T9074] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 202.970966][ T9072] loop3: detected capacity change from 0 to 32768 [pid 9117] set_robust_list(0x55558aa90660, 24) = 0 [pid 9115] <... prctl resumed>) = 0 [pid 9117] chdir("./38") = 0 [pid 9117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9115] setpgid(0, 0 [pid 9072] <... close resumed>) = 0 [pid 9115] <... setpgid resumed>) = 0 [pid 9072] mkdir("./file0", 0777 [pid 9115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9117] setpgid(0, 0 [pid 9072] <... mkdir resumed>) = 0 [pid 9117] <... setpgid resumed>) = 0 [pid 9117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9115] <... openat resumed>) = 3 [pid 9072] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 9115] write(3, "1000", 4 [pid 9117] <... openat resumed>) = 3 [pid 9117] write(3, "1000", 4) = 4 [pid 9117] close(3) = 0 [pid 9117] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9117] write(1, "executing program\n", 18) = 18 [pid 9117] memfd_create("syzkaller", 0) = 3 [pid 9117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9115] <... write resumed>) = 4 [pid 9115] close(3) = 0 [ 202.996668][ T9074] BTRFS info (device loop4): using free-space-tree [ 203.007049][ T9072] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9072) [pid 9115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9115] write(1, "executing program\n", 18executing program ) = 18 [pid 9115] memfd_create("syzkaller", 0) = 3 [pid 9115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 203.112405][ T9072] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9098] <... write resumed>) = 16777216 [pid 9098] munmap(0x7f362be00000, 138412032) = 0 [pid 9098] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9098] ioctl(4, LOOP_SET_FD, 3) = 0 [ 203.194864][ T9072] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 203.228384][ T9098] loop2: detected capacity change from 0 to 32768 [pid 9098] close(3) = 0 [pid 9098] close(4) = 0 [pid 9098] mkdir("./file0", 0777) = 0 [ 203.248027][ T9072] BTRFS info (device loop3): using free-space-tree [ 203.260425][ T9098] BTRFS: device /dev/loop2 (7:2) using temp-fsid 3f721244-11cc-4f26-b493-16d7bd93b640 [ 203.272621][ T9098] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9098) [pid 9098] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 9074] <... mount resumed>) = 0 [pid 9074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9074] chdir("./file0") = 0 [pid 9074] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9074] ioctl(4, LOOP_CLR_FD) = 0 [pid 9074] close(4) = 0 [pid 9074] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9074] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 203.300408][ T9098] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 203.322552][ T9098] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 203.340633][ T9098] BTRFS info (device loop2): using free-space-tree [pid 9074] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9074] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9074] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9074] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9074] exit_group(0) = ? [pid 9074] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9074, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./37/binderfs") = 0 [ 203.501098][ T5852] BTRFS info (device loop4): last unmount of filesystem 937cffb0-3a29-4474-85aa-666f5e8ee5b6 [pid 5852] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9072] <... mount resumed>) = 0 [pid 9072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9072] chdir("./file0") = 0 [pid 9072] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9072] ioctl(4, LOOP_CLR_FD) = 0 [pid 9072] close(4) = 0 [pid 9072] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9072] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9072] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9072] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9072] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9072] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9072] exit_group(0) = ? [pid 9072] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9072, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=32 /* 0.32 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 9117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... restart_syscall resumed>) = 0 [pid 5851] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9098] <... mount resumed>) = 0 [pid 9098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5851] <... openat resumed>) = 3 [pid 9098] <... openat resumed>) = 3 [pid 5852] <... umount2 resumed>) = 0 [pid 5851] newfstatat(3, "", [pid 9098] chdir("./file0" [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9098] <... chdir resumed>) = 0 [pid 9098] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9098] ioctl(4, LOOP_CLR_FD) = 0 [pid 9098] close(4) = 0 [pid 5851] getdents64(3, [pid 9098] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9098] <... openat resumed>) = 4 [pid 5852] newfstatat(AT_FDCWD, "./37/file0", [pid 9098] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9098] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9098] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9098] <... write resumed>) = 280 [pid 5852] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9098] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... openat resumed>) = 4 [pid 5851] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9098] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(4, "", [pid 9098] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./37/binderfs", [pid 9098] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] getdents64(4, [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9098] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] unlink("./37/binderfs" [pid 9098] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] getdents64(4, [pid 9098] exit_group(0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] <... unlink resumed>) = 0 [pid 5852] close(4 [pid 5851] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9098] <... exit_group resumed>) = ? [pid 5852] <... close resumed>) = 0 [pid 9098] +++ exited with 0 +++ [pid 5852] rmdir("./37/file0") = 0 [pid 5852] getdents64(3, [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9098, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5852] close(3 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./37" [pid 5850] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... rmdir resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] mkdir("./38", 0777 [pid 5850] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... mkdir resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./37/binderfs") = 0 [pid 5850] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9166 attached [pid 9166] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 9166 [pid 9166] <... set_robust_list resumed>) = 0 [ 203.728811][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9166] chdir("./38") = 0 [pid 9166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9166] setpgid(0, 0) = 0 [pid 9166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9166] write(3, "1000", 4) = 4 executing program [pid 9166] close(3) = 0 [pid 9166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9166] write(1, "executing program\n", 18) = 18 [pid 9166] memfd_create("syzkaller", 0) = 3 [pid 9166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 203.792407][ T5850] BTRFS info (device loop2): last unmount of filesystem 3f721244-11cc-4f26-b493-16d7bd93b640 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./37/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./37") = 0 [pid 9117] <... write resumed>) = 16777216 [pid 5850] mkdir("./38", 0777) = 0 [pid 9117] munmap(0x7f362be00000, 138412032 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 9115] <... write resumed>) = 16777216 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 9115] munmap(0x7f362be00000, 138412032 [pid 9117] <... munmap resumed>) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ./strace-static-x86_64: Process 9167 attached [pid 9167] set_robust_list(0x55558aa90660, 24 [pid 9115] <... munmap resumed>) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9167 [pid 9167] <... set_robust_list resumed>) = 0 [pid 9167] chdir("./38" [pid 9117] ioctl(4, LOOP_SET_FD, 3 [pid 9167] <... chdir resumed>) = 0 [pid 9167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9115] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9167] setpgid(0, 0 [pid 9115] ioctl(4, LOOP_SET_FD, 3 [pid 9167] <... setpgid resumed>) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 9167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9117] <... ioctl resumed>) = 0 [pid 9117] close(3) = 0 [pid 9117] close(4) = 0 [pid 9117] mkdir("./file0", 0777) = 0 [pid 9117] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 9115] <... ioctl resumed>) = 0 [pid 9115] close(3) = 0 [pid 9115] close(4) = 0 [pid 9115] mkdir("./file0", 0777) = 0 [ 204.146345][ T9117] loop0: detected capacity change from 0 to 32768 [ 204.154417][ T9115] loop1: detected capacity change from 0 to 32768 [pid 9115] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9167] <... openat resumed>) = 3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9167] write(3, "1000", 4 [pid 5851] newfstatat(AT_FDCWD, "./37/file0", [pid 9167] <... write resumed>) = 4 [pid 9167] close(3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9167] <... close resumed>) = 0 [pid 5851] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9167] symlink("/dev/binderfs", "./binderfs" [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9167] <... symlink resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program ) = 4 [pid 9167] write(1, "executing program\n", 18) = 18 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9167] memfd_create("syzkaller", 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 9167] <... memfd_create resumed>) = 3 [pid 5851] getdents64(4, [pid 9167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 9167] <... mmap resumed>) = 0x7f362be00000 [pid 5851] rmdir("./37/file0") = 0 [ 204.190274][ T9117] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9117) [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./37") = 0 [pid 5851] mkdir("./38", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 204.242096][ T9115] BTRFS: device /dev/loop1 (7:1) using temp-fsid 84c43cc8-bb7f-40e1-89e6-32afd86e51ea [ 204.264251][ T9117] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 9166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9168 attached [pid 9168] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9168 [pid 9168] <... set_robust_list resumed>) = 0 [pid 9168] chdir("./38") = 0 [pid 9168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 204.285087][ T9115] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9115) [ 204.319508][ T9117] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 9168] setpgid(0, 0) = 0 [pid 9168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9168] write(3, "1000", 4) = 4 [pid 9168] close(3) = 0 [pid 9168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9168] write(1, "executing program\n", 18executing program ) = 18 [pid 9168] memfd_create("syzkaller", 0) = 3 [ 204.353996][ T9117] BTRFS info (device loop0): using free-space-tree [ 204.379234][ T9115] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 204.425115][ T9115] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 204.459352][ T9115] BTRFS info (device loop1): using free-space-tree [pid 9117] <... mount resumed>) = 0 [pid 9117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9117] chdir("./file0") = 0 [pid 9117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9117] ioctl(4, LOOP_CLR_FD) = 0 [pid 9117] close(4) = 0 [pid 9117] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9117] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9117] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9117] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9117] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9117] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9117] exit_group(0) = ? [pid 9117] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9117, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9115] <... mount resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 9115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] newfstatat(3, "", [pid 9115] <... openat resumed>) = 3 [pid 9115] chdir("./file0" [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9115] <... chdir resumed>) = 0 [pid 5848] getdents64(3, [pid 9115] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9115] ioctl(4, LOOP_CLR_FD [pid 5848] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9115] <... ioctl resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9115] close(4) = 0 [pid 5848] newfstatat(AT_FDCWD, "./38/binderfs", [pid 9115] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9115] <... openat resumed>) = 4 [pid 5848] unlink("./38/binderfs") = 0 [pid 5848] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9115] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9115] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9115] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9115] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9115] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9115] exit_group(0) = ? [pid 9115] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9115, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5849] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./38/binderfs") = 0 [pid 5849] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9166] <... write resumed>) = 16777216 [pid 9166] munmap(0x7f362be00000, 138412032) = 0 [pid 9166] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 204.745788][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 204.776271][ T5849] BTRFS info (device loop1): last unmount of filesystem 84c43cc8-bb7f-40e1-89e6-32afd86e51ea [pid 9166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9166] close(3) = 0 [pid 9166] close(4) = 0 [pid 9166] mkdir("./file0", 0777) = 0 [ 204.815987][ T9166] loop4: detected capacity change from 0 to 32768 [ 204.849600][ T9166] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9166) [pid 9166] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [ 204.930958][ T9166] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 204.963725][ T9166] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 205.019252][ T9166] BTRFS info (device loop4): using free-space-tree [pid 9168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9167] <... write resumed>) = 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9167] munmap(0x7f362be00000, 138412032 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9167] <... munmap resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9167] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5848] <... openat resumed>) = 4 [pid 9167] ioctl(4, LOOP_SET_FD, 3 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 9167] <... ioctl resumed>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 9167] close(3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9167] <... close resumed>) = 0 [pid 5849] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9167] close(4 [pid 5848] close(4) = 0 [pid 9167] <... close resumed>) = 0 [pid 9167] mkdir("./file0", 0777 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] rmdir("./38/file0" [pid 9167] <... mkdir resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 9167] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] newfstatat(AT_FDCWD, "./38/file0", [pid 5848] getdents64(3, [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5849] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] rmdir("./38") = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] mkdir("./39", 0777) = 0 [pid 5849] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] <... openat resumed>) = 4 [pid 5848] <... openat resumed>) = 3 [pid 5849] newfstatat(4, "", [pid 5848] ioctl(3, LOOP_CLR_FD [pid 9166] <... mount resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 9166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] getdents64(4, [pid 5848] close(3 [pid 9166] <... openat resumed>) = 3 [pid 9166] chdir("./file0" [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... close resumed>) = 0 [pid 9166] <... chdir resumed>) = 0 [pid 9166] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9166] ioctl(4, LOOP_CLR_FD) = 0 [pid 9166] close(4) = 0 [pid 9166] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9166] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9166] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9166] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9166] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9166] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 205.135155][ T9167] loop2: detected capacity change from 0 to 32768 [ 205.171930][ T9167] BTRFS: device /dev/loop2 (7:2) using temp-fsid a6fc3bb5-d1a3-4650-b98e-e2d44f24b1fe [pid 9166] exit_group(0) = ? [pid 9166] +++ exited with 0 +++ [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9166, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=32 /* 0.32 s */} --- [pid 5849] getdents64(4, [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 9217 attached [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 9217 [pid 9217] set_robust_list(0x55558aa90660, 24) = 0 [pid 5849] <... close resumed>) = 0 [pid 9217] chdir("./39" [pid 5852] newfstatat(3, "", [pid 5849] rmdir("./38/file0" [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9217] <... chdir resumed>) = 0 [pid 5852] getdents64(3, [pid 5849] <... rmdir resumed>) = 0 [pid 9217] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] getdents64(3, [pid 9217] <... prctl resumed>) = 0 [ 205.213044][ T9167] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9167) [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 9217] setpgid(0, 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./38/binderfs") = 0 [pid 5852] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9217] <... setpgid resumed>) = 0 [pid 5849] close(3 [pid 9217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... close resumed>) = 0 [pid 5849] rmdir("./38" [pid 9217] <... openat resumed>) = 3 [pid 5849] <... rmdir resumed>) = 0 [ 205.256526][ T9167] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9217] write(3, "1000", 4) = 4 [pid 5849] mkdir("./39", 0777 [pid 9217] close(3) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 9217] symlink("/dev/binderfs", "./binderfs" [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9217] <... symlink resumed>) = 0 [pid 9217] write(1, "executing program\n", 18 [pid 5849] <... openat resumed>) = 3 executing program [pid 9217] <... write resumed>) = 18 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 9217] memfd_create("syzkaller", 0 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 9217] <... memfd_create resumed>) = 3 [pid 5849] close(3 [pid 9168] <... write resumed>) = 16777216 [pid 9217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... close resumed>) = 0 [pid 9217] <... mmap resumed>) = 0x7f362be00000 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9168] munmap(0x7f362be00000, 138412032./strace-static-x86_64: Process 9221 attached [pid 9221] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9221 [pid 9221] <... set_robust_list resumed>) = 0 [pid 9221] chdir("./39") = 0 [pid 9221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 205.299492][ T9167] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 205.309038][ T9167] BTRFS info (device loop2): using free-space-tree [ 205.324948][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9221] setpgid(0, 0) = 0 [pid 9221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9221] write(3, "1000", 4 [pid 9168] <... munmap resumed>) = 0 [pid 9221] <... write resumed>) = 4 [pid 9221] close(3) = 0 [pid 9168] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9168] ioctl(4, LOOP_SET_FD, 3 [pid 9221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9221] write(1, "executing program\n", 18executing program ) = 18 [pid 9168] <... ioctl resumed>) = 0 [pid 9221] memfd_create("syzkaller", 0 [pid 9168] close(3) = 0 [pid 9168] close(4) = 0 [pid 9168] mkdir("./file0", 0777) = 0 [ 205.405400][ T9168] loop3: detected capacity change from 0 to 32768 [pid 9221] <... memfd_create resumed>) = 3 [pid 9168] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 9221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 205.451244][ T9168] BTRFS: device /dev/loop3 (7:3) using temp-fsid a4bbbb92-a7c6-4a9a-86b1-292543f0dac1 [ 205.480898][ T9168] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9168) [ 205.541387][ T9168] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 205.600320][ T9168] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 205.647897][ T9168] BTRFS info (device loop3): using free-space-tree [pid 9217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9167] <... mount resumed>) = 0 [pid 9167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9167] chdir("./file0") = 0 [pid 9167] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9167] ioctl(4, LOOP_CLR_FD) = 0 [pid 9167] close(4) = 0 [pid 9167] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9167] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9167] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9167] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9167] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9167] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9167] exit_group(0) = ? [pid 9167] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9167, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./38/binderfs") = 0 [pid 5850] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9217] <... write resumed>) = 16777216 [pid 9217] munmap(0x7f362be00000, 138412032) = 0 [pid 9217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9217] close(3) = 0 [pid 9217] close(4) = 0 [pid 9217] mkdir("./file0", 0777) = 0 [ 205.910197][ T9217] loop0: detected capacity change from 0 to 32768 [ 205.926754][ T5850] BTRFS info (device loop2): last unmount of filesystem a6fc3bb5-d1a3-4650-b98e-e2d44f24b1fe [pid 9217] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 9168] <... mount resumed>) = 0 [pid 9168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9168] chdir("./file0") = 0 [pid 9168] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9168] ioctl(4, LOOP_CLR_FD) = 0 [pid 9168] close(4) = 0 [pid 9168] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9168] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9168] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9168] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9168] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9168] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9168] exit_group(0) = ? [pid 9168] +++ exited with 0 +++ [ 205.960556][ T9217] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9217) [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9168, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=32 /* 0.32 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./38/binderfs") = 0 [pid 5851] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [ 206.028979][ T9217] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] close(4) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5852] rmdir("./38/file0") = 0 [pid 5850] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] getdents64(3, [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] newfstatat(AT_FDCWD, "./38/file0", [pid 5852] close(3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... close resumed>) = 0 [pid 5850] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] rmdir("./38") = 0 [pid 5852] mkdir("./39", 0777) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... openat resumed>) = 3 [pid 5850] <... openat resumed>) = 4 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 206.051607][ T9217] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 206.088760][ T9217] BTRFS info (device loop0): using free-space-tree [ 206.104671][ T5851] BTRFS info (device loop3): last unmount of filesystem a4bbbb92-a7c6-4a9a-86b1-292543f0dac1 [pid 5850] newfstatat(4, "", [pid 5852] close(3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... close resumed>) = 0 [pid 5850] getdents64(4, [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 9259 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 9259 attached [pid 5850] close(4 [pid 9259] set_robust_list(0x55558aa90660, 24 [pid 5850] <... close resumed>) = 0 [pid 9259] <... set_robust_list resumed>) = 0 [pid 5850] rmdir("./38/file0" [pid 9259] chdir("./39" [pid 5850] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, [pid 9259] <... chdir resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 9259] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] close(3 [pid 9259] <... prctl resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./38" [pid 9259] setpgid(0, 0) = 0 [pid 9259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... rmdir resumed>) = 0 [pid 9259] <... openat resumed>) = 3 [pid 5850] mkdir("./39", 0777) = 0 [pid 9259] write(3, "1000", 4) = 4 [pid 9259] close(3) = 0 [pid 9259] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9259] write(1, "executing program\n", 18) = 18 [pid 9259] memfd_create("syzkaller", 0) = 3 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... openat resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 9259] <... mmap resumed>) = 0x7f362be00000 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... ioctl resumed>) = 0 [pid 5850] close(3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... close resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./38/file0", [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 9268 attached [pid 5851] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9268 [pid 9268] set_robust_list(0x55558aa90660, 24 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9268] <... set_robust_list resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", [pid 9268] chdir("./39" [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 9268] <... chdir resumed>) = 0 [pid 5851] getdents64(4, [pid 9268] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9268] <... prctl resumed>) = 0 [pid 5851] close(4 [pid 9268] setpgid(0, 0 [pid 5851] <... close resumed>) = 0 [pid 9268] <... setpgid resumed>) = 0 [pid 5851] rmdir("./38/file0" [pid 9268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 9268] <... openat resumed>) = 3 [pid 5851] close(3) = 0 [pid 5851] rmdir("./38" [pid 9268] write(3, "1000", 4 [pid 5851] <... rmdir resumed>) = 0 [pid 9268] <... write resumed>) = 4 [pid 9217] <... mount resumed>) = 0 [pid 5851] mkdir("./39", 0777 [pid 9268] close(3 [pid 9217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9268] <... close resumed>) = 0 [pid 9217] <... openat resumed>) = 3 [pid 9268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9217] chdir("./file0" [pid 5851] <... mkdir resumed>) = 0 executing program [pid 9268] write(1, "executing program\n", 18 [pid 9217] <... chdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9268] <... write resumed>) = 18 [pid 9217] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5851] <... openat resumed>) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 9268] memfd_create("syzkaller", 0 [pid 9217] <... openat resumed>) = 4 [pid 5851] <... ioctl resumed>) = 0 [pid 9217] ioctl(4, LOOP_CLR_FD [pid 5851] close(3 [pid 9268] <... memfd_create resumed>) = 3 [pid 5851] <... close resumed>) = 0 [pid 9268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9217] <... ioctl resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9268] <... mmap resumed>) = 0x7f362be00000 [pid 9217] close(4) = 0 [pid 9217] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9271 ./strace-static-x86_64: Process 9271 attached [pid 9217] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9217] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9271] set_robust_list(0x55558aa90660, 24 [pid 9217] <... write resumed>) = 280 [pid 9217] bpf(BPF_MAP_CREATE, NULL, 0 [pid 9271] <... set_robust_list resumed>) = 0 [pid 9217] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9271] chdir("./39" [pid 9217] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9271] <... chdir resumed>) = 0 [pid 9217] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9271] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9217] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9271] <... prctl resumed>) = 0 [pid 9217] exit_group(0 [pid 9271] setpgid(0, 0 [pid 9217] <... exit_group resumed>) = ? [pid 9271] <... setpgid resumed>) = 0 [pid 9271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9271] write(3, "1000", 4) = 4 [pid 9271] close(3) = 0 [pid 9271] symlink("/dev/binderfs", "./binderfs" [pid 9217] +++ exited with 0 +++ [pid 9271] <... symlink resumed>) = 0 executing program [pid 9271] write(1, "executing program\n", 18 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9217, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 9271] <... write resumed>) = 18 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 9271] memfd_create("syzkaller", 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 9271] <... memfd_create resumed>) = 3 [pid 9271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./39/binderfs") = 0 [pid 5848] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9221] <... write resumed>) = 16777216 [ 206.519804][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9221] munmap(0x7f362be00000, 138412032) = 0 [pid 9221] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9221] close(3) = 0 [pid 9221] close(4) = 0 [ 206.630708][ T9221] loop1: detected capacity change from 0 to 32768 [pid 9221] mkdir("./file0", 0777) = 0 [ 206.741050][ T9221] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9221) [pid 9221] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 206.810252][ T9221] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 206.844176][ T9221] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 9259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 206.879352][ T9221] BTRFS info (device loop1): using free-space-tree [pid 9271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./39/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./39") = 0 [pid 5848] mkdir("./40", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9283 attached [pid 9283] set_robust_list(0x55558aa90660, 24) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 9283 [pid 9283] chdir("./40") = 0 [pid 9283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9283] setpgid(0, 0) = 0 [pid 9283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9283] write(3, "1000", 4executing program ) = 4 [pid 9283] close(3) = 0 [pid 9283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9283] write(1, "executing program\n", 18) = 18 [pid 9283] memfd_create("syzkaller", 0) = 3 [pid 9283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9221] <... mount resumed>) = 0 [pid 9259] <... write resumed>) = 16777216 [pid 9221] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9221] chdir("./file0") = 0 [pid 9221] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9221] ioctl(4, LOOP_CLR_FD) = 0 [pid 9221] close(4) = 0 [pid 9221] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9221] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9221] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9221] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9221] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9221] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9221] exit_group(0) = ? [pid 9221] +++ exited with 0 +++ [pid 9259] munmap(0x7f362be00000, 138412032 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9221, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] <... openat resumed>) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./39/binderfs") = 0 [pid 5849] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9271] <... write resumed>) = 16777216 [pid 9259] <... munmap resumed>) = 0 [pid 9271] munmap(0x7f362be00000, 138412032 [pid 9259] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9271] <... munmap resumed>) = 0 [pid 9259] <... openat resumed>) = 4 [pid 9259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9259] close(3) = 0 [pid 9259] close(4 [pid 9271] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9259] <... close resumed>) = 0 [pid 9259] mkdir("./file0", 0777 [pid 9271] <... openat resumed>) = 4 [pid 9259] <... mkdir resumed>) = 0 [pid 9271] ioctl(4, LOOP_SET_FD, 3 [ 207.298435][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 207.321773][ T9259] loop4: detected capacity change from 0 to 32768 [pid 9259] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 9268] <... write resumed>) = 16777216 [pid 9268] munmap(0x7f362be00000, 138412032 [pid 9271] <... ioctl resumed>) = 0 [pid 9271] close(3) = 0 [pid 9271] close(4) = 0 [pid 9271] mkdir("./file0", 0777) = 0 [ 207.365429][ T9271] loop3: detected capacity change from 0 to 32768 [ 207.372275][ T9259] BTRFS: device /dev/loop4 (7:4) using temp-fsid 5c40cce2-f8cb-467d-9328-a2a1d047d582 [pid 9271] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 9268] <... munmap resumed>) = 0 [ 207.404520][ T9259] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9259) [pid 9268] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9268] close(3) = 0 [pid 9268] close(4) = 0 [pid 9268] mkdir("./file0", 0777) = 0 [pid 9268] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 207.439837][ T9268] loop2: detected capacity change from 0 to 32768 [ 207.475198][ T9268] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9268) [pid 5849] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 207.509941][ T9259] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 207.524181][ T9271] BTRFS: device /dev/loop3 (7:3) using temp-fsid 3213cb20-b2ce-45b7-84a1-ce2547fe2132 [ 207.535489][ T9259] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 207.536465][ T9268] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./39/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./39") = 0 [pid 5849] mkdir("./40", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [ 207.557335][ T9259] BTRFS info (device loop4): using free-space-tree [ 207.564063][ T9271] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9271) [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9293 attached [pid 9293] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9293 [pid 9293] <... set_robust_list resumed>) = 0 [pid 9293] chdir("./40") = 0 [pid 9293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9293] setpgid(0, 0) = 0 [ 207.603716][ T9268] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 207.631659][ T9268] BTRFS info (device loop2): using free-space-tree [ 207.644162][ T9271] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9283] <... write resumed>) = 16777216 [pid 9293] <... openat resumed>) = 3 [pid 9283] munmap(0x7f362be00000, 138412032 [pid 9293] write(3, "1000", 4) = 4 [pid 9293] close(3 [pid 9283] <... munmap resumed>) = 0 [pid 9293] <... close resumed>) = 0 [pid 9293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9293] write(1, "executing program\n", 18executing program ) = 18 [pid 9283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9293] memfd_create("syzkaller", 0 [pid 9283] <... openat resumed>) = 4 [pid 9293] <... memfd_create resumed>) = 3 [pid 9283] ioctl(4, LOOP_SET_FD, 3 [pid 9293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9259] <... mount resumed>) = 0 [pid 9259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9259] chdir("./file0") = 0 [pid 9259] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9259] ioctl(4, LOOP_CLR_FD) = 0 [pid 9259] close(4 [pid 9283] <... ioctl resumed>) = 0 [pid 9283] close(3) = 0 [pid 9283] close(4) = 0 [ 207.683656][ T9271] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 207.712922][ T9283] loop0: detected capacity change from 0 to 32768 [ 207.713855][ T9271] BTRFS info (device loop3): using free-space-tree [pid 9283] mkdir("./file0", 0777) = 0 [pid 9283] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 9259] <... close resumed>) = 0 [pid 9259] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9259] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9259] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9259] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 207.766473][ T9283] BTRFS: device /dev/loop0 (7:0) using temp-fsid 84b8c6d4-8780-4830-872a-de56642c6d81 [pid 9259] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9259] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9259] exit_group(0) = ? [pid 9259] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9259, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5852] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 207.841262][ T9283] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9283) [pid 5852] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./39/binderfs") = 0 [ 207.940628][ T9283] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 207.978890][ T5852] BTRFS info (device loop4): last unmount of filesystem 5c40cce2-f8cb-467d-9328-a2a1d047d582 [pid 5852] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9268] <... mount resumed>) = 0 [pid 9268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9268] chdir("./file0") = 0 [ 208.007908][ T9283] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 208.018944][ T9283] BTRFS info (device loop0): using free-space-tree [pid 9268] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9268] ioctl(4, LOOP_CLR_FD) = 0 [pid 9268] close(4) = 0 [pid 9268] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9268] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9268] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9268] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9268] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9268] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9268] exit_group(0) = ? [pid 9268] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9268, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5852] <... umount2 resumed>) = 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5850] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(3, "", [pid 5852] newfstatat(AT_FDCWD, "./39/file0", [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] getdents64(3, [pid 5852] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... openat resumed>) = 4 [pid 5850] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5852] newfstatat(4, "", [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] unlink("./39/binderfs" [pid 5852] getdents64(4, [pid 5850] <... unlink resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./39/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./39") = 0 [pid 5852] mkdir("./40", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9271] <... mount resumed>) = 0 ./strace-static-x86_64: Process 9355 attached [pid 9271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 9355 [pid 9271] chdir("./file0" [pid 9355] set_robust_list(0x55558aa90660, 24) = 0 [pid 9355] chdir("./40" [pid 9271] <... chdir resumed>) = 0 [pid 9355] <... chdir resumed>) = 0 [pid 9355] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9271] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9355] <... prctl resumed>) = 0 [pid 9355] setpgid(0, 0 [pid 9271] <... openat resumed>) = 4 [pid 9355] <... setpgid resumed>) = 0 [pid 9271] ioctl(4, LOOP_CLR_FD [pid 9355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9271] <... ioctl resumed>) = 0 [pid 9355] write(3, "1000", 4) = 4 [pid 9271] close(4) = 0 [pid 9271] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9355] close(3 [pid 9271] <... openat resumed>) = 4 [pid 9355] <... close resumed>) = 0 [pid 9355] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9355] write(1, "executing program\n", 18) = 18 [pid 9271] ioctl(-1, SIOCGIFINDEX, NULL [pid 9355] memfd_create("syzkaller", 0 [pid 9271] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9355] <... memfd_create resumed>) = 3 [pid 9355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 208.205033][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9271] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9355] <... mmap resumed>) = 0x7f362be00000 [pid 9283] <... mount resumed>) = 0 [pid 9271] <... write resumed>) = 280 [pid 9283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9283] chdir("./file0") = 0 [pid 9283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9271] bpf(BPF_MAP_CREATE, NULL, 0 [pid 9283] <... openat resumed>) = 4 [pid 9271] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9283] ioctl(4, LOOP_CLR_FD [pid 9271] bpf(BPF_PROG_LOAD, NULL, 0 [pid 9283] <... ioctl resumed>) = 0 [pid 9271] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9283] close(4 [pid 9271] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9283] <... close resumed>) = 0 [pid 9271] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9283] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9271] exit_group(0 [pid 9283] <... openat resumed>) = 4 [pid 9271] <... exit_group resumed>) = ? [pid 9271] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9271, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 9283] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5851] <... restart_syscall resumed>) = 0 [pid 5851] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", [pid 9283] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9283] <... write resumed>) = 280 [pid 5851] newfstatat(AT_FDCWD, "./39/binderfs", [pid 9283] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9283] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] unlink("./39/binderfs" [pid 9283] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... unlink resumed>) = 0 [pid 9283] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9283] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9283] exit_group(0) = ? [pid 9283] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9283, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./40/binderfs") = 0 [ 208.423031][ T5851] BTRFS info (device loop3): last unmount of filesystem 3213cb20-b2ce-45b7-84a1-ce2547fe2132 [pid 5848] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 208.492004][ T5848] BTRFS info (device loop0): last unmount of filesystem 84b8c6d4-8780-4830-872a-de56642c6d81 [pid 9293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./39/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./39") = 0 [pid 5851] mkdir("./40", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 9355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] close(3 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./40/file0") = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9358 ./strace-static-x86_64: Process 9358 attached [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./40" [pid 9358] set_robust_list(0x55558aa90660, 24 [pid 5848] <... rmdir resumed>) = 0 [pid 9358] <... set_robust_list resumed>) = 0 [pid 5848] mkdir("./41", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 9358] chdir("./40" [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 9358] <... chdir resumed>) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9358] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 9359 [pid 9358] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 9359 attached [pid 9359] set_robust_list(0x55558aa90660, 24) = 0 [pid 9359] chdir("./41") = 0 [pid 9359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9359] setpgid(0, 0) = 0 [pid 9359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9358] setpgid(0, 0) = 0 [pid 9358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... umount2 resumed>) = 0 [pid 9358] <... openat resumed>) = 3 [pid 9359] write(3, "1000", 4) = 4 [pid 9359] close(3) = 0 [pid 9359] symlink("/dev/binderfs", "./binderfs" [pid 9358] write(3, "1000", 4 [pid 5850] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9358] <... write resumed>) = 4 [pid 9358] close(3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9359] <... symlink resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./39/file0", [pid 9359] write(1, "executing program\n", 18 executing program [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9359] <... write resumed>) = 18 [pid 9359] memfd_create("syzkaller", 0 [pid 5850] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9359] <... memfd_create resumed>) = 3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9359] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", [pid 9358] <... close resumed>) = 0 [pid 9358] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9358] <... symlink resumed>) = 0 [pid 5850] getdents64(4, [pid 9358] write(1, "executing program\n", 18 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 executing program [pid 9358] <... write resumed>) = 18 [pid 5850] getdents64(4, [pid 9358] memfd_create("syzkaller", 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4 [pid 9358] <... memfd_create resumed>) = 3 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./39/file0" [pid 9358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3 [pid 9358] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./39") = 0 [pid 5850] mkdir("./40", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9360 ./strace-static-x86_64: Process 9360 attached [pid 9360] set_robust_list(0x55558aa90660, 24) = 0 [pid 9360] chdir("./40") = 0 [pid 9360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9360] setpgid(0, 0) = 0 [pid 9360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 9360] write(3, "1000", 4) = 4 [pid 9360] close(3) = 0 [pid 9360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9360] write(1, "executing program\n", 18) = 18 [pid 9360] memfd_create("syzkaller", 0) = 3 [pid 9360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9293] <... write resumed>) = 16777216 [pid 9293] munmap(0x7f362be00000, 138412032) = 0 [pid 9293] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9293] close(3) = 0 [pid 9293] close(4) = 0 [pid 9293] mkdir("./file0", 0777) = 0 [pid 9293] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9355] <... write resumed>) = 16777216 [ 209.068547][ T9293] loop1: detected capacity change from 0 to 32768 [ 209.104343][ T9293] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9293) [pid 9355] munmap(0x7f362be00000, 138412032 [ 209.149239][ T9293] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9355] <... munmap resumed>) = 0 [pid 9355] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9355] ioctl(4, LOOP_SET_FD, 3) = 0 [ 209.192895][ T9293] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 209.220318][ T9355] loop4: detected capacity change from 0 to 32768 [pid 9358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 209.239302][ T9293] BTRFS info (device loop1): using free-space-tree [pid 9355] close(3) = 0 [pid 9355] close(4) = 0 [pid 9355] mkdir("./file0", 0777) = 0 [ 209.306406][ T9355] BTRFS: device /dev/loop4 (7:4) using temp-fsid 45c3423c-e69c-41ba-ad0b-fb5ba14ea2ce [ 209.360588][ T9355] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9355) [pid 9355] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [ 209.451980][ T9355] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9293] <... mount resumed>) = 0 [pid 9293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9293] chdir("./file0") = 0 [pid 9293] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9293] ioctl(4, LOOP_CLR_FD) = 0 [pid 9293] close(4) = 0 [pid 9293] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9293] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 209.505808][ T9355] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 9293] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9293] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9293] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9293] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9293] exit_group(0) = ? [pid 9293] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9293, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=24 /* 0.24 s */} --- [pid 5849] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./40/binderfs") = 0 [ 209.599350][ T9355] BTRFS info (device loop4): using free-space-tree [ 209.690557][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9359] <... write resumed>) = 16777216 [pid 9359] munmap(0x7f362be00000, 138412032 [pid 9355] <... mount resumed>) = 0 [pid 9359] <... munmap resumed>) = 0 [pid 9355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9355] chdir("./file0") = 0 [pid 9355] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9355] ioctl(4, LOOP_CLR_FD) = 0 [pid 9355] close(4 [pid 9359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9355] <... close resumed>) = 0 [pid 9359] ioctl(4, LOOP_SET_FD, 3 [pid 9355] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9355] ioctl(-1, SIOCGIFINDEX, NULL [pid 9360] <... write resumed>) = 16777216 [pid 9355] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9355] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9355] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9360] munmap(0x7f362be00000, 138412032 [pid 9355] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5849] <... umount2 resumed>) = 0 [pid 9355] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9355] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9360] <... munmap resumed>) = 0 [pid 9355] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9360] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9355] exit_group(0 [pid 5849] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9360] <... openat resumed>) = 4 [pid 9359] <... ioctl resumed>) = 0 [pid 9355] <... exit_group resumed>) = ? [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9355] +++ exited with 0 +++ [pid 5849] newfstatat(AT_FDCWD, "./40/file0", [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9355, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [ 209.818604][ T9359] loop0: detected capacity change from 0 to 32768 [pid 5849] rmdir("./40/file0") = 0 [pid 9360] ioctl(4, LOOP_SET_FD, 3 [pid 9359] close(3 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./40") = 0 [pid 5849] mkdir("./41", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9394 attached [pid 9360] <... ioctl resumed>) = 0 [pid 9359] <... close resumed>) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9394 [pid 9360] close(3 [pid 9359] close(4 [pid 9360] <... close resumed>) = 0 [pid 9360] close(4 [pid 9359] <... close resumed>) = 0 [pid 5852] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9360] <... close resumed>) = 0 [pid 9359] mkdir("./file0", 0777 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9360] mkdir("./file0", 0777 [pid 5852] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9394] set_robust_list(0x55558aa90660, 24 [pid 9359] <... mkdir resumed>) = 0 [pid 5852] newfstatat(3, "", [pid 9394] <... set_robust_list resumed>) = 0 [pid 9360] <... mkdir resumed>) = 0 [pid 9359] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9394] chdir("./41" [pid 5852] getdents64(3, [pid 9360] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9394] <... chdir resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./40/binderfs", [pid 9394] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9394] <... prctl resumed>) = 0 [pid 5852] unlink("./40/binderfs" [pid 9394] setpgid(0, 0 [pid 5852] <... unlink resumed>) = 0 [pid 9394] <... setpgid resumed>) = 0 [pid 5852] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9394] write(3, "1000", 4) = 4 [pid 9394] close(3) = 0 [pid 9394] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9394] write(1, "executing program\n", 18) = 18 [pid 9394] memfd_create("syzkaller", 0) = 3 [pid 9394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9358] <... write resumed>) = 16777216 [ 209.870092][ T9360] loop2: detected capacity change from 0 to 32768 [ 209.882395][ T9359] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9359) [pid 9358] munmap(0x7f362be00000, 138412032) = 0 [ 209.954454][ T9360] BTRFS: device /dev/loop2 (7:2) using temp-fsid 772f1ba5-2c46-4b3e-afdf-031edbd48337 [ 209.968580][ T9359] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9358] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9358] ioctl(4, LOOP_SET_FD, 3) = 0 [ 209.992070][ T9360] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9360) [ 209.992482][ T5852] BTRFS info (device loop4): last unmount of filesystem 45c3423c-e69c-41ba-ad0b-fb5ba14ea2ce [ 210.005409][ T9359] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 210.027945][ T9358] loop3: detected capacity change from 0 to 32768 [pid 9358] close(3) = 0 [pid 9358] close(4) = 0 [pid 9358] mkdir("./file0", 0777) = 0 [ 210.053909][ T9360] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 210.085443][ T9358] BTRFS: device /dev/loop3 (7:3) using temp-fsid 0127f5d4-8d65-40eb-b42a-5087002f576c [ 210.099288][ T9359] BTRFS info (device loop0): using free-space-tree [ 210.107741][ T9358] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9358) [ 210.128859][ T9360] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 9358] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [ 210.199957][ T9360] BTRFS info (device loop2): using free-space-tree [ 210.210068][ T9358] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 210.221838][ T9358] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 210.233588][ T9358] BTRFS info (device loop3): using free-space-tree [pid 9394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9359] <... mount resumed>) = 0 [pid 9359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9359] chdir("./file0") = 0 [pid 9359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9359] ioctl(4, LOOP_CLR_FD) = 0 [pid 9359] close(4) = 0 [pid 9359] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9359] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9359] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9359] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9359] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9359] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9359] exit_group(0) = ? [pid 9359] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9359, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./41/binderfs") = 0 [pid 5848] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9358] <... mount resumed>) = 0 [pid 9360] <... mount resumed>) = 0 [pid 9358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9358] <... openat resumed>) = 3 [pid 9358] chdir("./file0" [pid 9360] chdir("./file0" [pid 9358] <... chdir resumed>) = 0 [pid 9360] <... chdir resumed>) = 0 [pid 9360] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9358] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9360] <... openat resumed>) = 4 [pid 9360] ioctl(4, LOOP_CLR_FD [pid 9358] <... openat resumed>) = 4 [pid 9360] <... ioctl resumed>) = 0 [pid 9358] ioctl(4, LOOP_CLR_FD [pid 9360] close(4 [pid 9358] <... ioctl resumed>) = 0 [pid 9358] close(4 [pid 9360] <... close resumed>) = 0 [pid 9360] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9358] <... close resumed>) = 0 [ 210.533518][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9358] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9360] <... openat resumed>) = 4 [pid 9358] <... openat resumed>) = 4 [pid 9358] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9358] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9360] ioctl(-1, SIOCGIFINDEX, NULL [pid 9358] <... write resumed>) = 280 [pid 5852] <... umount2 resumed>) = 0 [pid 9360] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9358] bpf(BPF_MAP_CREATE, NULL, 0 [pid 9360] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9358] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9358] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9360] <... write resumed>) = 280 [pid 9358] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] newfstatat(AT_FDCWD, "./40/file0", [pid 9360] bpf(BPF_MAP_CREATE, NULL, 0 [pid 9358] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9360] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9358] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9360] bpf(BPF_PROG_LOAD, NULL, 0 [pid 9358] exit_group(0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9360] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9358] <... exit_group resumed>) = ? [pid 5852] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9360] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9358] +++ exited with 0 +++ [pid 5852] <... openat resumed>) = 4 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9358, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] newfstatat(4, "", [pid 5851] <... openat resumed>) = 3 [pid 9360] exit_group(0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] newfstatat(3, "", [pid 9360] <... exit_group resumed>) = ? [pid 5852] getdents64(4, [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./40/binderfs") = 0 [pid 5851] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9360] +++ exited with 0 +++ [pid 5852] getdents64(4, [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9360, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5852] close(4 [pid 5850] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, [pid 5852] <... close resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] rmdir("./40/file0" [pid 5850] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./40/binderfs", [pid 9394] <... write resumed>) = 16777216 [pid 5852] <... rmdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] getdents64(3, [pid 5850] unlink("./40/binderfs") = 0 [pid 5850] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9394] munmap(0x7f362be00000, 138412032 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 9394] <... munmap resumed>) = 0 [pid 9394] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] rmdir("./40" [pid 9394] close(3) = 0 [pid 9394] close(4) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 9394] mkdir("./file0", 0777) = 0 [pid 9394] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] mkdir("./41", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [ 210.692572][ T9394] loop1: detected capacity change from 0 to 32768 [ 210.694390][ T5851] BTRFS info (device loop3): last unmount of filesystem 0127f5d4-8d65-40eb-b42a-5087002f576c [ 210.724432][ T9394] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9394) [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9444 attached , child_tidptr=0x55558aa90650) = 9444 [pid 9444] set_robust_list(0x55558aa90660, 24) = 0 [pid 9444] chdir("./41") = 0 [pid 9444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 210.771635][ T5850] BTRFS info (device loop2): last unmount of filesystem 772f1ba5-2c46-4b3e-afdf-031edbd48337 [ 210.801986][ T9394] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9444] setpgid(0, 0) = 0 [pid 9444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9444] write(3, "1000", 4) = 4 [pid 9444] close(3) = 0 [pid 9444] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9444] write(1, "executing program\n", 18) = 18 [pid 9444] memfd_create("syzkaller", 0) = 3 [pid 9444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 210.813883][ T9394] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 210.825334][ T9394] BTRFS info (device loop1): using free-space-tree [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./41/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./41") = 0 [pid 5848] mkdir("./42", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9461 ./strace-static-x86_64: Process 9461 attached [pid 9394] <... mount resumed>) = 0 [pid 9394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9461] set_robust_list(0x55558aa90660, 24 [pid 9394] <... openat resumed>) = 3 [pid 9461] <... set_robust_list resumed>) = 0 [pid 9461] chdir("./42" [pid 9394] chdir("./file0") = 0 [pid 9461] <... chdir resumed>) = 0 [pid 9461] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9394] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9461] <... prctl resumed>) = 0 [pid 9461] setpgid(0, 0 [pid 9394] <... openat resumed>) = 4 [pid 9461] <... setpgid resumed>) = 0 [pid 9461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9394] ioctl(4, LOOP_CLR_FD [pid 9461] <... openat resumed>) = 3 [pid 9394] <... ioctl resumed>) = 0 [pid 9394] close(4 [pid 9461] write(3, "1000", 4) = 4 [pid 9394] <... close resumed>) = 0 [pid 9461] close(3 [pid 9394] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9461] <... close resumed>) = 0 executing program [pid 9461] symlink("/dev/binderfs", "./binderfs" [pid 9394] <... openat resumed>) = 4 [pid 9461] <... symlink resumed>) = 0 [pid 9461] write(1, "executing program\n", 18 [pid 9394] ioctl(-1, SIOCGIFINDEX, NULL [pid 9461] <... write resumed>) = 18 [pid 9461] memfd_create("syzkaller", 0 [pid 9394] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9461] <... memfd_create resumed>) = 3 [pid 9394] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9394] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9394] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9394] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... umount2 resumed>) = 0 [pid 9394] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9394] exit_group(0 [pid 5851] <... openat resumed>) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9394] <... exit_group resumed>) = ? [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./40/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./40") = 0 [pid 5851] mkdir("./41", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 9394] +++ exited with 0 +++ [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] close(3 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9394, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=22 /* 0.22 s */} --- [pid 5851] <... close resumed>) = 0 [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./41/binderfs", ./strace-static-x86_64: Process 9462 attached {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9462] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9462 [pid 9462] <... set_robust_list resumed>) = 0 [pid 5849] unlink("./41/binderfs" [pid 9462] chdir("./41" [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9462] <... chdir resumed>) = 0 [pid 9462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9462] setpgid(0, 0) = 0 executing program [pid 9462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9462] write(3, "1000", 4) = 4 [pid 9462] close(3) = 0 [pid 9462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9462] write(1, "executing program\n", 18) = 18 [pid 9462] memfd_create("syzkaller", 0) = 3 [pid 9462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 211.190950][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./40/file0", [pid 5849] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... openat resumed>) = 4 [pid 5850] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] newfstatat(4, "", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] getdents64(4, [pid 5850] <... openat resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] getdents64(4, [pid 5849] close(4 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] <... close resumed>) = 0 [pid 5850] close(4 [pid 5849] rmdir("./41/file0" [pid 5850] <... close resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5850] rmdir("./40/file0" [pid 5849] getdents64(3, [pid 5850] <... rmdir resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] getdents64(3, [pid 5849] close(3 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... close resumed>) = 0 [pid 5850] close(3 [pid 5849] rmdir("./41" [pid 5850] <... close resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5850] rmdir("./40" [pid 5849] mkdir("./42", 0777 [pid 5850] <... rmdir resumed>) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5850] mkdir("./41", 0777 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] <... mkdir resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9463 ./strace-static-x86_64: Process 9463 attached [pid 9463] set_robust_list(0x55558aa90660, 24./strace-static-x86_64: Process 9464 attached [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9464 [pid 9463] <... set_robust_list resumed>) = 0 [pid 9464] set_robust_list(0x55558aa90660, 24 [pid 9463] chdir("./41" [pid 9464] <... set_robust_list resumed>) = 0 [pid 9464] chdir("./42") = 0 [pid 9464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9464] setpgid(0, 0) = 0 [pid 9464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9464] write(3, "1000", 4) = 4 [pid 9464] close(3 [pid 9463] <... chdir resumed>) = 0 [pid 9464] <... close resumed>) = 0 [pid 9464] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9464] write(1, "executing program\n", 18) = 18 [pid 9464] memfd_create("syzkaller", 0 [pid 9463] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9464] <... memfd_create resumed>) = 3 [pid 9463] <... prctl resumed>) = 0 [pid 9464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9463] setpgid(0, 0) = 0 [pid 9464] <... mmap resumed>) = 0x7f362be00000 [pid 9463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9463] write(3, "1000", 4) = 4 [pid 9463] close(3) = 0 [pid 9463] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9463] write(1, "executing program\n", 18) = 18 [pid 9463] memfd_create("syzkaller", 0) = 3 [pid 9463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9444] <... write resumed>) = 16777216 [pid 9444] munmap(0x7f362be00000, 138412032) = 0 [pid 9444] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9444] ioctl(4, LOOP_SET_FD, 3 [pid 9464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9444] <... ioctl resumed>) = 0 [pid 9444] close(3) = 0 [pid 9444] close(4) = 0 [pid 9463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 211.876276][ T9444] loop4: detected capacity change from 0 to 32768 [pid 9444] mkdir("./file0", 0777) = 0 [pid 9444] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 9461] <... write resumed>) = 16777216 [ 211.932550][ T9444] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9444) [pid 9461] munmap(0x7f362be00000, 138412032 [pid 9462] <... write resumed>) = 16777216 [pid 9461] <... munmap resumed>) = 0 [pid 9462] munmap(0x7f362be00000, 138412032 [pid 9461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 212.009207][ T9444] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 212.041135][ T9444] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 9462] <... munmap resumed>) = 0 [pid 9461] ioctl(4, LOOP_SET_FD, 3 [pid 9462] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9462] ioctl(4, LOOP_SET_FD, 3 [pid 9461] <... ioctl resumed>) = 0 [pid 9461] close(3) = 0 [pid 9461] close(4) = 0 [pid 9461] mkdir("./file0", 0777) = 0 [pid 9461] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 9462] <... ioctl resumed>) = 0 [pid 9462] close(3) = 0 [pid 9462] close(4) = 0 [pid 9462] mkdir("./file0", 0777) = 0 [ 212.080250][ T9444] BTRFS info (device loop4): using free-space-tree [ 212.090467][ T9461] loop0: detected capacity change from 0 to 32768 [ 212.091751][ T9462] loop3: detected capacity change from 0 to 32768 [ 212.114802][ T9461] BTRFS: device /dev/loop0 (7:0) using temp-fsid 16741922-54a2-4a3b-a63d-859b041472ec [ 212.149895][ T9461] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9461) [ 212.181782][ T9462] BTRFS: device /dev/loop3 (7:3) using temp-fsid 2fbd5f5c-1c4a-4998-856c-c03d6cad62d1 [ 212.200069][ T9461] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 212.218353][ T9462] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9462) [ 212.240316][ T9461] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 212.276874][ T9461] BTRFS info (device loop0): using free-space-tree [ 212.289383][ T9462] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9462] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 9464] <... write resumed>) = 16777216 [pid 9464] munmap(0x7f362be00000, 138412032) = 0 [pid 9444] <... mount resumed>) = 0 [pid 9444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9444] chdir("./file0") = 0 [pid 9464] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9444] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9464] <... openat resumed>) = 4 [pid 9444] <... openat resumed>) = 4 [pid 9464] ioctl(4, LOOP_SET_FD, 3 [pid 9444] ioctl(4, LOOP_CLR_FD) = 0 [pid 9464] <... ioctl resumed>) = 0 [pid 9463] <... write resumed>) = 16777216 [pid 9444] close(4 [pid 9464] close(3 [pid 9444] <... close resumed>) = 0 [pid 9464] <... close resumed>) = 0 [pid 9444] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 212.341971][ T9462] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 212.375482][ T9464] loop1: detected capacity change from 0 to 32768 [pid 9464] close(4) = 0 [pid 9444] <... openat resumed>) = 4 [pid 9463] munmap(0x7f362be00000, 138412032 [pid 9464] mkdir("./file0", 0777 [pid 9444] ioctl(-1, SIOCGIFINDEX, NULL [pid 9464] <... mkdir resumed>) = 0 [pid 9464] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9444] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9444] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9463] <... munmap resumed>) = 0 [pid 9444] <... write resumed>) = 280 [pid 9444] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9444] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9463] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 212.409407][ T9462] BTRFS info (device loop3): using free-space-tree [ 212.430601][ T9464] BTRFS: device /dev/loop1 (7:1) using temp-fsid 6d13a12f-6167-4107-b6d5-3aa6242eff3d [pid 9444] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9463] ioctl(4, LOOP_SET_FD, 3 [pid 9444] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9444] exit_group(0) = ? [pid 9444] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9444, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=24 /* 0.24 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", [pid 9463] <... ioctl resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9463] close(3 [pid 5852] getdents64(3, [pid 9463] <... close resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9463] close(4 [pid 5852] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9463] <... close resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./41/binderfs", [pid 9463] mkdir("./file0", 0777 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9463] <... mkdir resumed>) = 0 [pid 5852] unlink("./41/binderfs") = 0 [ 212.474199][ T9463] loop2: detected capacity change from 0 to 32768 [ 212.501969][ T9464] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9464) [pid 9463] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9461] <... mount resumed>) = 0 [pid 9461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 212.572712][ T9464] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 212.583840][ T9464] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 212.590181][ T9463] BTRFS: device /dev/loop2 (7:2) using temp-fsid 5d1382bd-c927-4de4-8dbe-00fca074ab08 [ 212.604901][ T9464] BTRFS info (device loop1): using free-space-tree [pid 9461] chdir("./file0") = 0 [pid 9461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9461] ioctl(4, LOOP_CLR_FD) = 0 [pid 9461] close(4) = 0 [pid 9461] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9461] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9461] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9461] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9461] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9461] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9461] exit_group(0) = ? [pid 9461] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9461, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=21 /* 0.21 s */} --- [pid 5848] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 212.626491][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 212.639391][ T9463] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9463) [pid 5848] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./42/binderfs") = 0 [ 212.720873][ T9463] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9462] <... mount resumed>) = 0 [pid 9462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9462] chdir("./file0") = 0 [pid 9462] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9462] ioctl(4, LOOP_CLR_FD) = 0 [pid 9462] close(4) = 0 [pid 9462] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9462] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 212.764674][ T9463] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 212.784458][ T5848] BTRFS info (device loop0): last unmount of filesystem 16741922-54a2-4a3b-a63d-859b041472ec [ 212.785722][ T9463] BTRFS info (device loop2): using free-space-tree [pid 9464] <... mount resumed>) = 0 [pid 9462] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9462] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9464] chdir("./file0" [pid 9462] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9464] <... chdir resumed>) = 0 [pid 9462] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9464] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9462] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9464] <... openat resumed>) = 4 [pid 9462] exit_group(0 [pid 9464] ioctl(4, LOOP_CLR_FD [pid 9462] <... exit_group resumed>) = ? [pid 9464] <... ioctl resumed>) = 0 [pid 9462] +++ exited with 0 +++ [pid 9464] close(4 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9462, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- [pid 9464] <... close resumed>) = 0 [pid 5851] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9464] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9464] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9464] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9464] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... openat resumed>) = 3 [pid 9464] <... write resumed>) = 280 [pid 5851] newfstatat(3, "", [pid 9464] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9464] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] getdents64(3, [pid 9464] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9464] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9464] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9464] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./41/binderfs", [pid 9464] exit_group(0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9464] <... exit_group resumed>) = ? [pid 5851] unlink("./41/binderfs") = 0 [pid 9464] +++ exited with 0 +++ [pid 5851] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9464, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=30 /* 0.30 s */} --- [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./41/file0" [pid 5849] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... rmdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] newfstatat(3, "", [pid 5848] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] close(3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... close resumed>) = 0 [pid 5849] getdents64(3, [pid 5852] rmdir("./41" [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./42/file0", [pid 5849] newfstatat(AT_FDCWD, "./42/binderfs", [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] mkdir("./42", 0777 [pid 5849] unlink("./42/binderfs" [pid 5848] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./42/file0") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] getdents64(3, [pid 5852] <... openat resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5848] close(3) = 0 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5848] rmdir("./42") = 0 [pid 5852] close(3) = 0 [pid 5848] mkdir("./43", 0777 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 9544 attached [pid 9544] set_robust_list(0x55558aa90660, 24) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 9544 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9544] chdir("./42" [pid 5848] <... openat resumed>) = 3 [pid 9544] <... chdir resumed>) = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 9544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 9544] setpgid(0, 0 [pid 5848] close(3 [pid 9544] <... setpgid resumed>) = 0 [pid 9544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... close resumed>) = 0 [pid 9544] <... openat resumed>) = 3 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9544] write(3, "1000", 4./strace-static-x86_64: Process 9545 attached ) = 4 [pid 9544] close(3) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 9545 [pid 9545] set_robust_list(0x55558aa90660, 24 [pid 9544] symlink("/dev/binderfs", "./binderfs" [pid 9545] <... set_robust_list resumed>) = 0 [pid 9544] <... symlink resumed>) = 0 [pid 9545] chdir("./43" [pid 9544] write(1, "executing program\n", 18executing program ) = 18 [pid 9545] <... chdir resumed>) = 0 [pid 9544] memfd_create("syzkaller", 0 [pid 9545] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9544] <... memfd_create resumed>) = 3 [pid 9545] <... prctl resumed>) = 0 [pid 9544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9545] setpgid(0, 0) = 0 [pid 9545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9545] write(3, "1000", 4) = 4 [pid 9545] close(3) = 0 [ 213.025536][ T5851] BTRFS info (device loop3): last unmount of filesystem 2fbd5f5c-1c4a-4998-856c-c03d6cad62d1 [pid 9545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9463] <... mount resumed>) = 0 [pid 9545] write(1, "executing program\n", 18 [pid 9463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORYexecuting program [pid 9545] <... write resumed>) = 18 [pid 9463] <... openat resumed>) = 3 [pid 9463] chdir("./file0") = 0 [pid 9463] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9463] ioctl(4, LOOP_CLR_FD) = 0 [pid 9463] close(4) = 0 [pid 9463] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9545] memfd_create("syzkaller", 0 [pid 9463] <... openat resumed>) = 4 [pid 9545] <... memfd_create resumed>) = 3 [pid 9545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9463] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9463] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9463] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9463] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9463] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9463] exit_group(0) = ? [pid 9463] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9463, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5850] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./41/binderfs") = 0 [ 213.080571][ T5849] BTRFS info (device loop1): last unmount of filesystem 6d13a12f-6167-4107-b6d5-3aa6242eff3d [pid 5850] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [ 213.222846][ T5850] BTRFS info (device loop2): last unmount of filesystem 5d1382bd-c927-4de4-8dbe-00fca074ab08 [pid 5851] close(4) = 0 [pid 5851] rmdir("./41/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./41") = 0 [pid 5851] mkdir("./42", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9549 attached [pid 9549] set_robust_list(0x55558aa90660, 24) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9549 [pid 9549] chdir("./42") = 0 [pid 9549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9549] setpgid(0, 0) = 0 [pid 9549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9549] write(3, "1000", 4) = 4 [pid 9549] close(3) = 0 [pid 9549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9549] write(1, "executing program\n", 18executing program ) = 18 [pid 9549] memfd_create("syzkaller", 0) = 3 [pid 9549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./42/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./42") = 0 [pid 5849] mkdir("./43", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 9544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9550 ./strace-static-x86_64: Process 9550 attached [pid 9550] set_robust_list(0x55558aa90660, 24) = 0 [pid 9550] chdir("./43") = 0 [pid 9550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9550] setpgid(0, 0) = 0 [pid 9550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9550] write(3, "1000", 4) = 4 [pid 9550] close(3) = 0 [pid 9550] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9550] write(1, "executing program\n", 18) = 18 [pid 9550] memfd_create("syzkaller", 0) = 3 [pid 9550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./41/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./41") = 0 [pid 5850] mkdir("./42", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9551 attached , child_tidptr=0x55558aa90650) = 9551 [pid 9551] set_robust_list(0x55558aa90660, 24) = 0 [pid 9551] chdir("./42") = 0 [pid 9551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9551] setpgid(0, 0) = 0 [pid 9551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9551] write(3, "1000", 4) = 4 [pid 9551] close(3) = 0 [pid 9551] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9551] write(1, "executing program\n", 18) = 18 [pid 9551] memfd_create("syzkaller", 0) = 3 [pid 9551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9544] <... write resumed>) = 16777216 [pid 9545] <... write resumed>) = 16777216 [pid 9544] munmap(0x7f362be00000, 138412032 [pid 9545] munmap(0x7f362be00000, 138412032) = 0 [pid 9545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9545] ioctl(4, LOOP_SET_FD, 3 [pid 9544] <... munmap resumed>) = 0 [pid 9544] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9545] <... ioctl resumed>) = 0 [pid 9544] close(3 [pid 9545] close(3 [pid 9544] <... close resumed>) = 0 [pid 9544] close(4 [pid 9545] <... close resumed>) = 0 [pid 9545] close(4 [pid 9544] <... close resumed>) = 0 [pid 9545] <... close resumed>) = 0 [pid 9544] mkdir("./file0", 0777 [pid 9545] mkdir("./file0", 0777 [pid 9544] <... mkdir resumed>) = 0 [pid 9545] <... mkdir resumed>) = 0 [pid 9544] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [ 214.114297][ T9545] loop0: detected capacity change from 0 to 32768 [ 214.124849][ T9544] loop4: detected capacity change from 0 to 32768 [ 214.170408][ T9545] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9545) [ 214.229952][ T9544] BTRFS: device /dev/loop4 (7:4) using temp-fsid d9c0528b-bd43-4e27-9989-f45ac9c4aeb0 [ 214.240224][ T9545] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 214.265031][ T9544] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9544) [pid 9545] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 214.279057][ T9545] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 214.319322][ T9545] BTRFS info (device loop0): using free-space-tree [pid 9551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9549] <... write resumed>) = 16777216 [pid 9549] munmap(0x7f362be00000, 138412032) = 0 [ 214.350387][ T9544] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9549] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9549] close(3) = 0 [pid 9549] close(4) = 0 [ 214.395100][ T9549] loop3: detected capacity change from 0 to 32768 [ 214.399255][ T9544] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 214.413222][ T9544] BTRFS info (device loop4): using free-space-tree [pid 9549] mkdir("./file0", 0777) = 0 [pid 9549] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 9550] <... write resumed>) = 16777216 [pid 9550] munmap(0x7f362be00000, 138412032 [pid 9545] <... mount resumed>) = 0 [ 214.465771][ T9549] BTRFS: device /dev/loop3 (7:3) using temp-fsid ed536fe3-f2d6-4adf-b5de-c8cb5cd111e0 [ 214.493732][ T9549] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9549) [pid 9550] <... munmap resumed>) = 0 [pid 9545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9545] chdir("./file0") = 0 [pid 9550] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9550] ioctl(4, LOOP_SET_FD, 3 [pid 9545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9545] ioctl(4, LOOP_CLR_FD) = 0 [pid 9545] close(4 [pid 9550] <... ioctl resumed>) = 0 [pid 9545] <... close resumed>) = 0 [pid 9545] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9550] close(3) = 0 [pid 9550] close(4) = 0 [pid 9545] <... openat resumed>) = 4 [pid 9550] mkdir("./file0", 0777) = 0 [ 214.540265][ T9549] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 214.546730][ T9550] loop1: detected capacity change from 0 to 32768 [pid 9550] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9545] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9545] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9545] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9545] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9545] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9545] exit_group(0 [pid 9551] <... write resumed>) = 16777216 [pid 9545] <... exit_group resumed>) = ? [pid 9545] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9545, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=22 /* 0.22 s */} --- [ 214.590718][ T9550] BTRFS: device /dev/loop1 (7:1) using temp-fsid e533528b-8d09-4b3a-a822-99cf5ee67275 [ 214.593253][ T9549] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 214.610206][ T9549] BTRFS info (device loop3): using free-space-tree [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./43/binderfs") = 0 [pid 5848] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 214.664139][ T9550] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9550) [pid 9551] munmap(0x7f362be00000, 138412032) = 0 [pid 9551] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9551] close(3) = 0 [ 214.712996][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 214.736892][ T9551] loop2: detected capacity change from 0 to 32768 [ 214.744205][ T9550] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9551] close(4) = 0 [pid 9551] mkdir("./file0", 0777) = 0 [pid 9551] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 9544] <... mount resumed>) = 0 [pid 9544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9544] chdir("./file0") = 0 [pid 9544] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9544] ioctl(4, LOOP_CLR_FD) = 0 [pid 9544] close(4) = 0 [pid 9544] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9544] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9544] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9544] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9544] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9544] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 214.780437][ T9551] BTRFS: device /dev/loop2 (7:2) using temp-fsid 813b4568-1759-421a-ba41-ede41a2c5c73 [ 214.790102][ T9551] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9551) [ 214.811492][ T9550] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 214.822253][ T9550] BTRFS info (device loop1): using free-space-tree [pid 9544] exit_group(0) = ? [pid 9544] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9544, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./42/binderfs") = 0 [pid 5852] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9549] <... mount resumed>) = 0 [pid 9549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9549] chdir("./file0") = 0 [pid 9549] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5848] newfstatat(4, "", [pid 9549] ioctl(4, LOOP_CLR_FD) = 0 [pid 9549] close(4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 214.929006][ T9551] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] getdents64(4, [pid 9549] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 9549] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9549] <... openat resumed>) = 4 [pid 5848] close(4) = 0 [pid 5848] rmdir("./43/file0" [pid 9549] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9549] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9549] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9549] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9549] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, [pid 9549] exit_group(0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 9549] <... exit_group resumed>) = ? [pid 9549] +++ exited with 0 +++ [pid 5848] rmdir("./43" [pid 9550] <... mount resumed>) = 0 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9549, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 9550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... rmdir resumed>) = 0 [pid 5851] <... restart_syscall resumed>) = 0 [pid 9550] <... openat resumed>) = 3 [pid 5848] mkdir("./44", 0777 [pid 9550] chdir("./file0") = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 9550] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9550] <... openat resumed>) = 4 [pid 5851] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9550] ioctl(4, LOOP_CLR_FD [pid 5851] <... openat resumed>) = 3 [pid 9550] <... ioctl resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5851] newfstatat(3, "", [pid 9550] close(4 [pid 5848] <... openat resumed>) = 3 [pid 9550] <... close resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9550] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 215.015682][ T9551] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 215.016251][ T5852] BTRFS info (device loop4): last unmount of filesystem d9c0528b-bd43-4e27-9989-f45ac9c4aeb0 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 9550] <... openat resumed>) = 4 [pid 5848] close(3) = 0 [pid 9550] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] getdents64(3, [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9617 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 9617 attached [pid 9550] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9617] set_robust_list(0x55558aa90660, 24 [pid 9550] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9617] <... set_robust_list resumed>) = 0 [pid 9550] <... write resumed>) = 280 [pid 5851] newfstatat(AT_FDCWD, "./42/binderfs", [pid 9550] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9550] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] unlink("./42/binderfs" [pid 9550] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9617] chdir("./44" [pid 9550] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... unlink resumed>) = 0 [pid 9617] <... chdir resumed>) = 0 [pid 9550] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9550] exit_group(0) = ? [pid 9617] <... prctl resumed>) = 0 [pid 9550] +++ exited with 0 +++ [pid 9617] setpgid(0, 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9550, si_uid=0, si_status=0, si_utime=15 /* 0.15 s */, si_stime=28 /* 0.28 s */} --- [pid 9617] <... setpgid resumed>) = 0 [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9617] <... openat resumed>) = 3 [pid 5849] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", [pid 9617] write(3, "1000", 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9617] <... write resumed>) = 4 [ 215.067661][ T9551] BTRFS info (device loop2): using free-space-tree [pid 9617] close(3 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9617] <... close resumed>) = 0 [pid 5849] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./43/binderfs", [pid 9617] write(1, "executing program\n", 18 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 9617] <... write resumed>) = 18 [pid 5849] unlink("./43/binderfs") = 0 [pid 5849] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9617] memfd_create("syzkaller", 0) = 3 [ 215.129709][ T5851] BTRFS info (device loop3): last unmount of filesystem ed536fe3-f2d6-4adf-b5de-c8cb5cd111e0 [pid 9617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 215.210965][ T5849] BTRFS info (device loop1): last unmount of filesystem e533528b-8d09-4b3a-a822-99cf5ee67275 [pid 9551] <... mount resumed>) = 0 [pid 9551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9551] chdir("./file0") = 0 [pid 9551] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9551] ioctl(4, LOOP_CLR_FD) = 0 [pid 9551] close(4) = 0 [pid 9551] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9551] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9551] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9551] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9551] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9551] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9551] exit_group(0) = ? [pid 9551] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9551, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=33 /* 0.33 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./42/binderfs") = 0 [pid 5850] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 215.530688][ T5850] BTRFS info (device loop2): last unmount of filesystem 813b4568-1759-421a-ba41-ede41a2c5c73 [pid 9617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./42/file0") = 0 [pid 5852] getdents64(3, [pid 5849] <... umount2 resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./42") = 0 [pid 5852] mkdir("./43", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... umount2 resumed>) = 0 [pid 5849] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 9634 ./strace-static-x86_64: Process 9634 attached [pid 9634] set_robust_list(0x55558aa90660, 24 [pid 5851] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] newfstatat(AT_FDCWD, "./42/file0", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./43/file0", [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] newfstatat(AT_FDCWD, "./42/file0", [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... openat resumed>) = 4 [pid 9634] <... set_robust_list resumed>) = 0 [pid 5851] newfstatat(4, "", [pid 5850] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 9634] chdir("./43" [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, [pid 9634] <... chdir resumed>) = 0 [pid 9634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9634] setpgid(0, 0) = 0 [pid 9634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9634] write(3, "1000", 4) = 4 [pid 9634] close(3) = 0 [pid 9634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9634] write(1, "executing program\n", 18) = 18 [pid 9634] memfd_create("syzkaller", 0 [pid 5851] getdents64(4, [pid 5850] getdents64(4, [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, [pid 9634] <... memfd_create resumed>) = 3 [pid 5851] getdents64(4, [pid 5850] getdents64(4, [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 5850] close(4 [pid 5849] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5849] rmdir("./43/file0" [pid 5851] rmdir("./42/file0" [pid 5850] <... close resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5850] rmdir("./42/file0" [pid 5849] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, [pid 5850] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] getdents64(3, [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 5851] close(3 [pid 5850] close(3 [pid 5849] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5849] rmdir("./43" [pid 5851] rmdir("./42" [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./42" [pid 5849] <... rmdir resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5850] mkdir("./43", 0777 [pid 5849] mkdir("./44", 0777) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 5851] mkdir("./43", 0777 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5849] <... openat resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] <... ioctl resumed>) = 0 [pid 5849] close(3) = 0 [pid 5850] close(3 [pid 5851] <... mkdir resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... openat resumed>) = 3 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9635 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9636 ./strace-static-x86_64: Process 9636 attached ./strace-static-x86_64: Process 9635 attached [pid 9635] set_robust_list(0x55558aa90660, 24) = 0 [pid 9636] set_robust_list(0x55558aa90660, 24 [pid 9635] chdir("./43" [pid 9636] <... set_robust_list resumed>) = 0 [pid 9635] <... chdir resumed>) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 9636] chdir("./44" [pid 9635] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9636] <... chdir resumed>) = 0 [pid 9635] <... prctl resumed>) = 0 [pid 9636] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9635] setpgid(0, 0 [pid 9636] <... prctl resumed>) = 0 [pid 9635] <... setpgid resumed>) = 0 [pid 9636] setpgid(0, 0 [pid 9635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9636] <... setpgid resumed>) = 0 [pid 9635] <... openat resumed>) = 3 [pid 9636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9635] write(3, "1000", 4 [pid 9636] <... openat resumed>) = 3 [pid 9635] <... write resumed>) = 4 [pid 9636] write(3, "1000", 4 [pid 9635] close(3 [pid 9636] <... write resumed>) = 4 [pid 9636] close(3 [pid 9635] <... close resumed>) = 0 [pid 9636] <... close resumed>) = 0 [pid 9635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 9636] symlink("/dev/binderfs", "./binderfs" executing program [pid 9635] write(1, "executing program\n", 18executing program [pid 9636] <... symlink resumed>) = 0 [pid 9635] <... write resumed>) = 18 [pid 5851] close(3 [pid 9636] write(1, "executing program\n", 18 [pid 9635] memfd_create("syzkaller", 0 [pid 9636] <... write resumed>) = 18 [pid 9635] <... memfd_create resumed>) = 3 [pid 9636] memfd_create("syzkaller", 0 [pid 9635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... close resumed>) = 0 [pid 9636] <... memfd_create resumed>) = 3 [pid 9635] <... mmap resumed>) = 0x7f362be00000 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9637 attached [pid 9636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9637] set_robust_list(0x55558aa90660, 24 [pid 9636] <... mmap resumed>) = 0x7f362be00000 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9637 [pid 9637] <... set_robust_list resumed>) = 0 [pid 9637] chdir("./43") = 0 [pid 9637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9637] setpgid(0, 0) = 0 [pid 9637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9637] write(3, "1000", 4) = 4 [pid 9637] close(3) = 0 [pid 9637] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9637] write(1, "executing program\n", 18) = 18 [pid 9637] memfd_create("syzkaller", 0) = 3 [pid 9637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9617] <... write resumed>) = 16777216 [pid 9617] munmap(0x7f362be00000, 138412032) = 0 [pid 9617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9617] close(3) = 0 [pid 9617] close(4) = 0 [pid 9617] mkdir("./file0", 0777) = 0 [pid 9634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 216.027105][ T9617] loop0: detected capacity change from 0 to 32768 [ 216.078851][ T9617] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9617) [ 216.132239][ T9617] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9617] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 9635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 216.181869][ T9617] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 216.212785][ T9617] BTRFS info (device loop0): using free-space-tree [pid 9636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9617] <... mount resumed>) = 0 [pid 9617] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9617] chdir("./file0") = 0 [pid 9617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9617] ioctl(4, LOOP_CLR_FD) = 0 [pid 9617] close(4) = 0 [pid 9617] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9617] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9617] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9617] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9617] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9617] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9617] exit_group(0) = ? [pid 9617] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9617, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9634] <... write resumed>) = 16777216 [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9634] munmap(0x7f362be00000, 138412032 [pid 5848] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./44/binderfs") = 0 [pid 5848] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9634] <... munmap resumed>) = 0 [pid 9634] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9634] close(3) = 0 [pid 9634] close(4) = 0 [pid 9634] mkdir("./file0", 0777) = 0 [ 216.605863][ T9634] loop4: detected capacity change from 0 to 32768 [ 216.641086][ T9634] BTRFS: device /dev/loop4 (7:4) using temp-fsid b6a02f45-ba90-4d9b-80fd-8268df976504 [pid 9634] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 9637] <... write resumed>) = 16777216 [pid 9637] munmap(0x7f362be00000, 138412032) = 0 [pid 9635] <... write resumed>) = 16777216 [pid 9635] munmap(0x7f362be00000, 138412032 [pid 9637] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 216.648469][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 216.661343][ T9634] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9634) [pid 9637] ioctl(4, LOOP_SET_FD, 3 [pid 9635] <... munmap resumed>) = 0 [pid 9636] <... write resumed>) = 16777216 [pid 9635] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9637] <... ioctl resumed>) = 0 [pid 9635] <... openat resumed>) = 4 [pid 9637] close(3 [pid 9635] ioctl(4, LOOP_SET_FD, 3 [pid 9637] <... close resumed>) = 0 [ 216.714770][ T9637] loop3: detected capacity change from 0 to 32768 [ 216.741686][ T9635] loop2: detected capacity change from 0 to 32768 [ 216.747512][ T9634] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9636] munmap(0x7f362be00000, 138412032 [pid 9635] <... ioctl resumed>) = 0 [pid 9637] close(4 [pid 9636] <... munmap resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 9637] <... close resumed>) = 0 [pid 9636] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9635] close(3 [pid 9637] mkdir("./file0", 0777 [pid 9636] <... openat resumed>) = 4 [pid 9635] <... close resumed>) = 0 [pid 9637] <... mkdir resumed>) = 0 [pid 9636] ioctl(4, LOOP_SET_FD, 3 [pid 9635] close(4 [pid 9637] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9635] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9635] mkdir("./file0", 0777) = 0 [pid 9635] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] newfstatat(AT_FDCWD, "./44/file0", [pid 9636] <... ioctl resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9636] close(3) = 0 [pid 9636] close(4) = 0 [pid 5848] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9636] mkdir("./file0", 0777 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 216.778757][ T9634] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 216.783993][ T9636] loop1: detected capacity change from 0 to 32768 [ 216.797750][ T9637] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9637) [pid 5848] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9636] <... mkdir resumed>) = 0 [pid 9636] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [ 216.834024][ T9634] BTRFS info (device loop4): using free-space-tree [ 216.843601][ T9635] BTRFS: device /dev/loop2 (7:2) using temp-fsid 2d385908-bb51-4b13-9409-b84117665e4e [ 216.861508][ T9637] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] rmdir("./44/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./44") = 0 [pid 5848] mkdir("./45", 0777) = 0 [ 216.879672][ T9635] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9635) [ 216.902076][ T9637] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 216.924586][ T9636] BTRFS: device /dev/loop1 (7:1) using temp-fsid e4dd63b8-393d-4468-b03a-6ba12bef488d [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9663 ./strace-static-x86_64: Process 9663 attached [ 216.939593][ T9637] BTRFS info (device loop3): using free-space-tree [ 216.953355][ T9635] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 216.972582][ T9635] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 9663] set_robust_list(0x55558aa90660, 24) = 0 [pid 9663] chdir("./45") = 0 [pid 9663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9663] setpgid(0, 0) = 0 [pid 9663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9663] write(3, "1000", 4) = 4 [ 216.989764][ T9636] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9636) [ 217.004020][ T9635] BTRFS info (device loop2): using free-space-tree [pid 9663] close(3) = 0 [pid 9663] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9663] write(1, "executing program\n", 18) = 18 [pid 9663] memfd_create("syzkaller", 0) = 3 [pid 9663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 217.064675][ T9636] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9634] <... mount resumed>) = 0 [pid 9634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9634] chdir("./file0") = 0 [pid 9634] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9634] ioctl(4, LOOP_CLR_FD) = 0 [pid 9634] close(4) = 0 [pid 9634] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9634] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9634] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9634] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9634] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9634] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9634] exit_group(0) = ? [pid 9634] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9634, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=20 /* 0.20 s */} --- [ 217.133449][ T9636] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./43/binderfs") = 0 [pid 5852] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9637] <... mount resumed>) = 0 [pid 9637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9637] chdir("./file0") = 0 [pid 9637] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9637] ioctl(4, LOOP_CLR_FD) = 0 [pid 9637] close(4) = 0 [pid 9637] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 217.199345][ T9636] BTRFS info (device loop1): using free-space-tree [pid 9637] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9637] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9635] <... mount resumed>) = 0 [pid 9637] <... write resumed>) = 280 [pid 9635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9635] chdir("./file0") = 0 [pid 9637] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9635] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9637] bpf(BPF_PROG_LOAD, NULL, 0 [pid 9635] <... openat resumed>) = 4 [pid 9635] ioctl(4, LOOP_CLR_FD) = 0 [pid 9635] close(4) = 0 [pid 9635] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9635] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9635] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9635] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9635] bpf(BPF_PROG_LOAD, NULL, 0 [pid 9637] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9635] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9637] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9635] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9635] exit_group(0) = ? [pid 9635] +++ exited with 0 +++ [pid 9637] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9635, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=21 /* 0.21 s */} --- [pid 9637] exit_group(0 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 9637] <... exit_group resumed>) = ? [pid 5850] <... restart_syscall resumed>) = 0 [pid 9637] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9637, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=24 /* 0.24 s */} --- [pid 5850] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... restart_syscall resumed>) = 0 [pid 5851] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./43/binderfs") = 0 [pid 5851] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... openat resumed>) = 3 [ 217.279616][ T5852] BTRFS info (device loop4): last unmount of filesystem b6a02f45-ba90-4d9b-80fd-8268df976504 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./43/binderfs") = 0 [ 217.392385][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 217.423349][ T5850] BTRFS info (device loop2): last unmount of filesystem 2d385908-bb51-4b13-9409-b84117665e4e [pid 5850] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9636] <... mount resumed>) = 0 [pid 9636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9636] chdir("./file0") = 0 [pid 9636] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9636] ioctl(4, LOOP_CLR_FD) = 0 [pid 9636] close(4) = 0 [pid 9636] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9636] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9636] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9636] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9636] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9636] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9636] exit_group(0) = ? [pid 9636] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9636, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- [pid 5849] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./44/binderfs") = 0 [ 217.646718][ T5849] BTRFS info (device loop1): last unmount of filesystem e4dd63b8-393d-4468-b03a-6ba12bef488d [pid 5849] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./43/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./43") = 0 [pid 5851] mkdir("./44", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3 [pid 5852] <... umount2 resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9720 ./strace-static-x86_64: Process 9720 attached [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9720] set_robust_list(0x55558aa90660, 24 [pid 5852] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9720] <... set_robust_list resumed>) = 0 [pid 5852] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9720] chdir("./44" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9720] <... chdir resumed>) = 0 [pid 5852] <... openat resumed>) = 4 [pid 9720] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] newfstatat(4, "", [pid 9720] <... prctl resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9720] setpgid(0, 0 [pid 5852] getdents64(4, [pid 9720] <... setpgid resumed>) = 0 [pid 9720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 9720] <... openat resumed>) = 3 [pid 9720] write(3, "1000", 4 [pid 5852] getdents64(4, [pid 9720] <... write resumed>) = 4 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9720] close(3 [pid 5852] close(4 [pid 9720] <... close resumed>) = 0 [pid 9720] symlink("/dev/binderfs", "./binderfs" [pid 5852] <... close resumed>) = 0 executing program [pid 9720] <... symlink resumed>) = 0 [pid 5852] rmdir("./43/file0" [pid 5850] <... umount2 resumed>) = 0 [pid 9720] write(1, "executing program\n", 18 [pid 5852] <... rmdir resumed>) = 0 [pid 9720] <... write resumed>) = 18 [pid 5850] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] getdents64(3, [pid 9720] memfd_create("syzkaller", 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] close(3 [pid 5850] newfstatat(AT_FDCWD, "./43/file0", [pid 5852] <... close resumed>) = 0 [pid 9720] <... memfd_create resumed>) = 3 [pid 5852] rmdir("./43" [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5850] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] mkdir("./44", 0777 [pid 9720] <... mmap resumed>) = 0x7f362be00000 [pid 5850] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... mkdir resumed>) = 0 [pid 5850] <... openat resumed>) = 4 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5850] newfstatat(4, "", [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] getdents64(4, [pid 5852] close(3 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... close resumed>) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] close(4) = 0 ./strace-static-x86_64: Process 9721 attached [pid 5850] rmdir("./43/file0" [pid 9721] set_robust_list(0x55558aa90660, 24) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, [pid 9721] chdir("./44" [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 9721 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 9721] <... chdir resumed>) = 0 [pid 9721] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] close(3 [pid 9721] <... prctl resumed>) = 0 [pid 9721] setpgid(0, 0 [pid 5850] <... close resumed>) = 0 [pid 9721] <... setpgid resumed>) = 0 [pid 5850] rmdir("./43" [pid 9721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] <... rmdir resumed>) = 0 [pid 5850] mkdir("./44", 0777 [pid 9721] write(3, "1000", 4) = 4 [pid 5850] <... mkdir resumed>) = 0 [pid 9721] close(3 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9721] <... close resumed>) = 0 [pid 9721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] <... openat resumed>) = 3 [pid 9721] write(1, "executing program\n", 18 [pid 5850] ioctl(3, LOOP_CLR_FDexecuting program [pid 9721] <... write resumed>) = 18 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] close(3 [pid 9721] memfd_create("syzkaller", 0 [pid 5850] <... close resumed>) = 0 [pid 9721] <... memfd_create resumed>) = 3 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9722 attached [pid 9721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9722] set_robust_list(0x55558aa90660, 24 [pid 9721] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9722 [pid 9722] <... set_robust_list resumed>) = 0 [pid 9663] <... write resumed>) = 16777216 [pid 9722] chdir("./44" [pid 9663] munmap(0x7f362be00000, 138412032 [pid 9722] <... chdir resumed>) = 0 [pid 9722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9722] setpgid(0, 0) = 0 [pid 9722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9722] write(3, "1000", 4) = 4 [pid 9722] close(3) = 0 [pid 9722] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9722] write(1, "executing program\n", 18) = 18 [pid 9722] memfd_create("syzkaller", 0) = 3 [pid 9722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9663] <... munmap resumed>) = 0 [pid 9663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9663] close(3) = 0 [pid 9663] close(4) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4 [pid 9663] mkdir("./file0", 0777 [pid 5849] <... close resumed>) = 0 [pid 5849] rmdir("./44/file0") = 0 [pid 5849] getdents64(3, [pid 9663] <... mkdir resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 9663] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] close(3) = 0 [ 217.960044][ T9663] loop0: detected capacity change from 0 to 32768 [pid 5849] rmdir("./44") = 0 [pid 5849] mkdir("./45", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9723 ./strace-static-x86_64: Process 9723 attached [pid 9723] set_robust_list(0x55558aa90660, 24) = 0 [pid 9723] chdir("./45") = 0 [pid 9723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9723] setpgid(0, 0) = 0 [pid 9723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9723] write(3, "1000", 4) = 4 [pid 9723] close(3) = 0 [pid 9723] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9723] write(1, "executing program\n", 18) = 18 [pid 9723] memfd_create("syzkaller", 0) = 3 [pid 9723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 218.006771][ T9663] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9663) [ 218.069496][ T9663] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 218.114669][ T9663] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 218.157649][ T9663] BTRFS info (device loop0): using free-space-tree [pid 9720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9663] <... mount resumed>) = 0 [pid 9663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9663] chdir("./file0") = 0 [pid 9663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9663] ioctl(4, LOOP_CLR_FD) = 0 [pid 9663] close(4) = 0 [pid 9663] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9663] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9663] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9663] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9663] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9663] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9663] exit_group(0) = ? [pid 9663] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9663, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./45/binderfs") = 0 [pid 5848] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9723] <... write resumed>) = 16777216 [pid 9723] munmap(0x7f362be00000, 138412032) = 0 [ 218.601732][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9723] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9720] <... write resumed>) = 16777216 [pid 9720] munmap(0x7f362be00000, 138412032 [ 218.679426][ T9723] loop1: detected capacity change from 0 to 32768 [pid 9723] close(3 [pid 9720] <... munmap resumed>) = 0 [pid 9723] <... close resumed>) = 0 [pid 9721] <... write resumed>) = 16777216 [pid 9723] close(4 [pid 9720] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9723] <... close resumed>) = 0 [pid 9720] <... openat resumed>) = 4 [pid 9723] mkdir("./file0", 0777 [pid 9720] ioctl(4, LOOP_SET_FD, 3 [pid 9723] <... mkdir resumed>) = 0 [pid 9721] munmap(0x7f362be00000, 138412032 [pid 9720] <... ioctl resumed>) = 0 [pid 9723] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9720] close(3) = 0 [pid 9721] <... munmap resumed>) = 0 [pid 9720] close(4) = 0 [pid 9720] mkdir("./file0", 0777) = 0 [ 218.749268][ T9720] loop3: detected capacity change from 0 to 32768 [ 218.763239][ T9723] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9723) [pid 9720] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 9721] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9721] ioctl(4, LOOP_SET_FD, 3 [pid 9722] <... write resumed>) = 16777216 [pid 9721] <... ioctl resumed>) = 0 [pid 9721] close(3) = 0 [pid 9721] close(4) = 0 [ 218.802229][ T9720] BTRFS: device /dev/loop3 (7:3) using temp-fsid 16233476-7804-4de7-b08a-0f8dac6cfc3e [ 218.827312][ T9720] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9720) [ 218.830336][ T9721] loop4: detected capacity change from 0 to 32768 [pid 9721] mkdir("./file0", 0777) = 0 [pid 9721] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [ 218.864489][ T9723] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9722] munmap(0x7f362be00000, 138412032) = 0 [ 218.905389][ T9723] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 218.909589][ T9721] BTRFS: device /dev/loop4 (7:4) using temp-fsid c22c8a9a-f57c-404d-be6d-51142cf9fd52 [ 218.915322][ T9723] BTRFS info (device loop1): using free-space-tree [ 218.931448][ T9720] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] <... umount2 resumed>) = 0 [pid 9722] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9722] ioctl(4, LOOP_SET_FD, 3 [pid 5848] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 218.947520][ T9721] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9721) [ 218.950440][ T9722] loop2: detected capacity change from 0 to 32768 [ 218.968678][ T9720] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 218.987671][ T9721] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 218.992183][ T9720] BTRFS info (device loop3): using free-space-tree [pid 5848] newfstatat(AT_FDCWD, "./45/file0", [pid 9722] <... ioctl resumed>) = 0 [pid 9722] close(3) = 0 [pid 9722] close(4) = 0 [pid 9722] mkdir("./file0", 0777) = 0 [pid 9722] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./45/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./45") = 0 [pid 5848] mkdir("./46", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 219.006194][ T9722] BTRFS: device /dev/loop2 (7:2) using temp-fsid 184111bd-fc01-4b4e-a1ce-b04c2b5fbe06 [ 219.038457][ T9721] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9752 attached [pid 9752] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 9752 [pid 9752] <... set_robust_list resumed>) = 0 [pid 9752] chdir("./46") = 0 [pid 9752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9752] setpgid(0, 0) = 0 [pid 9752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9752] write(3, "1000", 4) = 4 [pid 9752] close(3) = 0 [pid 9752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9752] write(1, "executing program\n", 18executing program ) = 18 [pid 9752] memfd_create("syzkaller", 0) = 3 [pid 9752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 219.069359][ T9722] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9722) [ 219.100749][ T9721] BTRFS info (device loop4): using free-space-tree [ 219.170493][ T9722] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 219.188705][ T9722] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 219.252761][ T9722] BTRFS info (device loop2): using free-space-tree [pid 9723] <... mount resumed>) = 0 [pid 9723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9723] chdir("./file0") = 0 [pid 9720] <... mount resumed>) = 0 [pid 9723] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9720] chdir("./file0") = 0 [pid 9720] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9723] <... openat resumed>) = 4 [pid 9720] <... openat resumed>) = 4 [pid 9720] ioctl(4, LOOP_CLR_FD [pid 9723] ioctl(4, LOOP_CLR_FD [pid 9720] <... ioctl resumed>) = 0 [pid 9723] <... ioctl resumed>) = 0 [pid 9720] close(4 [pid 9723] close(4 [pid 9720] <... close resumed>) = 0 [pid 9723] <... close resumed>) = 0 [pid 9720] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9723] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9723] ioctl(-1, SIOCGIFINDEX, NULL [pid 9720] ioctl(-1, SIOCGIFINDEX, NULL [pid 9723] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9720] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9723] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 9720] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9723] <... write resumed>) = 280 [pid 9721] <... mount resumed>) = 0 [pid 9720] bpf(BPF_MAP_CREATE, NULL, 0 [pid 9723] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9720] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9723] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9720] bpf(BPF_PROG_LOAD, NULL, 0 [pid 9723] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9721] <... openat resumed>) = 3 [pid 9720] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 9723] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9723] exit_group(0 [pid 9721] chdir("./file0" [pid 9720] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 9723] <... exit_group resumed>) = ? [pid 9721] <... chdir resumed>) = 0 [pid 9720] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9720] exit_group(0 [pid 9721] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9720] <... exit_group resumed>) = ? [pid 9723] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9723, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=23 /* 0.23 s */} --- [pid 9720] +++ exited with 0 +++ [pid 5849] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9720, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5849] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9721] ioctl(4, LOOP_CLR_FD [pid 5851] <... restart_syscall resumed>) = 0 [pid 5849] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9721] <... ioctl resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./45/binderfs", [pid 5851] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9721] close(4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9721] <... close resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] unlink("./45/binderfs" [pid 5851] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... unlink resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5849] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, [pid 9721] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9721] <... openat resumed>) = 4 [pid 5851] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9721] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9721] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./44/binderfs") = 0 [pid 5851] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9721] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9721] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9721] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9721] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9721] exit_group(0) = ? [pid 9721] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9721, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./44/binderfs") = 0 [pid 5852] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9722] <... mount resumed>) = 0 [pid 9722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 219.475808][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9722] chdir("./file0") = 0 [pid 9722] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9722] ioctl(4, LOOP_CLR_FD) = 0 [pid 9722] close(4) = 0 [pid 9722] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9722] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9722] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9722] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9722] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9722] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9722] exit_group(0) = ? [pid 9722] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9722, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=23 /* 0.23 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 219.560942][ T5852] BTRFS info (device loop4): last unmount of filesystem c22c8a9a-f57c-404d-be6d-51142cf9fd52 [ 219.578207][ T5851] BTRFS info (device loop3): last unmount of filesystem 16233476-7804-4de7-b08a-0f8dac6cfc3e [pid 5850] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./44/binderfs") = 0 [pid 5850] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./44/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./44") = 0 [pid 5851] mkdir("./45", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9806 ./strace-static-x86_64: Process 9806 attached [ 219.715113][ T5850] BTRFS info (device loop2): last unmount of filesystem 184111bd-fc01-4b4e-a1ce-b04c2b5fbe06 [pid 9806] set_robust_list(0x55558aa90660, 24) = 0 [pid 9806] chdir("./45" [pid 9752] <... write resumed>) = 16777216 [pid 9806] <... chdir resumed>) = 0 [pid 9806] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9752] munmap(0x7f362be00000, 138412032 [pid 9806] <... prctl resumed>) = 0 [pid 9806] setpgid(0, 0) = 0 [pid 9806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9806] write(3, "1000", 4) = 4 [pid 9806] close(3executing program ) = 0 [pid 9806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9806] write(1, "executing program\n", 18) = 18 [pid 9806] memfd_create("syzkaller", 0) = 3 [pid 9806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9752] <... munmap resumed>) = 0 [pid 9752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 219.823896][ T9752] loop0: detected capacity change from 0 to 32768 [pid 9752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9752] close(3) = 0 [pid 9752] close(4) = 0 [pid 9752] mkdir("./file0", 0777) = 0 [ 219.864554][ T9752] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9752) [pid 9752] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] <... umount2 resumed>) = 0 [ 219.926340][ T9752] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./45/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./45") = 0 [pid 5849] mkdir("./46", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9809 attached , child_tidptr=0x55558aa90650) = 9809 [pid 9809] set_robust_list(0x55558aa90660, 24) = 0 [pid 9809] chdir("./46") = 0 [pid 9809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9809] setpgid(0, 0) = 0 [pid 9809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9809] write(3, "1000", 4) = 4 [pid 9809] close(3) = 0 [ 219.969578][ T9752] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 219.996034][ T9752] BTRFS info (device loop0): using free-space-tree [pid 9809] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 9809] write(1, "executing program\n", 18 [pid 5852] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9809] <... write resumed>) = 18 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./44/file0", [pid 9809] memfd_create("syzkaller", 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9809] <... memfd_create resumed>) = 3 [pid 5852] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./44/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./44") = 0 [pid 5852] mkdir("./45", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9824 attached , child_tidptr=0x55558aa90650) = 9824 [pid 9824] set_robust_list(0x55558aa90660, 24) = 0 [pid 9824] chdir("./45") = 0 [pid 9824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9824] setpgid(0, 0) = 0 [pid 9824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9824] write(3, "1000", 4) = 4 [pid 9824] close(3) = 0 [pid 9824] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9824] write(1, "executing program\n", 18) = 18 [pid 9824] memfd_create("syzkaller", 0) = 3 [pid 9824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9752] <... mount resumed>) = 0 [pid 9752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9752] chdir("./file0") = 0 [pid 9752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9752] ioctl(4, LOOP_CLR_FD) = 0 [pid 9752] close(4) = 0 [pid 9752] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9752] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9752] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9752] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9752] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9752] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9752] exit_group(0) = ? [pid 9752] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9752, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./46/binderfs") = 0 [pid 5848] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./44/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./44") = 0 [pid 5850] mkdir("./45", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [ 220.271490][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9825 attached [pid 9825] set_robust_list(0x55558aa90660, 24) = 0 [pid 9825] chdir("./45") = 0 [pid 9825] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9825 [pid 9825] <... prctl resumed>) = 0 [pid 9825] setpgid(0, 0) = 0 [pid 9825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9825] write(3, "1000", 4) = 4 [pid 9825] close(3) = 0 [pid 9825] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9825] write(1, "executing program\n", 18) = 18 [pid 9825] memfd_create("syzkaller", 0) = 3 [pid 9825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./46/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./46") = 0 [pid 5848] mkdir("./47", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9826 ./strace-static-x86_64: Process 9826 attached [pid 9826] set_robust_list(0x55558aa90660, 24) = 0 [pid 9826] chdir("./47") = 0 [pid 9826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9826] setpgid(0, 0) = 0 [pid 9826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9826] write(3, "1000", 4) = 4 [pid 9826] close(3) = 0 [pid 9826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9826] write(1, "executing program\n", 18executing program ) = 18 [pid 9826] memfd_create("syzkaller", 0) = 3 [pid 9826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9809] <... write resumed>) = 16777216 [pid 9806] <... write resumed>) = 16777216 [pid 9809] munmap(0x7f362be00000, 138412032 [pid 9806] munmap(0x7f362be00000, 138412032) = 0 [pid 9809] <... munmap resumed>) = 0 [pid 9806] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9809] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9806] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9809] <... openat resumed>) = 4 [pid 9806] close(3) = 0 [pid 9809] ioctl(4, LOOP_SET_FD, 3 [pid 9806] close(4) = 0 [pid 9806] mkdir("./file0", 0777) = 0 [pid 9806] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 9809] <... ioctl resumed>) = 0 [ 220.851276][ T9806] loop3: detected capacity change from 0 to 32768 [ 220.875672][ T9809] loop1: detected capacity change from 0 to 32768 [pid 9809] close(3) = 0 [pid 9809] close(4) = 0 [pid 9809] mkdir("./file0", 0777) = 0 [ 220.912828][ T9806] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9806) [ 220.966596][ T9809] BTRFS: device /dev/loop1 (7:1) using temp-fsid a3b4c5b2-7ee6-4012-9137-67cdcde4e6c9 [ 220.976802][ T9806] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 221.003437][ T9809] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9809) [ 221.017024][ T9806] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 9809] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9824] <... write resumed>) = 16777216 [pid 9826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9824] munmap(0x7f362be00000, 138412032) = 0 [ 221.059901][ T9806] BTRFS info (device loop3): using free-space-tree [ 221.086933][ T9809] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9824] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9824] close(3) = 0 [pid 9824] close(4) = 0 [pid 9824] mkdir("./file0", 0777) = 0 [ 221.114208][ T9824] loop4: detected capacity change from 0 to 32768 [ 221.121226][ T9809] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 221.157822][ T9824] BTRFS: device /dev/loop4 (7:4) using temp-fsid ca998a95-5e4a-4720-a3d6-5ea62f3f160a [ 221.184286][ T9809] BTRFS info (device loop1): using free-space-tree [pid 9824] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 9826] <... write resumed>) = 16777216 [ 221.232186][ T9824] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9824) [pid 9825] <... write resumed>) = 16777216 [pid 9826] munmap(0x7f362be00000, 138412032 [pid 9825] munmap(0x7f362be00000, 138412032 [pid 9826] <... munmap resumed>) = 0 [pid 9826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 221.292925][ T9824] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 221.309267][ T9824] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 221.328892][ T9824] BTRFS info (device loop4): using free-space-tree [pid 9826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9825] <... munmap resumed>) = 0 [pid 9806] <... mount resumed>) = 0 [pid 9826] close(3 [pid 9806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9826] <... close resumed>) = 0 [pid 9806] <... openat resumed>) = 3 [pid 9826] close(4 [pid 9806] chdir("./file0" [pid 9826] <... close resumed>) = 0 [pid 9825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9806] <... chdir resumed>) = 0 [pid 9825] <... openat resumed>) = 4 [pid 9806] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9825] ioctl(4, LOOP_SET_FD, 3 [pid 9806] <... openat resumed>) = 4 [pid 9826] mkdir("./file0", 0777 [pid 9806] ioctl(4, LOOP_CLR_FD) = 0 [pid 9826] <... mkdir resumed>) = 0 [pid 9806] close(4) = 0 [pid 9806] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9826] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 9806] <... openat resumed>) = 4 [pid 9806] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9806] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9806] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9806] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9806] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 221.365863][ T9826] loop0: detected capacity change from 0 to 32768 [ 221.394577][ T9825] loop2: detected capacity change from 0 to 32768 [pid 9806] exit_group(0) = ? [pid 9806] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9806, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 221.409940][ T9826] BTRFS: device /dev/loop0 (7:0) using temp-fsid 393ff2cf-6a85-42d3-a065-d2e4f58eda0b [pid 5851] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9825] <... ioctl resumed>) = 0 [pid 5851] unlink("./45/binderfs" [pid 9825] close(3 [pid 5851] <... unlink resumed>) = 0 [pid 9825] <... close resumed>) = 0 [pid 5851] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9825] close(4) = 0 [pid 9825] mkdir("./file0", 0777) = 0 [ 221.439262][ T9826] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9826) [ 221.512907][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 221.546427][ T9826] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 221.546991][ T9825] BTRFS: device /dev/loop2 (7:2) using temp-fsid a3b4b4a0-e10c-4910-a4f2-5e6a3093a789 [ 221.560201][ T9826] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 221.579788][ T9826] BTRFS info (device loop0): using free-space-tree [ 221.582482][ T9825] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9825) [pid 9825] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [pid 9809] <... mount resumed>) = 0 [pid 9809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9809] chdir("./file0") = 0 [pid 9809] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9809] ioctl(4, LOOP_CLR_FD) = 0 [pid 5851] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9809] close(4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9809] <... close resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./45/file0", [pid 9824] <... mount resumed>) = 0 [pid 9809] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9809] <... openat resumed>) = 4 [pid 5851] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9824] <... openat resumed>) = 3 [pid 5851] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9824] chdir("./file0" [pid 5851] <... openat resumed>) = 4 [ 221.614776][ T9825] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 221.632159][ T9825] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 9824] <... chdir resumed>) = 0 [pid 9809] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] newfstatat(4, "", [pid 9809] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9809] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9809] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9809] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9809] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9809] exit_group(0) = ? [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 9824] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9809] +++ exited with 0 +++ [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 9824] ioctl(4, LOOP_CLR_FD) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9809, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=27 /* 0.27 s */} --- [pid 9824] close(4 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 9824] <... close resumed>) = 0 [pid 9824] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] getdents64(4, [pid 5849] <... restart_syscall resumed>) = 0 [pid 9824] <... openat resumed>) = 4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5849] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] rmdir("./45/file0" [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9824] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... rmdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] getdents64(3, [pid 9824] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5851] close(3 [pid 9824] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... close resumed>) = 0 [pid 5849] newfstatat(3, "", [pid 5851] rmdir("./45" [pid 9824] <... write resumed>) = 280 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9824] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] mkdir("./46", 0777 [pid 9824] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... mkdir resumed>) = 0 [pid 5849] getdents64(3, [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9824] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... openat resumed>) = 3 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 9824] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] <... ioctl resumed>) = 0 [pid 5849] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] close(3 [pid 9824] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... close resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9824] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 9893 attached [pid 5849] unlink("./46/binderfs" [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9893 [pid 5849] <... unlink resumed>) = 0 [ 221.720215][ T9825] BTRFS info (device loop2): using free-space-tree [pid 9824] exit_group(0 [pid 5849] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9893] set_robust_list(0x55558aa90660, 24 [pid 9826] <... mount resumed>) = 0 [pid 9824] <... exit_group resumed>) = ? [pid 9893] <... set_robust_list resumed>) = 0 [pid 9826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9824] +++ exited with 0 +++ [pid 9826] <... openat resumed>) = 3 [pid 9826] chdir("./file0" [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9824, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 9826] <... chdir resumed>) = 0 [pid 9893] chdir("./46" [pid 9826] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 9826] <... openat resumed>) = 4 [pid 9893] <... chdir resumed>) = 0 [pid 9826] ioctl(4, LOOP_CLR_FD) = 0 [pid 9893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9826] close(4 [pid 9893] <... prctl resumed>) = 0 [pid 9826] <... close resumed>) = 0 [pid 9893] setpgid(0, 0 [pid 9826] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... restart_syscall resumed>) = 0 [pid 9893] <... setpgid resumed>) = 0 [pid 9826] <... openat resumed>) = 4 [pid 9893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9826] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9826] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9826] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9893] <... openat resumed>) = 3 [pid 9826] <... write resumed>) = 280 [pid 5852] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9893] write(3, "1000", 4 [pid 9826] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... openat resumed>) = 3 [pid 9826] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(3, "", [pid 9826] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9826] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] getdents64(3, [pid 9826] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 9893] <... write resumed>) = 4 [pid 9826] exit_group(0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9893] close(3) = 0 [pid 5852] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9893] symlink("/dev/binderfs", "./binderfs" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9826] <... exit_group resumed>) = ? [pid 5852] newfstatat(AT_FDCWD, "./45/binderfs", [pid 9893] <... symlink resumed>) = 0 [pid 9826] +++ exited with 0 +++ [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9893] write(1, "executing program\n", 18executing program ) = 18 [pid 5852] unlink("./45/binderfs" [pid 9893] memfd_create("syzkaller", 0 [pid 5852] <... unlink resumed>) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9826, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=21 /* 0.21 s */} --- [pid 9893] <... memfd_create resumed>) = 3 [pid 5852] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 9893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./47/binderfs") = 0 [ 221.867301][ T5849] BTRFS info (device loop1): last unmount of filesystem a3b4c5b2-7ee6-4012-9137-67cdcde4e6c9 [ 221.955879][ T5852] BTRFS info (device loop4): last unmount of filesystem ca998a95-5e4a-4720-a3d6-5ea62f3f160a [ 221.970760][ T5848] BTRFS info (device loop0): last unmount of filesystem 393ff2cf-6a85-42d3-a065-d2e4f58eda0b [pid 5848] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9825] <... mount resumed>) = 0 [pid 9825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9825] chdir("./file0") = 0 [pid 9825] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9825] ioctl(4, LOOP_CLR_FD) = 0 [pid 9825] close(4) = 0 [pid 9825] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9825] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9825] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9825] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9825] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9825] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9825] exit_group(0) = ? [pid 9825] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9825, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=29 /* 0.29 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./45/binderfs") = 0 [pid 5850] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./45/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./45") = 0 [pid 5852] mkdir("./46", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9911 attached , child_tidptr=0x55558aa90650) = 9911 [pid 9911] set_robust_list(0x55558aa90660, 24) = 0 [pid 9911] chdir("./46") = 0 [pid 9911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9911] setpgid(0, 0) = 0 [pid 9911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9911] write(3, "1000", 4) = 4 [pid 9911] close(3) = 0 [pid 9911] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9911] write(1, "executing program\n", 18) = 18 [pid 9911] memfd_create("syzkaller", 0) = 3 [pid 9911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 222.205342][ T5850] BTRFS info (device loop2): last unmount of filesystem a3b4b4a0-e10c-4910-a4f2-5e6a3093a789 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./46/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./46") = 0 [pid 5849] mkdir("./47", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9912 ./strace-static-x86_64: Process 9912 attached [pid 9912] set_robust_list(0x55558aa90660, 24) = 0 [pid 9912] chdir("./47") = 0 [pid 9912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9912] setpgid(0, 0) = 0 [pid 9912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9912] write(3, "1000", 4) = 4 [pid 9912] close(3) = 0 executing program [pid 9912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9912] write(1, "executing program\n", 18) = 18 [pid 9912] memfd_create("syzkaller", 0) = 3 [pid 9912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 9893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./47/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./47") = 0 [pid 5848] mkdir("./48", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9913 attached [pid 9913] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 9913 [pid 9913] <... set_robust_list resumed>) = 0 [pid 9913] chdir("./48") = 0 [pid 9913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9913] setpgid(0, 0) = 0 [pid 9913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9913] write(3, "1000", 4) = 4 [pid 9913] close(3) = 0 [pid 9913] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9913] write(1, "executing program\n", 18) = 18 [pid 9913] memfd_create("syzkaller", 0) = 3 [pid 9913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./45/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./45") = 0 [pid 5850] mkdir("./46", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9914 attached , child_tidptr=0x55558aa90650) = 9914 [pid 9914] set_robust_list(0x55558aa90660, 24) = 0 [pid 9911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9914] chdir("./46") = 0 [pid 9914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9914] setpgid(0, 0) = 0 [pid 9914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9914] write(3, "1000", 4) = 4 [pid 9914] close(3) = 0 [pid 9914] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9914] write(1, "executing program\n", 18) = 18 [pid 9914] memfd_create("syzkaller", 0) = 3 [pid 9914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9893] <... write resumed>) = 16777216 [pid 9893] munmap(0x7f362be00000, 138412032) = 0 [pid 9893] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9893] close(3) = 0 [pid 9893] close(4) = 0 [pid 9893] mkdir("./file0", 0777) = 0 [ 222.935747][ T9893] loop3: detected capacity change from 0 to 32768 [ 222.971466][ T9893] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9893) [pid 9893] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [ 223.039178][ T9893] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 223.069249][ T9893] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 223.078960][ T9893] BTRFS info (device loop3): using free-space-tree [pid 9913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9911] <... write resumed>) = 16777216 [pid 9911] munmap(0x7f362be00000, 138412032 [pid 9912] <... write resumed>) = 16777216 [pid 9911] <... munmap resumed>) = 0 [pid 9912] munmap(0x7f362be00000, 138412032) = 0 [pid 9911] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9912] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9911] <... openat resumed>) = 4 [pid 9912] <... openat resumed>) = 4 [pid 9911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9893] <... mount resumed>) = 0 [pid 9893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9912] ioctl(4, LOOP_SET_FD, 3 [pid 9893] <... openat resumed>) = 3 [pid 9912] <... ioctl resumed>) = 0 [pid 9893] chdir("./file0") = 0 [pid 9911] close(3) = 0 [pid 9911] close(4) = 0 [pid 9893] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9912] close(3 [pid 9911] mkdir("./file0", 0777 [pid 9893] <... openat resumed>) = 4 [pid 9912] <... close resumed>) = 0 [pid 9911] <... mkdir resumed>) = 0 [ 223.191125][ T9911] loop4: detected capacity change from 0 to 32768 [ 223.209444][ T9912] loop1: detected capacity change from 0 to 32768 [pid 9893] ioctl(4, LOOP_CLR_FD [pid 9912] close(4 [pid 9911] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 9893] <... ioctl resumed>) = 0 [pid 9912] <... close resumed>) = 0 [pid 9893] close(4 [pid 9912] mkdir("./file0", 0777 [pid 9893] <... close resumed>) = 0 [pid 9912] <... mkdir resumed>) = 0 [pid 9893] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9912] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9893] <... openat resumed>) = 4 [pid 9914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9893] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9893] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9893] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9893] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9893] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9893] exit_group(0) = ? [pid 9893] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9893, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5851] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 223.244726][ T9911] BTRFS: device /dev/loop4 (7:4) using temp-fsid 5e16a0ff-fcc1-4f4d-8405-fb5745c3a9bd [ 223.278814][ T9911] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9911) [pid 5851] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 223.330315][ T9911] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 223.338543][ T9912] BTRFS: device /dev/loop1 (7:1) using temp-fsid 1ccc1b3d-9b24-45fb-8604-ca3845414d97 [ 223.352920][ T9911] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 223.359726][ T9912] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9912) [pid 5851] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./46/binderfs") = 0 [ 223.375952][ T9911] BTRFS info (device loop4): using free-space-tree [ 223.419542][ T9912] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 223.431273][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9914] <... write resumed>) = 16777216 [ 223.465122][ T9912] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 223.494658][ T9912] BTRFS info (device loop1): using free-space-tree [pid 9914] munmap(0x7f362be00000, 138412032) = 0 [pid 9914] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9914] ioctl(4, LOOP_SET_FD, 3 [pid 9911] <... mount resumed>) = 0 [pid 9911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9911] chdir("./file0") = 0 [pid 9911] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9911] ioctl(4, LOOP_CLR_FD) = 0 [pid 9911] close(4) = 0 [pid 9911] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9911] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9911] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9911] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9911] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9911] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9911] exit_group(0) = ? [pid 9911] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9911, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 9914] <... ioctl resumed>) = 0 [pid 5852] <... restart_syscall resumed>) = 0 [pid 9914] close(3) = 0 [ 223.534395][ T9914] loop2: detected capacity change from 0 to 32768 [pid 9914] close(4 [pid 5852] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, [pid 9914] <... close resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9914] mkdir("./file0", 0777) = 0 [pid 9914] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./46/binderfs") = 0 [pid 5852] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9913] <... write resumed>) = 16777216 [pid 9912] <... mount resumed>) = 0 [pid 9912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9912] chdir("./file0") = 0 [pid 9912] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9912] ioctl(4, LOOP_CLR_FD) = 0 [pid 9912] close(4) = 0 [pid 9912] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9912] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9912] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [ 223.604829][ T9914] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9914) [pid 9913] munmap(0x7f362be00000, 138412032 [pid 9912] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9912] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9912] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9912] exit_group(0) = ? [pid 9912] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9912, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [pid 9913] <... munmap resumed>) = 0 [pid 9913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 223.676443][ T9914] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 223.706633][ T5852] BTRFS info (device loop4): last unmount of filesystem 5e16a0ff-fcc1-4f4d-8405-fb5745c3a9bd [ 223.715829][ T9913] loop0: detected capacity change from 0 to 32768 [pid 9913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9913] close(3 [pid 5849] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9913] <... close resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 9913] close(4 [pid 5849] newfstatat(3, "", [pid 9913] <... close resumed>) = 0 [pid 9913] mkdir("./file0", 0777 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9913] <... mkdir resumed>) = 0 [pid 5849] getdents64(3, [pid 9913] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 223.723731][ T9914] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 223.743727][ T9914] BTRFS info (device loop2): using free-space-tree [pid 5849] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./47/binderfs") = 0 [ 223.787386][ T9913] BTRFS: device /dev/loop0 (7:0) using temp-fsid 095b38ea-cb8d-4832-b940-a0758286acc4 [ 223.804594][ T5849] BTRFS info (device loop1): last unmount of filesystem 1ccc1b3d-9b24-45fb-8604-ca3845414d97 [ 223.809180][ T9913] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9913) [pid 5849] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./46/file0") = 0 [ 223.874945][ T9913] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./46") = 0 [pid 5851] mkdir("./47", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 223.939381][ T9913] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 223.949235][ T9913] BTRFS info (device loop0): using free-space-tree [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9985 attached [pid 9985] set_robust_list(0x55558aa90660, 24) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 9985 [pid 9985] chdir("./47") = 0 [pid 9914] <... mount resumed>) = 0 [pid 9985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9985] setpgid(0, 0) = 0 [pid 9985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9985] write(3, "1000", 4) = 4 [pid 9914] <... openat resumed>) = 3 [pid 9914] chdir("./file0") = 0 [pid 9914] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9914] ioctl(4, LOOP_CLR_FD) = 0 [pid 9914] close(4) = 0 [pid 9914] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 9985] close(3 [pid 9914] <... openat resumed>) = 4 [pid 9985] <... close resumed>) = 0 executing program [pid 9985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9985] write(1, "executing program\n", 18) = 18 [pid 9985] memfd_create("syzkaller", 0) = 3 [pid 9985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9914] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9914] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9914] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9914] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9914] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9914] exit_group(0) = ? [pid 9914] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9914, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./46/binderfs") = 0 [pid 5850] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", [pid 9913] <... mount resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] getdents64(4, [pid 9913] <... openat resumed>) = 3 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, [pid 9913] chdir("./file0" [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9913] <... chdir resumed>) = 0 [pid 5852] close(4 [pid 9913] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] <... close resumed>) = 0 [pid 9913] <... openat resumed>) = 4 [pid 5852] rmdir("./46/file0" [pid 9913] ioctl(4, LOOP_CLR_FD [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3 [pid 9913] <... ioctl resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 9913] close(4 [pid 5852] rmdir("./46" [pid 9913] <... close resumed>) = 0 [pid 9913] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] mkdir("./47", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9913] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9913] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9913] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9913] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9913] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9913] exit_group(0) = ? [pid 9913] +++ exited with 0 +++ [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9913, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5848] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./48/binderfs") = 0 [pid 5848] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 9996 ./strace-static-x86_64: Process 9996 attached [pid 9996] set_robust_list(0x55558aa90660, 24) = 0 [ 224.152995][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9996] chdir("./47") = 0 [pid 9996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9996] setpgid(0, 0) = 0 [pid 9996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9996] write(3, "1000", 4) = 4 [pid 9996] close(3) = 0 [pid 9996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 9996] write(1, "executing program\n", 18 [pid 5850] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 9996] <... write resumed>) = 18 [pid 5850] newfstatat(AT_FDCWD, "./46/file0", [pid 9996] memfd_create("syzkaller", 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9996] <... memfd_create resumed>) = 3 [pid 5850] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9996] <... mmap resumed>) = 0x7f362be00000 [pid 5850] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 5849] <... umount2 resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] close(4) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] rmdir("./46/file0") = 0 [pid 5849] newfstatat(AT_FDCWD, "./47/file0", [pid 5850] getdents64(3, [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] close(3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... close resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] rmdir("./46") = 0 [pid 5849] <... openat resumed>) = 4 [ 224.260671][ T5848] BTRFS info (device loop0): last unmount of filesystem 095b38ea-cb8d-4832-b940-a0758286acc4 [pid 5849] newfstatat(4, "", [pid 5850] mkdir("./47", 0777 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] <... mkdir resumed>) = 0 [pid 5849] getdents64(4, [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5849] close(4 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5849] <... close resumed>) = 0 [pid 5850] <... ioctl resumed>) = 0 [pid 5849] rmdir("./47/file0" [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9997 attached [pid 5848] <... umount2 resumed>) = 0 [pid 9997] set_robust_list(0x55558aa90660, 24) = 0 [pid 9997] chdir("./47" [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 9997 [pid 9997] <... chdir resumed>) = 0 [pid 9997] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] <... rmdir resumed>) = 0 [pid 9997] <... prctl resumed>) = 0 [pid 5849] getdents64(3, [pid 5848] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9997] setpgid(0, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9997] <... setpgid resumed>) = 0 [pid 9997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] newfstatat(AT_FDCWD, "./48/file0", [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9997] <... openat resumed>) = 3 [pid 5849] close(3 [pid 5848] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... close resumed>) = 0 [pid 9997] write(3, "1000", 4 [pid 5849] rmdir("./47" [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9997] <... write resumed>) = 4 [pid 5848] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... rmdir resumed>) = 0 [pid 9997] close(3 [pid 5849] mkdir("./48", 0777 [pid 5848] <... openat resumed>) = 4 [pid 9997] <... close resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 5849] <... mkdir resumed>) = 0 [pid 9997] symlink("/dev/binderfs", "./binderfs" [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9997] <... symlink resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5848] getdents64(4, executing program [pid 9997] write(1, "executing program\n", 18 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 9997] <... write resumed>) = 18 [pid 5848] getdents64(4, [pid 9997] memfd_create("syzkaller", 0 [pid 9985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 9997] <... memfd_create resumed>) = 3 [pid 5848] close(4 [pid 9997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... close resumed>) = 0 [pid 9997] <... mmap resumed>) = 0x7f362be00000 [pid 5848] rmdir("./48/file0" [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] close(3 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./48" [pid 5849] <... close resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9998 attached [pid 5848] <... rmdir resumed>) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 9998 [pid 5848] mkdir("./49", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3 [pid 9998] set_robust_list(0x55558aa90660, 24 [pid 5848] <... close resumed>) = 0 [pid 9998] <... set_robust_list resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9999 attached , child_tidptr=0x55558aa90650) = 9999 [pid 9999] set_robust_list(0x55558aa90660, 24 [pid 9998] chdir("./48" [pid 9999] <... set_robust_list resumed>) = 0 [pid 9998] <... chdir resumed>) = 0 [pid 9999] chdir("./49") = 0 [pid 9999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9999] setpgid(0, 0) = 0 [pid 9998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9998] setpgid(0, 0) = 0 [pid 9999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9999] <... openat resumed>) = 3 [pid 9998] <... openat resumed>) = 3 [pid 9998] write(3, "1000", 4executing program [pid 9999] write(3, "1000", 4) = 4 [pid 9999] close(3) = 0 [pid 9999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9999] write(1, "executing program\n", 18) = 18 [pid 9999] memfd_create("syzkaller", 0 [pid 9998] <... write resumed>) = 4 [pid 9999] <... memfd_create resumed>) = 3 [pid 9999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9998] close(3) = 0 [pid 9998] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9998] write(1, "executing program\n", 18) = 18 [pid 9998] memfd_create("syzkaller", 0) = 3 [pid 9998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 9996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9985] <... write resumed>) = 16777216 [pid 9997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9985] munmap(0x7f362be00000, 138412032 [pid 9999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9985] <... munmap resumed>) = 0 [pid 9985] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9985] close(3) = 0 [pid 9985] close(4) = 0 [pid 9985] mkdir("./file0", 0777) = 0 [pid 9985] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [ 224.951205][ T9985] loop3: detected capacity change from 0 to 32768 [ 224.999224][ T9985] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (9985) [ 225.079225][ T9985] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 225.119407][ T9985] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 225.128955][ T9985] BTRFS info (device loop3): using free-space-tree [pid 9998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9996] <... write resumed>) = 16777216 [pid 9997] <... write resumed>) = 16777216 [pid 9996] munmap(0x7f362be00000, 138412032 [pid 9997] munmap(0x7f362be00000, 138412032 [pid 9996] <... munmap resumed>) = 0 [pid 9997] <... munmap resumed>) = 0 [pid 9996] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9997] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9997] ioctl(4, LOOP_SET_FD, 3 [pid 9996] close(3 [pid 9999] <... write resumed>) = 16777216 [pid 9997] <... ioctl resumed>) = 0 [pid 9996] <... close resumed>) = 0 [pid 9996] close(4) = 0 [pid 9996] mkdir("./file0", 0777) = 0 [pid 9996] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 9985] <... mount resumed>) = 0 [ 225.299290][ T9996] loop4: detected capacity change from 0 to 32768 [ 225.322893][ T9997] loop2: detected capacity change from 0 to 32768 [ 225.338517][ T9996] BTRFS: device /dev/loop4 (7:4) using temp-fsid c3afad84-1e4f-4251-97d3-a73efe15b843 [pid 9999] munmap(0x7f362be00000, 138412032 [pid 9997] close(3) = 0 [pid 9985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9997] close(4) = 0 [pid 9997] mkdir("./file0", 0777) = 0 [ 225.348583][ T9996] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (9996) [ 225.364876][ T9996] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 225.375215][ T9996] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 225.385438][ T9996] BTRFS info (device loop4): using free-space-tree [pid 9997] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 9999] <... munmap resumed>) = 0 [pid 9985] <... openat resumed>) = 3 [pid 9985] chdir("./file0" [pid 9999] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9985] <... chdir resumed>) = 0 [pid 9999] <... openat resumed>) = 4 [pid 9985] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9999] ioctl(4, LOOP_SET_FD, 3 [pid 9985] <... openat resumed>) = 4 [pid 9985] ioctl(4, LOOP_CLR_FD) = 0 [pid 9985] close(4) = 0 [pid 9985] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9985] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9985] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9985] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9985] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9985] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9985] exit_group(0) = ? [pid 9999] <... ioctl resumed>) = 0 [pid 9985] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9985, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [ 225.386169][ T9997] BTRFS: device /dev/loop2 (7:2) using temp-fsid 3bc902c3-5ca2-46d0-ade8-a34ad2d79dc7 [ 225.410809][ T9999] loop0: detected capacity change from 0 to 32768 [ 225.436720][ T9997] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (9997) [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 9999] close(3 [pid 5851] <... restart_syscall resumed>) = 0 [pid 9999] <... close resumed>) = 0 [pid 5851] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9999] close(4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 9999] <... close resumed>) = 0 [pid 5851] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9999] mkdir("./file0", 0777 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9999] <... mkdir resumed>) = 0 [pid 5851] unlink("./47/binderfs") = 0 [pid 5851] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9998] <... write resumed>) = 16777216 [pid 9998] munmap(0x7f362be00000, 138412032 [ 225.487839][ T9997] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 225.518870][ T9999] BTRFS: device /dev/loop0 (7:0) using temp-fsid 2fb5036f-5dab-475e-bfdf-8e2caa0e57f4 [pid 9999] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 9998] <... munmap resumed>) = 0 [pid 9998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 225.529671][ T9997] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 225.546967][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 225.557378][ T9997] BTRFS info (device loop2): using free-space-tree [ 225.569952][ T9998] loop1: detected capacity change from 0 to 32768 [pid 9998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9998] close(3) = 0 [pid 9998] close(4) = 0 [pid 9998] mkdir("./file0", 0777) = 0 [ 225.580939][ T9999] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (9999) [ 225.660799][ T9998] BTRFS: device /dev/loop1 (7:1) using temp-fsid 2660596d-ee58-4008-8bf7-e57027663948 [ 225.673646][ T9999] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 9998] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 9996] <... mount resumed>) = 0 [pid 9996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9996] chdir("./file0") = 0 [pid 9996] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9996] ioctl(4, LOOP_CLR_FD) = 0 [pid 9996] close(4) = 0 [pid 9996] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9996] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9996] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9996] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9996] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9996] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 225.713429][ T9998] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (9998) [ 225.749861][ T9999] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 9996] exit_group(0) = ? [pid 9996] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9996, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=24 /* 0.24 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./47/binderfs") = 0 [ 225.784564][ T9999] BTRFS info (device loop0): using free-space-tree [ 225.794521][ T9998] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 225.816511][ T9998] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 225.828398][ T9998] BTRFS info (device loop1): using free-space-tree [pid 5852] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9997] <... mount resumed>) = 0 [pid 9997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9997] chdir("./file0") = 0 [pid 9997] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9997] ioctl(4, LOOP_CLR_FD) = 0 [pid 9997] close(4) = 0 [pid 9997] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 9997] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 225.837655][ T5852] BTRFS info (device loop4): last unmount of filesystem c3afad84-1e4f-4251-97d3-a73efe15b843 [pid 9997] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9997] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9997] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 9997] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9997] exit_group(0) = ? [pid 9997] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9997, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./47/binderfs") = 0 [pid 5850] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 225.991174][ T5850] BTRFS info (device loop2): last unmount of filesystem 3bc902c3-5ca2-46d0-ade8-a34ad2d79dc7 [pid 5852] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./47/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./47" [pid 9999] <... mount resumed>) = 0 [pid 9999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] mkdir("./48", 0777) = 0 [pid 9999] chdir("./file0" [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9999] <... chdir resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 9999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9999] ioctl(4, LOOP_CLR_FD) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 9999] close(4 [pid 5852] <... ioctl resumed>) = 0 [pid 9999] <... close resumed>) = 0 [pid 5852] close(3 [pid 9999] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... close resumed>) = 0 [pid 9999] <... openat resumed>) = 4 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10079 attached , child_tidptr=0x55558aa90650) = 10079 [pid 9999] ioctl(-1, SIOCGIFINDEX, NULL [pid 10079] set_robust_list(0x55558aa90660, 24 [pid 9999] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10079] <... set_robust_list resumed>) = 0 [pid 9999] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 10079] chdir("./48") = 0 [pid 9999] <... write resumed>) = 280 [pid 10079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10079] setpgid(0, 0) = 0 [pid 9999] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9999] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9999] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9999] exit_group(0) = ? [pid 9999] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9999, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 10079] <... openat resumed>) = 3 [pid 10079] write(3, "1000", 4) = 4 [pid 10079] close(3) = 0 [pid 5848] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10079] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10079] <... symlink resumed>) = 0 executing program [pid 10079] write(1, "executing program\n", 18 [pid 5848] <... openat resumed>) = 3 [pid 10079] <... write resumed>) = 18 [pid 5848] newfstatat(3, "", [pid 10079] memfd_create("syzkaller", 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10079] <... memfd_create resumed>) = 3 [pid 5848] getdents64(3, [pid 10079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10079] <... mmap resumed>) = 0x7f362be00000 [pid 5848] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./49/binderfs", [pid 9998] <... mount resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./49/binderfs" [pid 9998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] <... unlink resumed>) = 0 [pid 9998] chdir("./file0" [pid 5848] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9998] <... chdir resumed>) = 0 [pid 9998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9998] ioctl(4, LOOP_CLR_FD) = 0 [pid 9998] close(4) = 0 [pid 9998] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] <... umount2 resumed>) = 0 [pid 9998] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 9998] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 9998] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 9998] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9998] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./47/file0") = 0 [pid 5851] getdents64(3, [pid 9998] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./47") = 0 [pid 5851] mkdir("./48", 0777 [pid 9998] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... umount2 resumed>) = 0 [pid 5851] <... mkdir resumed>) = 0 [pid 5850] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 9998] exit_group(0) = ? [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9998] +++ exited with 0 +++ [pid 5850] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... openat resumed>) = 3 [pid 5850] getdents64(4, [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] close(4 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9998, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] close(3 [pid 5850] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5850] rmdir("./47/file0" [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, [pid 5849] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./47") = 0 [pid 5850] mkdir("./48", 0777 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10082 [pid 5850] <... mkdir resumed>) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10083 attached ./strace-static-x86_64: Process 10082 attached [pid 10083] set_robust_list(0x55558aa90660, 24 [pid 5849] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10083] <... set_robust_list resumed>) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 10083 [ 226.217838][ T5848] BTRFS info (device loop0): last unmount of filesystem 2fb5036f-5dab-475e-bfdf-8e2caa0e57f4 [pid 10083] chdir("./48") = 0 [pid 5849] <... openat resumed>) = 3 [pid 10082] set_robust_list(0x55558aa90660, 24 [pid 5849] newfstatat(3, "", [pid 10082] <... set_robust_list resumed>) = 0 [pid 10083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10082] chdir("./48" [pid 5849] getdents64(3, [pid 10082] <... chdir resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10082] <... prctl resumed>) = 0 [pid 10083] setpgid(0, 0) = 0 [pid 10083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10083] write(3, "1000", 4 [pid 10082] setpgid(0, 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10083] <... write resumed>) = 4 [pid 10083] close(3) = 0 [pid 10083] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10083] write(1, "executing program\n", 18) = 18 [pid 10082] <... setpgid resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./48/binderfs", [pid 10083] memfd_create("syzkaller", 0 [pid 10082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10083] <... memfd_create resumed>) = 3 [pid 10083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] unlink("./48/binderfs" [pid 10082] <... openat resumed>) = 3 [pid 5849] <... unlink resumed>) = 0 [pid 10082] write(3, "1000", 4) = 4 [pid 5849] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10082] close(3) = 0 executing program [pid 10082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10082] write(1, "executing program\n", 18) = 18 [pid 10082] memfd_create("syzkaller", 0) = 3 [pid 10082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 226.344037][ T5849] BTRFS info (device loop1): last unmount of filesystem 2660596d-ee58-4008-8bf7-e57027663948 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./48/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./48") = 0 [pid 5849] mkdir("./49", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10085 attached , child_tidptr=0x55558aa90650) = 10085 [pid 10085] set_robust_list(0x55558aa90660, 24) = 0 [pid 10085] chdir("./49") = 0 [pid 10085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10085] setpgid(0, 0) = 0 [pid 10085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10085] write(3, "1000", 4) = 4 [pid 10085] close(3) = 0 [pid 10085] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10085] write(1, "executing program\n", 18) = 18 [pid 10085] memfd_create("syzkaller", 0) = 3 [pid 10085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", [pid 10082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./49/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./49") = 0 [pid 5848] mkdir("./50", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10086 attached [pid 10086] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 10086 [pid 10086] <... set_robust_list resumed>) = 0 [pid 10086] chdir("./50") = 0 [pid 10086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10086] setpgid(0, 0) = 0 [pid 10086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10086] write(3, "1000", 4) = 4 [pid 10086] close(3) = 0 [pid 10086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10086] write(1, "executing program\n", 18executing program ) = 18 [pid 10086] memfd_create("syzkaller", 0) = 3 [pid 10086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10079] <... write resumed>) = 16777216 [pid 10079] munmap(0x7f362be00000, 138412032) = 0 [pid 10085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10079] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10083] <... write resumed>) = 16777216 [pid 10083] munmap(0x7f362be00000, 138412032 [pid 10079] ioctl(4, LOOP_SET_FD, 3 [pid 10083] <... munmap resumed>) = 0 [pid 10079] <... ioctl resumed>) = 0 [pid 10079] close(3) = 0 [pid 10083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10079] close(4 [pid 10083] <... openat resumed>) = 4 [pid 10079] <... close resumed>) = 0 [pid 10083] ioctl(4, LOOP_SET_FD, 3 [ 227.239901][T10079] loop4: detected capacity change from 0 to 32768 [pid 10079] mkdir("./file0", 0777 [pid 10083] <... ioctl resumed>) = 0 [pid 10079] <... mkdir resumed>) = 0 [pid 10083] close(3 [pid 10079] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10083] <... close resumed>) = 0 [pid 10083] close(4) = 0 [pid 10083] mkdir("./file0", 0777 [pid 10082] <... write resumed>) = 16777216 [pid 10083] <... mkdir resumed>) = 0 [ 227.281463][T10083] loop2: detected capacity change from 0 to 32768 [ 227.297421][T10079] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10079) [pid 10083] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 10082] munmap(0x7f362be00000, 138412032) = 0 [ 227.329077][T10079] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 227.340870][T10083] BTRFS: device /dev/loop2 (7:2) using temp-fsid a1d3ea65-3e2d-4265-9ef3-907854965f8a [ 227.364021][T10079] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 10082] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10082] ioctl(4, LOOP_SET_FD, 3 [pid 10086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10082] <... ioctl resumed>) = 0 [pid 10082] close(3) = 0 [ 227.374337][T10083] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10083) [ 227.382335][T10082] loop3: detected capacity change from 0 to 32768 [ 227.399305][T10079] BTRFS info (device loop4): using free-space-tree [pid 10082] close(4) = 0 [pid 10082] mkdir("./file0", 0777) = 0 [ 227.451309][T10082] BTRFS: device /dev/loop3 (7:3) using temp-fsid 8c82d93f-2145-45c9-905b-51cf4db5ce49 [ 227.462071][T10083] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 227.512225][T10083] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 227.520154][T10082] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10082) [ 227.523611][T10083] BTRFS info (device loop2): using free-space-tree [ 227.602094][T10082] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10082] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10085] <... write resumed>) = 16777216 [pid 10079] <... mount resumed>) = 0 [ 227.659256][T10082] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 10085] munmap(0x7f362be00000, 138412032 [pid 10079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10079] chdir("./file0") = 0 [pid 10079] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10079] ioctl(4, LOOP_CLR_FD) = 0 [pid 10079] close(4) = 0 [pid 10085] <... munmap resumed>) = 0 [pid 10079] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10085] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10079] <... openat resumed>) = 4 [pid 10085] <... openat resumed>) = 4 [ 227.699659][T10082] BTRFS info (device loop3): using free-space-tree [pid 10085] ioctl(4, LOOP_SET_FD, 3 [pid 10079] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10079] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10079] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10079] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10085] <... ioctl resumed>) = 0 [pid 10085] close(3) = 0 [pid 10085] close(4 [pid 10079] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10085] <... close resumed>) = 0 [pid 10085] mkdir("./file0", 0777) = 0 [pid 10085] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10079] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10079] exit_group(0) = ? [pid 10079] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10079, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=37 /* 0.37 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 227.740125][T10085] loop1: detected capacity change from 0 to 32768 [ 227.778327][T10085] BTRFS: device /dev/loop1 (7:1) using temp-fsid ddd0fa23-bf2e-4af0-bb11-299d9adcb745 [pid 5852] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./48/binderfs") = 0 [pid 5852] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10083] <... mount resumed>) = 0 [pid 10083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10083] chdir("./file0") = 0 [pid 10083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10083] ioctl(4, LOOP_CLR_FD) = 0 [pid 10083] close(4) = 0 [ 227.828457][T10085] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10085) [ 227.862356][T10085] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10083] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 227.882589][T10085] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 227.892311][T10085] BTRFS info (device loop1): using free-space-tree [pid 10083] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10083] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10083] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10083] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10083] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10083] exit_group(0) = ? [pid 10083] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10083, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10086] <... write resumed>) = 16777216 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10086] munmap(0x7f362be00000, 138412032 [pid 5850] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./48/binderfs") = 0 [ 227.945000][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10086] <... munmap resumed>) = 0 [pid 10082] <... mount resumed>) = 0 [pid 10082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10082] chdir("./file0") = 0 [pid 10082] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10082] ioctl(4, LOOP_CLR_FD) = 0 [pid 10082] close(4) = 0 [pid 10082] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10086] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10082] ioctl(-1, SIOCGIFINDEX, NULL [pid 10086] <... openat resumed>) = 4 [pid 10086] ioctl(4, LOOP_SET_FD, 3 [pid 10082] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10082] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10082] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10082] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10082] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10082] exit_group(0) = ? [pid 10082] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10082, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./48/binderfs") = 0 [pid 5851] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10085] <... mount resumed>) = 0 [pid 10085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10085] chdir("./file0" [pid 10086] <... ioctl resumed>) = 0 [pid 10085] <... chdir resumed>) = 0 [ 228.045857][ T5850] BTRFS info (device loop2): last unmount of filesystem a1d3ea65-3e2d-4265-9ef3-907854965f8a [ 228.073615][T10086] loop0: detected capacity change from 0 to 32768 [pid 10086] close(3 [pid 10085] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10086] <... close resumed>) = 0 [pid 10085] <... openat resumed>) = 4 [pid 10086] close(4 [pid 10085] ioctl(4, LOOP_CLR_FD [pid 10086] <... close resumed>) = 0 [pid 10085] <... ioctl resumed>) = 0 [pid 10086] mkdir("./file0", 0777 [pid 10085] close(4 [pid 10086] <... mkdir resumed>) = 0 [pid 10085] <... close resumed>) = 0 [pid 10085] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10086] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10085] <... openat resumed>) = 4 [pid 10085] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10085] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10085] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10085] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10085] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10085] exit_group(0) = ? [pid 10085] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10085, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./49/binderfs") = 0 [ 228.140638][ T5851] BTRFS info (device loop3): last unmount of filesystem 8c82d93f-2145-45c9-905b-51cf4db5ce49 [ 228.175286][T10086] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10086) [pid 5849] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... umount2 resumed>) = 0 [ 228.227617][T10086] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 228.260125][T10086] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./48/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./48") = 0 [pid 5850] mkdir("./49", 0777) = 0 [ 228.260941][ T5849] BTRFS info (device loop1): last unmount of filesystem ddd0fa23-bf2e-4af0-bb11-299d9adcb745 [ 228.289244][T10086] BTRFS info (device loop0): using free-space-tree [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10156 attached [pid 10156] set_robust_list(0x55558aa90660, 24) = 0 [pid 10156] chdir("./49") = 0 [pid 10156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10156] setpgid(0, 0) = 0 [pid 10156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10156] write(3, "1000", 4 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 10156 [pid 10156] <... write resumed>) = 4 [pid 10156] close(3) = 0 [pid 10156] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10156] write(1, "executing program\n", 18) = 18 [pid 10156] memfd_create("syzkaller", 0) = 3 [pid 10156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", [pid 5852] <... umount2 resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./48/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./48") = 0 [pid 5851] mkdir("./49", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10170 attached [pid 10170] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10170 [pid 10170] <... set_robust_list resumed>) = 0 [pid 10170] chdir("./49" [pid 10086] <... mount resumed>) = 0 [pid 10170] <... chdir resumed>) = 0 [pid 10170] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10170] <... prctl resumed>) = 0 [pid 10086] <... openat resumed>) = 3 [pid 5852] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10086] chdir("./file0" [pid 10170] setpgid(0, 0) = 0 [pid 10086] <... chdir resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./48/file0", [pid 10086] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10086] <... openat resumed>) = 4 [pid 5852] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10170] write(3, "1000", 4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10086] ioctl(4, LOOP_CLR_FD [pid 5852] newfstatat(4, "", [pid 10086] <... ioctl resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10086] close(4 [pid 5852] getdents64(4, [pid 10086] <... close resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 10086] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] close(4 [pid 10170] <... write resumed>) = 4 [pid 10170] close(3 [pid 10086] <... openat resumed>) = 4 [pid 5852] <... close resumed>) = 0 [pid 10170] <... close resumed>) = 0 [pid 10170] symlink("/dev/binderfs", "./binderfs" [pid 5852] rmdir("./48/file0" [pid 10170] <... symlink resumed>) = 0 [pid 10086] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... rmdir resumed>) = 0 [pid 10086] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] getdents64(3, [pid 10086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 executing program [pid 10170] write(1, "executing program\n", 18 [pid 10086] <... write resumed>) = 280 [pid 5852] close(3 [pid 10170] <... write resumed>) = 18 [pid 10086] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... close resumed>) = 0 [pid 10170] memfd_create("syzkaller", 0 [pid 10086] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] rmdir("./48" [pid 10170] <... memfd_create resumed>) = 3 [pid 10086] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] <... rmdir resumed>) = 0 [pid 10170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10086] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] mkdir("./49", 0777 [pid 10170] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... mkdir resumed>) = 0 [pid 10086] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10086] exit_group(0 [pid 5852] <... openat resumed>) = 3 [pid 10086] <... exit_group resumed>) = ? [pid 5852] ioctl(3, LOOP_CLR_FD [pid 10086] +++ exited with 0 +++ [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10086, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- [pid 5852] <... close resumed>) = 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 10172 attached [pid 5848] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10172 [pid 5848] <... openat resumed>) = 3 [pid 10172] set_robust_list(0x55558aa90660, 24 [pid 5848] newfstatat(3, "", [pid 10172] <... set_robust_list resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10172] chdir("./49" [pid 5848] getdents64(3, [pid 10172] <... chdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10172] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10172] <... prctl resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10172] setpgid(0, 0 [pid 5848] newfstatat(AT_FDCWD, "./50/binderfs", [pid 10172] <... setpgid resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] unlink("./50/binderfs" [pid 10172] <... openat resumed>) = 3 [pid 5848] <... unlink resumed>) = 0 [pid 10172] write(3, "1000", 4 [pid 5848] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10172] <... write resumed>) = 4 [pid 10172] close(3) = 0 [pid 10172] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10172] write(1, "executing program\n", 18) = 18 [pid 10172] memfd_create("syzkaller", 0) = 3 [pid 10172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 228.686653][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] <... umount2 resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... openat resumed>) = 4 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(4, "", [pid 5849] newfstatat(AT_FDCWD, "./49/file0", [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] getdents64(4, [pid 5849] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] close(4 [pid 5849] <... openat resumed>) = 4 [pid 5848] <... close resumed>) = 0 [pid 5849] newfstatat(4, "", [pid 5848] rmdir("./50/file0" [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5849] getdents64(4, [pid 5848] getdents64(3, [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] getdents64(4, [pid 5848] close(3 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... close resumed>) = 0 [pid 5849] close(4 [pid 5848] rmdir("./50" [pid 5849] <... close resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5849] rmdir("./49/file0" [pid 5848] mkdir("./51", 0777 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5849] getdents64(3, [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5849] close(3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5849] <... close resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5849] rmdir("./49" [pid 5848] close(3 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5849] mkdir("./50", 0777 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10174 attached [pid 5849] <... mkdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 10174 [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10174] set_robust_list(0x55558aa90660, 24 [pid 5849] close(3 [pid 10174] <... set_robust_list resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10174] chdir("./51") = 0 [pid 10174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10174] setpgid(0, 0) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 10175 ./strace-static-x86_64: Process 10175 attached [pid 10174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10175] set_robust_list(0x55558aa90660, 24 [pid 10174] write(3, "1000", 4) = 4 [pid 10174] close(3) = 0 [pid 10174] symlink("/dev/binderfs", "./binderfs" [pid 10175] <... set_robust_list resumed>) = 0 [pid 10174] <... symlink resumed>) = 0 [pid 10174] write(1, "executing program\n", 18executing program ) = 18 [pid 10174] memfd_create("syzkaller", 0) = 3 [pid 10174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10175] chdir("./50") = 0 [pid 10175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10175] setpgid(0, 0) = 0 [pid 10175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10175] <... openat resumed>) = 3 [pid 10175] write(3, "1000", 4) = 4 [pid 10175] close(3) = 0 [pid 10175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10175] write(1, "executing program\n", 18executing program ) = 18 [pid 10175] memfd_create("syzkaller", 0) = 3 [pid 10175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10156] <... write resumed>) = 16777216 [pid 10156] munmap(0x7f362be00000, 138412032 [pid 10175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10156] <... munmap resumed>) = 0 [pid 10156] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10156] close(3) = 0 [pid 10156] close(4) = 0 [pid 10156] mkdir("./file0", 0777 [pid 10172] <... write resumed>) = 16777216 [pid 10156] <... mkdir resumed>) = 0 [ 229.430110][T10156] loop2: detected capacity change from 0 to 32768 [pid 10156] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 10172] munmap(0x7f362be00000, 138412032) = 0 [pid 10172] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10172] close(3) = 0 [pid 10172] close(4) = 0 [ 229.482594][T10156] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10156) [ 229.520856][T10172] loop4: detected capacity change from 0 to 32768 [pid 10172] mkdir("./file0", 0777) = 0 [pid 10172] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10170] <... write resumed>) = 16777216 [ 229.543647][T10172] BTRFS: device /dev/loop4 (7:4) using temp-fsid 2662ef7b-2127-4b36-a007-8ee358ca2fee [ 229.553400][T10156] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 229.569424][T10172] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10172) [pid 10170] munmap(0x7f362be00000, 138412032) = 0 [pid 10170] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 229.589085][T10156] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 229.611065][T10156] BTRFS info (device loop2): using free-space-tree [pid 10170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10170] close(3) = 0 [pid 10170] close(4) = 0 [pid 10170] mkdir("./file0", 0777) = 0 [ 229.637316][T10170] loop3: detected capacity change from 0 to 32768 [ 229.639008][T10172] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10170] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10174] <... write resumed>) = 16777216 [ 229.687418][T10170] BTRFS: device /dev/loop3 (7:3) using temp-fsid 1239117b-eb2c-44bf-9970-2d49ed847c43 [ 229.706715][T10170] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10170) [pid 10174] munmap(0x7f362be00000, 138412032 [pid 10175] <... write resumed>) = 16777216 [pid 10175] munmap(0x7f362be00000, 138412032) = 0 [ 229.757399][T10172] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 229.766518][T10170] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 229.777487][T10172] BTRFS info (device loop4): using free-space-tree [pid 10174] <... munmap resumed>) = 0 [pid 10175] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10175] ioctl(4, LOOP_SET_FD, 3 [pid 10174] <... openat resumed>) = 4 [pid 10174] ioctl(4, LOOP_SET_FD, 3 [pid 10175] <... ioctl resumed>) = 0 [pid 10175] close(3) = 0 [pid 10175] close(4) = 0 [pid 10175] mkdir("./file0", 0777) = 0 [pid 10174] <... ioctl resumed>) = 0 [pid 10174] close(3) = 0 [pid 10174] close(4) = 0 [ 229.806146][T10170] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 229.817527][T10175] loop1: detected capacity change from 0 to 32768 [ 229.818222][T10174] loop0: detected capacity change from 0 to 32768 [ 229.843593][T10170] BTRFS info (device loop3): using free-space-tree [pid 10174] mkdir("./file0", 0777) = 0 [pid 10174] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 229.865302][T10174] BTRFS: device /dev/loop0 (7:0) using temp-fsid 28680a33-00be-42cf-9f93-ad1e639d8148 [ 229.938359][T10174] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10174) [ 230.001223][T10175] BTRFS: device /dev/loop1 (7:1) using temp-fsid ab8ae515-6cda-4f93-8b80-461eabceb973 [ 230.015764][T10174] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 230.026112][T10174] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 230.036139][T10174] BTRFS info (device loop0): using free-space-tree [ 230.043315][T10175] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10175) [pid 10175] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10156] <... mount resumed>) = 0 [pid 10156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10156] chdir("./file0") = 0 [pid 10156] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10156] ioctl(4, LOOP_CLR_FD) = 0 [pid 10156] close(4) = 0 [pid 10156] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10156] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10156] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10156] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10156] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10156] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10156] exit_group(0) = ? [pid 10172] <... mount resumed>) = 0 [pid 10156] +++ exited with 0 +++ [pid 10172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10156, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- [pid 10172] <... openat resumed>) = 3 [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 10172] chdir("./file0" [pid 5850] <... restart_syscall resumed>) = 0 [pid 10172] <... chdir resumed>) = 0 [ 230.095097][T10175] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 230.113281][T10175] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 230.125974][T10175] BTRFS info (device loop1): using free-space-tree [pid 10172] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5850] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10172] close(4) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10172] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5850] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", [pid 10172] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10172] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5850] getdents64(3, [pid 10172] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10172] <... write resumed>) = 280 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./49/binderfs", [pid 10172] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10172] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5850] unlink("./49/binderfs" [pid 10172] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5850] <... unlink resumed>) = 0 [pid 10172] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5850] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10172] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10172] exit_group(0) = ? [pid 10172] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10172, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=23 /* 0.23 s */} --- [pid 5852] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", [pid 10170] <... mount resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] getdents64(3, [pid 10170] <... openat resumed>) = 3 [ 230.230663][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10170] chdir("./file0" [pid 5852] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10170] <... chdir resumed>) = 0 [pid 10170] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10170] <... openat resumed>) = 4 [pid 5852] newfstatat(AT_FDCWD, "./49/binderfs", [pid 10170] ioctl(4, LOOP_CLR_FD) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10170] close(4 [pid 5852] unlink("./49/binderfs" [pid 10170] <... close resumed>) = 0 [pid 5852] <... unlink resumed>) = 0 [pid 10170] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10170] <... openat resumed>) = 4 [pid 10170] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10170] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10170] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10170] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10170] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10170] exit_group(0) = ? [pid 10170] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10170, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=32 /* 0.32 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10174] <... mount resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5851] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10174] <... openat resumed>) = 3 [pid 5851] <... openat resumed>) = 3 [pid 10174] chdir("./file0" [pid 5851] newfstatat(3, "", [pid 10174] <... chdir resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5851] getdents64(3, [pid 10175] <... mount resumed>) = 0 [pid 10174] <... openat resumed>) = 4 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10174] ioctl(4, LOOP_CLR_FD [pid 5851] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10175] <... openat resumed>) = 3 [pid 10174] <... ioctl resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... umount2 resumed>) = 0 [pid 10175] chdir("./file0") = 0 [pid 10174] close(4 [pid 5851] newfstatat(AT_FDCWD, "./49/binderfs", [pid 10174] <... close resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10174] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] unlink("./49/binderfs" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10174] <... openat resumed>) = 4 [pid 5851] <... unlink resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./49/file0", [pid 5851] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10174] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] <... openat resumed>) = 4 [pid 10174] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5850] newfstatat(4, "", [pid 10175] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10174] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10174] <... write resumed>) = 280 [pid 5850] getdents64(4, [pid 10174] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10175] <... openat resumed>) = 4 [pid 10174] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] getdents64(4, [pid 10175] ioctl(4, LOOP_CLR_FD [pid 10174] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 10174] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5850] close(4 [pid 10174] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5850] <... close resumed>) = 0 [pid 10174] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] rmdir("./49/file0" [pid 10174] exit_group(0 [pid 5850] <... rmdir resumed>) = 0 [pid 10174] <... exit_group resumed>) = ? [pid 5850] getdents64(3, [pid 10174] +++ exited with 0 +++ [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 10175] <... ioctl resumed>) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10174, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 10175] close(4 [pid 5850] close(3 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 10175] <... close resumed>) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./49") = 0 [pid 5850] mkdir("./50", 0777 [pid 10175] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5850] <... mkdir resumed>) = 0 [pid 5848] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10259 attached [pid 10175] <... openat resumed>) = 4 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 10259 [pid 5848] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10259] set_robust_list(0x55558aa90660, 24) = 0 [pid 10259] chdir("./50") = 0 [pid 10259] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... openat resumed>) = 3 [pid 10259] <... prctl resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 10259] setpgid(0, 0) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] getdents64(3, [pid 10259] <... openat resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10175] ioctl(-1, SIOCGIFINDEX, NULL [pid 10259] write(3, "1000", 4 [pid 5848] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10175] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10175] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] newfstatat(AT_FDCWD, "./51/binderfs", [pid 10175] <... write resumed>) = 280 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10175] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] unlink("./51/binderfs" [pid 10175] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10259] <... write resumed>) = 4 [pid 10175] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... unlink resumed>) = 0 [pid 10259] close(3) = 0 [pid 10259] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10259] write(1, "executing program\n", 18) = 18 [pid 10259] memfd_create("syzkaller", 0 [pid 5848] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10175] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10259] <... memfd_create resumed>) = 3 [pid 10259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10175] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 230.429850][ T5852] BTRFS info (device loop4): last unmount of filesystem 2662ef7b-2127-4b36-a007-8ee358ca2fee [pid 10175] exit_group(0) = ? [pid 10175] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10175, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 230.491466][ T5851] BTRFS info (device loop3): last unmount of filesystem 1239117b-eb2c-44bf-9970-2d49ed847c43 [pid 5849] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./50/binderfs") = 0 [ 230.566890][ T5848] BTRFS info (device loop0): last unmount of filesystem 28680a33-00be-42cf-9f93-ad1e639d8148 [pid 5849] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 230.648306][ T5849] BTRFS info (device loop1): last unmount of filesystem ab8ae515-6cda-4f93-8b80-461eabceb973 [pid 5852] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./49/file0", [pid 5852] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... openat resumed>) = 4 [pid 5851] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] newfstatat(4, "", [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 5852] getdents64(4, [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./49/file0" [pid 5852] getdents64(4, [pid 5851] <... rmdir resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5852] close(4 [pid 5851] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5851] rmdir("./49" [pid 5852] rmdir("./49/file0" [pid 5851] <... rmdir resumed>) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5851] mkdir("./50", 0777 [pid 5852] getdents64(3, [pid 5851] <... mkdir resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5852] <... close resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5852] rmdir("./49" [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5852] <... rmdir resumed>) = 0 [pid 5851] <... ioctl resumed>) = 0 [pid 5851] close(3 [pid 5852] mkdir("./50", 0777 [pid 5851] <... close resumed>) = 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 10261 attached ) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10261 [pid 5852] close(3 [pid 10261] set_robust_list(0x55558aa90660, 24 [pid 5852] <... close resumed>) = 0 [pid 10261] <... set_robust_list resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10261] chdir("./50") = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10262 ./strace-static-x86_64: Process 10262 attached [pid 10261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10262] set_robust_list(0x55558aa90660, 24 [pid 10261] setpgid(0, 0) = 0 [pid 10261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10261] write(3, "1000", 4) = 4 [pid 10261] close(3) = 0 [pid 10261] symlink("/dev/binderfs", "./binderfs"executing program [pid 10262] <... set_robust_list resumed>) = 0 [pid 10261] <... symlink resumed>) = 0 [pid 10262] chdir("./50" [pid 10261] write(1, "executing program\n", 18) = 18 [pid 10261] memfd_create("syzkaller", 0) = 3 [pid 10261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10262] <... chdir resumed>) = 0 [pid 10262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10262] setpgid(0, 0) = 0 [pid 10262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10262] write(3, "1000", 4) = 4 [pid 10262] close(3) = 0 [pid 10262] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10262] write(1, "executing program\n", 18) = 18 [pid 10262] memfd_create("syzkaller", 0) = 3 [pid 10262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 5849] <... umount2 resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./51/file0" [pid 5849] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... rmdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(3, [pid 5849] newfstatat(AT_FDCWD, "./50/file0", [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] close(3) = 0 [pid 5849] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] rmdir("./51") = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] mkdir("./52", 0777 [pid 5849] <... openat resumed>) = 4 [pid 5848] <... mkdir resumed>) = 0 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... openat resumed>) = 3 [pid 5849] getdents64(4, [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] close(4) = 0 [pid 5849] rmdir("./50/file0" [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10263 attached , child_tidptr=0x55558aa90650) = 10263 [pid 10263] set_robust_list(0x55558aa90660, 24) = 0 [pid 10263] chdir("./52") = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 10263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] getdents64(3, [pid 10263] setpgid(0, 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 10263] <... setpgid resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 10263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] rmdir("./50") = 0 [pid 10263] <... openat resumed>) = 3 [pid 5849] mkdir("./51", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10263] write(3, "1000", 4 [pid 5849] close(3 [pid 10263] <... write resumed>) = 4 [pid 5849] <... close resumed>) = 0 [pid 10263] close(3 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10264 attached [pid 10263] <... close resumed>) = 0 [pid 10264] set_robust_list(0x55558aa90660, 24 [pid 10263] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 10264 [pid 10264] <... set_robust_list resumed>) = 0 [pid 10263] <... symlink resumed>) = 0 [pid 10264] chdir("./51" [pid 10263] write(1, "executing program\n", 18executing program ) = 18 [pid 10263] memfd_create("syzkaller", 0 [pid 10264] <... chdir resumed>) = 0 [pid 10264] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10263] <... memfd_create resumed>) = 3 [pid 10264] <... prctl resumed>) = 0 [pid 10263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10264] setpgid(0, 0 [pid 10263] <... mmap resumed>) = 0x7f362be00000 [pid 10264] <... setpgid resumed>) = 0 [pid 10264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10264] write(3, "1000", 4 [pid 10262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10264] <... write resumed>) = 4 [pid 10264] close(3) = 0 [pid 10264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10264] write(1, "executing program\n", 18executing program ) = 18 [pid 10264] memfd_create("syzkaller", 0) = 3 [pid 10264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10259] <... write resumed>) = 16777216 [pid 10259] munmap(0x7f362be00000, 138412032) = 0 [pid 10259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10259] close(3) = 0 [pid 10259] close(4) = 0 [ 231.555078][T10259] loop2: detected capacity change from 0 to 32768 [pid 10259] mkdir("./file0", 0777) = 0 [ 231.604611][T10259] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10259) [pid 10259] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 10261] <... write resumed>) = 16777216 [ 231.673763][T10259] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 231.706975][T10259] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 10261] munmap(0x7f362be00000, 138412032) = 0 [pid 10263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10261] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10261] ioctl(4, LOOP_SET_FD, 3 [pid 10262] <... write resumed>) = 16777216 [pid 10262] munmap(0x7f362be00000, 138412032 [pid 10261] <... ioctl resumed>) = 0 [pid 10261] close(3) = 0 [pid 10261] close(4) = 0 [pid 10261] mkdir("./file0", 0777) = 0 [pid 10261] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10262] <... munmap resumed>) = 0 [pid 10262] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 231.733846][T10259] BTRFS info (device loop2): using free-space-tree [ 231.743795][T10261] loop3: detected capacity change from 0 to 32768 [ 231.771636][T10261] BTRFS: device /dev/loop3 (7:3) using temp-fsid b4ec40e2-c6c1-4f9a-bd82-60e66c9c5d5e [pid 10262] ioctl(4, LOOP_SET_FD, 3 [pid 10264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10262] <... ioctl resumed>) = 0 [ 231.789408][T10261] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10261) [ 231.809732][T10262] loop4: detected capacity change from 0 to 32768 [pid 10262] close(3) = 0 [pid 10262] close(4) = 0 [pid 10262] mkdir("./file0", 0777) = 0 [ 231.833188][T10261] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 231.844434][T10261] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 231.861303][T10261] BTRFS info (device loop3): using free-space-tree [ 231.874806][T10262] BTRFS: device /dev/loop4 (7:4) using temp-fsid d999f46d-bad5-4814-a51d-3540cd70af7c [ 231.919578][T10262] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10262) [ 231.963369][T10262] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 232.015904][T10262] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 232.026533][T10262] BTRFS info (device loop4): using free-space-tree [pid 10262] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10259] <... mount resumed>) = 0 [pid 10259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10259] chdir("./file0") = 0 [pid 10259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10259] ioctl(4, LOOP_CLR_FD) = 0 [pid 10259] close(4) = 0 [pid 10259] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10259] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10259] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10259] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10259] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10259] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10259] exit_group(0) = ? [pid 10259] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10259, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 10264] <... write resumed>) = 16777216 [pid 5850] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10264] munmap(0x7f362be00000, 138412032 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10264] <... munmap resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5850] newfstatat(3, "", [pid 10264] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, [pid 10264] <... openat resumed>) = 4 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10264] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./50/binderfs") = 0 [pid 5850] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10264] <... ioctl resumed>) = 0 [pid 10264] close(3) = 0 [pid 10264] close(4) = 0 [ 232.180796][T10264] loop1: detected capacity change from 0 to 32768 [pid 10264] mkdir("./file0", 0777) = 0 [pid 10264] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10261] <... mount resumed>) = 0 [pid 10261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10261] chdir("./file0") = 0 [pid 10261] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10261] ioctl(4, LOOP_CLR_FD) = 0 [pid 10261] close(4) = 0 [pid 10261] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10261] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10261] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10261] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10261] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10261] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10261] exit_group(0) = ? [pid 10261] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10261, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 232.232358][T10264] BTRFS: device /dev/loop1 (7:1) using temp-fsid 91fe520f-a529-4ab3-a61a-769921bf8978 [ 232.252826][T10264] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10264) [pid 5851] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10263] <... write resumed>) = 16777216 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10263] munmap(0x7f362be00000, 138412032 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./50/binderfs") = 0 [ 232.313222][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 232.330562][T10264] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10263] <... munmap resumed>) = 0 [pid 10262] <... mount resumed>) = 0 [pid 10263] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10263] <... openat resumed>) = 4 [pid 10262] <... openat resumed>) = 3 [pid 10263] ioctl(4, LOOP_SET_FD, 3 [pid 10262] chdir("./file0") = 0 [pid 10262] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10263] <... ioctl resumed>) = 0 [pid 10263] close(3 [pid 10262] <... openat resumed>) = 4 [pid 10263] <... close resumed>) = 0 [pid 10262] ioctl(4, LOOP_CLR_FD [pid 10263] close(4 [pid 10262] <... ioctl resumed>) = 0 [ 232.361130][T10264] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 232.371961][T10264] BTRFS info (device loop1): using free-space-tree [ 232.391317][T10263] loop0: detected capacity change from 0 to 32768 [pid 10263] <... close resumed>) = 0 [pid 10262] close(4) = 0 [pid 10263] mkdir("./file0", 0777) = 0 [pid 10263] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10262] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10262] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 232.420993][ T5851] BTRFS info (device loop3): last unmount of filesystem b4ec40e2-c6c1-4f9a-bd82-60e66c9c5d5e [ 232.433604][T10263] BTRFS: device /dev/loop0 (7:0) using temp-fsid 5b39f7ee-ee96-4b39-943f-6d40069da80c [pid 10262] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10262] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10262] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10262] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10262] exit_group(0) = ? [pid 10262] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10262, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=28 /* 0.28 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 232.484994][T10263] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10263) [pid 5852] unlink("./50/binderfs") = 0 [ 232.537878][T10263] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 232.595981][T10263] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10264] <... mount resumed>) = 0 [pid 10264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10264] chdir("./file0") = 0 [pid 10264] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10264] ioctl(4, LOOP_CLR_FD) = 0 [ 232.643881][ T5852] BTRFS info (device loop4): last unmount of filesystem d999f46d-bad5-4814-a51d-3540cd70af7c [ 232.661936][T10263] BTRFS info (device loop0): using free-space-tree [pid 10264] close(4) = 0 [pid 10264] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10264] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10264] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10264] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10264] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10264] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10264] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10264] exit_group(0) = ? [pid 10264] +++ exited with 0 +++ [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10264, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5851] newfstatat(AT_FDCWD, "./50/file0", [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./51/binderfs" [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 5850] <... umount2 resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5850] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] rmdir("./50/file0" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./50/file0", [pid 5851] <... rmdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] getdents64(3, [pid 5850] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] rmdir("./50" [pid 5850] <... openat resumed>) = 4 [pid 5851] <... rmdir resumed>) = 0 [pid 5850] newfstatat(4, "", [pid 5851] mkdir("./51", 0777 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 5851] <... mkdir resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] getdents64(4, [pid 5851] <... openat resumed>) = 3 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5850] close(4) = 0 [pid 5850] rmdir("./50/file0" [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] <... rmdir resumed>) = 0 [pid 5851] close(3) = 0 [pid 5850] getdents64(3, [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 10346 attached [pid 10346] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10346 [pid 5850] close(3) = 0 [pid 5850] rmdir("./50" [pid 10346] <... set_robust_list resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 10346] chdir("./51" [pid 5850] mkdir("./51", 0777 [pid 10346] <... chdir resumed>) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 10346] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10263] <... mount resumed>) = 0 [pid 10346] <... prctl resumed>) = 0 [pid 10263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] <... umount2 resumed>) = 0 [pid 10346] setpgid(0, 0 [pid 10263] <... openat resumed>) = 3 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... openat resumed>) = 3 [pid 10346] <... setpgid resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] ioctl(3, LOOP_CLR_FD [pid 10346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10263] chdir("./file0" [pid 5852] newfstatat(AT_FDCWD, "./50/file0", [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10263] <... chdir resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 232.837869][ T5849] BTRFS info (device loop1): last unmount of filesystem 91fe520f-a529-4ab3-a61a-769921bf8978 [pid 5850] close(3 [pid 10346] <... openat resumed>) = 3 [pid 10263] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... close resumed>) = 0 [pid 10346] write(3, "1000", 4 [pid 10263] <... openat resumed>) = 4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10349 attached [pid 10346] <... write resumed>) = 4 [pid 10263] ioctl(4, LOOP_CLR_FD [pid 5852] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10349] set_robust_list(0x55558aa90660, 24 [pid 10346] close(3 [pid 10263] <... ioctl resumed>) = 0 [pid 5852] <... openat resumed>) = 4 [pid 10349] <... set_robust_list resumed>) = 0 [pid 10349] chdir("./51" [pid 10346] <... close resumed>) = 0 [pid 10263] close(4 [pid 5852] newfstatat(4, "", [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 10349 [pid 10346] symlink("/dev/binderfs", "./binderfs" [pid 10263] <... close resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10349] <... chdir resumed>) = 0 [pid 10349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10346] <... symlink resumed>) = 0 [pid 10263] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] getdents64(4, [pid 10349] <... prctl resumed>) = 0 executing program [pid 10349] setpgid(0, 0 [pid 10346] write(1, "executing program\n", 18 [pid 10263] <... openat resumed>) = 4 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10349] <... setpgid resumed>) = 0 [pid 10349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10346] <... write resumed>) = 18 [pid 5852] getdents64(4, [pid 10349] <... openat resumed>) = 3 [pid 10346] memfd_create("syzkaller", 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 10263] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10263] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5852] close(4 [pid 10263] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... close resumed>) = 0 [pid 10346] <... memfd_create resumed>) = 3 [pid 10263] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] rmdir("./50/file0" [pid 10346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10263] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] <... rmdir resumed>) = 0 [pid 10346] <... mmap resumed>) = 0x7f362be00000 [pid 10263] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] getdents64(3, [pid 10349] write(3, "1000", 4 [pid 10263] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 10349] <... write resumed>) = 4 [pid 10263] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] close(3 [pid 10349] close(3executing program ) = 0 [pid 10263] exit_group(0 [pid 5852] <... close resumed>) = 0 [pid 10349] symlink("/dev/binderfs", "./binderfs" [pid 5852] rmdir("./50" [pid 10349] <... symlink resumed>) = 0 [pid 10263] <... exit_group resumed>) = ? [pid 5852] <... rmdir resumed>) = 0 [pid 10349] write(1, "executing program\n", 18) = 18 [pid 10263] +++ exited with 0 +++ [pid 10349] memfd_create("syzkaller", 0) = 3 [pid 5852] mkdir("./51", 0777 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10263, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 10349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 10349] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... mkdir resumed>) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10350 attached [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10350 [pid 5848] <... openat resumed>) = 3 [pid 10350] set_robust_list(0x55558aa90660, 24 [pid 5848] newfstatat(3, "", [pid 10350] <... set_robust_list resumed>) = 0 [pid 10350] chdir("./51" [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10350] <... chdir resumed>) = 0 [pid 5848] getdents64(3, [pid 10350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10350] setpgid(0, 0 [pid 5848] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10350] <... setpgid resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] newfstatat(AT_FDCWD, "./52/binderfs", [pid 10350] <... openat resumed>) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10350] write(3, "1000", 4 [pid 5848] unlink("./52/binderfs" [pid 10350] <... write resumed>) = 4 [pid 5848] <... unlink resumed>) = 0 [pid 10350] close(3 [pid 5848] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10350] <... close resumed>) = 0 [pid 10350] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10350] write(1, "executing program\n", 18) = 18 [pid 10350] memfd_create("syzkaller", 0) = 3 [pid 10350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 233.115861][ T5848] BTRFS info (device loop0): last unmount of filesystem 5b39f7ee-ee96-4b39-943f-6d40069da80c [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./51/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./51") = 0 [pid 5849] mkdir("./52", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 10346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10351 attached [pid 10351] set_robust_list(0x55558aa90660, 24) = 0 [pid 10351] chdir("./52") = 0 [pid 10351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10351] setpgid(0, 0) = 0 [pid 10351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 10351 [pid 10351] <... openat resumed>) = 3 [pid 10351] write(3, "1000", 4) = 4 [pid 10351] close(3) = 0 [pid 10351] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10351] write(1, "executing program\n", 18) = 18 [pid 10351] memfd_create("syzkaller", 0) = 3 [pid 10351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./52/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./52") = 0 [pid 5848] mkdir("./53", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10352 attached , child_tidptr=0x55558aa90650) = 10352 [pid 10352] set_robust_list(0x55558aa90660, 24) = 0 [pid 10352] chdir("./53") = 0 [pid 10352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10352] setpgid(0, 0) = 0 [pid 10352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10352] write(3, "1000", 4) = 4 [pid 10352] close(3) = 0 [pid 10352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10352] write(1, "executing program\n", 18executing program ) = 18 [pid 10352] memfd_create("syzkaller", 0) = 3 [pid 10352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10349] <... write resumed>) = 16777216 [pid 10349] munmap(0x7f362be00000, 138412032) = 0 [pid 10346] <... write resumed>) = 16777216 [pid 10349] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10349] ioctl(4, LOOP_SET_FD, 3 [pid 10346] munmap(0x7f362be00000, 138412032) = 0 [ 233.806622][T10349] loop2: detected capacity change from 0 to 32768 [pid 10350] <... write resumed>) = 16777216 [pid 10349] <... ioctl resumed>) = 0 [pid 10350] munmap(0x7f362be00000, 138412032 [pid 10349] close(3 [pid 10346] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10349] <... close resumed>) = 0 [pid 10349] close(4) = 0 [pid 10349] mkdir("./file0", 0777) = 0 [pid 10349] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 10350] <... munmap resumed>) = 0 [pid 10346] <... openat resumed>) = 4 [pid 10351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10346] ioctl(4, LOOP_SET_FD, 3 [pid 10350] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10346] <... ioctl resumed>) = 0 [pid 10346] close(3) = 0 [ 233.852079][T10349] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10349) [ 233.887130][T10346] loop3: detected capacity change from 0 to 32768 [pid 10350] ioctl(4, LOOP_SET_FD, 3 [pid 10346] close(4) = 0 [pid 10346] mkdir("./file0", 0777) = 0 [pid 10346] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10350] <... ioctl resumed>) = 0 [pid 10350] close(3) = 0 [pid 10350] close(4) = 0 [pid 10350] mkdir("./file0", 0777) = 0 [ 233.906657][T10350] loop4: detected capacity change from 0 to 32768 [ 233.919195][T10349] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 233.943524][T10346] BTRFS: device /dev/loop3 (7:3) using temp-fsid d5fdb382-c17f-47d0-9086-7a6446c13ae1 [ 233.959252][T10349] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 233.990123][T10349] BTRFS info (device loop2): using free-space-tree [ 233.994657][T10346] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10346) [ 234.049986][T10350] BTRFS: device /dev/loop4 (7:4) using temp-fsid 37aa0732-8f64-4c95-8f33-cb486ef27ba7 [ 234.059737][T10350] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10350) [ 234.079393][T10346] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 234.090660][T10346] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 10350] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [ 234.109511][T10346] BTRFS info (device loop3): using free-space-tree [ 234.136891][T10350] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 234.176331][T10350] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 10352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10349] <... mount resumed>) = 0 [pid 10349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10349] chdir("./file0") = 0 [pid 10349] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10349] ioctl(4, LOOP_CLR_FD) = 0 [pid 10349] close(4) = 0 [pid 10349] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10349] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10349] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10349] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10349] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10349] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10349] exit_group(0) = ? [pid 10349] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10349, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [ 234.240339][T10350] BTRFS info (device loop4): using free-space-tree [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./51/binderfs") = 0 [pid 5850] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10346] <... mount resumed>) = 0 [pid 10346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10346] chdir("./file0") = 0 [pid 10346] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10346] ioctl(4, LOOP_CLR_FD) = 0 [pid 10346] close(4) = 0 [pid 10346] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10346] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [ 234.366815][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10346] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10346] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10346] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10346] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10346] exit_group(0) = ? [pid 10346] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10346, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=36 /* 0.36 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./51/binderfs") = 0 [pid 5851] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10351] <... write resumed>) = 16777216 [pid 10350] <... mount resumed>) = 0 [pid 10350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10350] chdir("./file0") = 0 [pid 10350] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10351] munmap(0x7f362be00000, 138412032 [pid 10350] <... openat resumed>) = 4 [pid 10350] ioctl(4, LOOP_CLR_FD) = 0 [pid 10350] close(4) = 0 [pid 10350] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10350] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10350] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10350] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10350] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10350] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10350] exit_group(0) = ? [pid 10351] <... munmap resumed>) = 0 [pid 10350] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10350, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- [pid 10352] <... write resumed>) = 16777216 [pid 10351] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 10351] <... openat resumed>) = 4 [pid 10352] munmap(0x7f362be00000, 138412032 [pid 10351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10352] <... munmap resumed>) = 0 [pid 5852] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10352] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10351] close(3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 234.530894][ T5851] BTRFS info (device loop3): last unmount of filesystem d5fdb382-c17f-47d0-9086-7a6446c13ae1 [ 234.542047][T10351] loop1: detected capacity change from 0 to 32768 [pid 10352] <... openat resumed>) = 4 [pid 10351] <... close resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 10351] close(4 [pid 5852] newfstatat(3, "", [pid 10351] <... close resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, [pid 10351] mkdir("./file0", 0777 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10351] <... mkdir resumed>) = 0 [pid 5852] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10352] ioctl(4, LOOP_SET_FD, 3 [pid 5852] unlink("./51/binderfs") = 0 [pid 5852] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10351] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10352] <... ioctl resumed>) = 0 [pid 10352] close(3) = 0 [pid 10352] close(4) = 0 [pid 10352] mkdir("./file0", 0777) = 0 [ 234.589397][T10352] loop0: detected capacity change from 0 to 32768 [ 234.609231][T10351] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10351) [pid 10352] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [ 234.652228][ T5852] BTRFS info (device loop4): last unmount of filesystem 37aa0732-8f64-4c95-8f33-cb486ef27ba7 [ 234.677481][T10352] BTRFS: device /dev/loop0 (7:0) using temp-fsid dda70218-923e-405c-9adf-aa2d400f66df [ 234.687378][T10352] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10352) [pid 5850] rmdir("./51/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./51") = 0 [pid 5850] mkdir("./52", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 10401 ./strace-static-x86_64: Process 10401 attached [pid 10401] set_robust_list(0x55558aa90660, 24) = 0 [pid 10401] chdir("./52") = 0 [ 234.705968][T10351] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 234.742403][T10351] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 10401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10401] setpgid(0, 0) = 0 [pid 10401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10401] write(3, "1000", 4) = 4 [pid 10401] close(3) = 0 [pid 10401] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10401] write(1, "executing program\n", 18) = 18 [ 234.755543][T10351] BTRFS info (device loop1): using free-space-tree [ 234.782758][T10352] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10401] memfd_create("syzkaller", 0) = 3 [pid 10401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 234.811272][T10352] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 234.832132][T10352] BTRFS info (device loop0): using free-space-tree [pid 10352] <... mount resumed>) = 0 [pid 10352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10352] chdir("./file0") = 0 [pid 10352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10352] ioctl(4, LOOP_CLR_FD) = 0 [pid 10352] close(4) = 0 [pid 10352] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10352] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10352] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10352] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10352] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10352] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10351] <... mount resumed>) = 0 [pid 10352] exit_group(0 [pid 10351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10352] <... exit_group resumed>) = ? [pid 10351] <... openat resumed>) = 3 [pid 10352] +++ exited with 0 +++ [pid 10351] chdir("./file0") = 0 [pid 10351] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10352, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 10351] <... openat resumed>) = 4 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 10351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 10401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 5848] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10351] close(4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10351] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10351] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... openat resumed>) = 3 [pid 10351] <... openat resumed>) = 4 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./53/binderfs", [pid 10351] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10351] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] unlink("./53/binderfs" [pid 10351] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] newfstatat(AT_FDCWD, "./51/file0", [pid 5848] <... unlink resumed>) = 0 [pid 10351] <... write resumed>) = 280 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10351] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10351] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10351] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10351] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] <... openat resumed>) = 4 [pid 10351] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] newfstatat(4, "", [pid 10351] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10351] exit_group(0 [pid 5851] getdents64(4, [pid 10351] <... exit_group resumed>) = ? [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10351] +++ exited with 0 +++ [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10351, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5851] close(4 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./51/file0" [pid 5849] <... restart_syscall resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5849] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... close resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] rmdir("./51" [pid 5849] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5849] newfstatat(3, "", [pid 5851] mkdir("./52", 0777 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... mkdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] unlink("./52/binderfs" [pid 5851] <... openat resumed>) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5849] <... unlink resumed>) = 0 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5849] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10434 attached [pid 5852] <... umount2 resumed>) = 0 [pid 10434] set_robust_list(0x55558aa90660, 24) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10434 [pid 10434] chdir("./52") = 0 [pid 10434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10434] setpgid(0, 0) = 0 [pid 10434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10434] write(3, "1000", 4 [pid 5852] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10434] <... write resumed>) = 4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10434] close(3 [pid 5852] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10434] <... close resumed>) = 0 [pid 5852] <... openat resumed>) = 4 [pid 10434] symlink("/dev/binderfs", "./binderfs" [pid 5852] newfstatat(4, "", [pid 10434] <... symlink resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 10434] write(1, "executing program\n", 18 [pid 5852] getdents64(4, [pid 10434] <... write resumed>) = 18 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10434] memfd_create("syzkaller", 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./51/file0") = 0 [ 235.093177][ T5848] BTRFS info (device loop0): last unmount of filesystem dda70218-923e-405c-9adf-aa2d400f66df [pid 10434] <... memfd_create resumed>) = 3 [pid 5852] getdents64(3, [pid 10434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 10434] <... mmap resumed>) = 0x7f362be00000 [pid 5852] close(3) = 0 [pid 5852] rmdir("./51") = 0 [pid 5852] mkdir("./52", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10435 attached , child_tidptr=0x55558aa90650) = 10435 [pid 10435] set_robust_list(0x55558aa90660, 24) = 0 [pid 10435] chdir("./52") = 0 [pid 10435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10435] setpgid(0, 0) = 0 [ 235.152503][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10435] write(3, "1000", 4) = 4 [pid 10435] close(3) = 0 [pid 10435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10435] write(1, "executing program\n", 18executing program ) = 18 [pid 10435] memfd_create("syzkaller", 0) = 3 [pid 10435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... openat resumed>) = 4 [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 5849] newfstatat(4, "", [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, [pid 5848] getdents64(4, [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] getdents64(4, [pid 5848] close(4) = 0 [pid 5848] rmdir("./53/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./53" [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./54", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] close(4 [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] <... close resumed>) = 0 [pid 5848] close(3 [pid 5849] rmdir("./52/file0") = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 10436 ./strace-static-x86_64: Process 10436 attached [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./52" [pid 10436] set_robust_list(0x55558aa90660, 24) = 0 [pid 10436] chdir("./54") = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 10436] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] mkdir("./53", 0777 [pid 10436] <... prctl resumed>) = 0 [pid 10436] setpgid(0, 0 [pid 5849] <... mkdir resumed>) = 0 [pid 10436] <... setpgid resumed>) = 0 [pid 10436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10436] <... openat resumed>) = 3 [pid 10436] write(3, "1000", 4) = 4 [pid 5849] <... openat resumed>) = 3 [pid 10436] close(3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10436] <... close resumed>) = 0 [pid 5849] close(3 [pid 10436] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... close resumed>) = 0 [pid 10436] <... symlink resumed>) = 0 executing program [pid 10436] write(1, "executing program\n", 18) = 18 [pid 10436] memfd_create("syzkaller", 0) = 3 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 10437 [pid 10436] <... mmap resumed>) = 0x7f362be00000 ./strace-static-x86_64: Process 10437 attached [pid 10437] set_robust_list(0x55558aa90660, 24) = 0 [pid 10437] chdir("./53") = 0 [pid 10437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10437] setpgid(0, 0) = 0 [pid 10437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10437] write(3, "1000", 4) = 4 [pid 10437] close(3) = 0 [pid 10437] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10437] write(1, "executing program\n", 18) = 18 [pid 10437] memfd_create("syzkaller", 0) = 3 [pid 10437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10401] <... write resumed>) = 16777216 [pid 10401] munmap(0x7f362be00000, 138412032) = 0 [pid 10401] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10401] ioctl(4, LOOP_SET_FD, 3 [pid 10434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10401] <... ioctl resumed>) = 0 [pid 10401] close(3) = 0 [pid 10401] close(4) = 0 [pid 10401] mkdir("./file0", 0777) = 0 [ 235.585300][T10401] loop2: detected capacity change from 0 to 32768 [ 235.649476][T10401] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10401) [ 235.712219][T10401] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10401] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 235.760280][T10401] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 235.791700][T10401] BTRFS info (device loop2): using free-space-tree [pid 10435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10434] <... write resumed>) = 16777216 [pid 10434] munmap(0x7f362be00000, 138412032) = 0 [pid 10401] <... mount resumed>) = 0 [pid 10401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10436] <... write resumed>) = 16777216 [pid 10434] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10401] chdir("./file0") = 0 [pid 10436] munmap(0x7f362be00000, 138412032 [pid 10434] <... openat resumed>) = 4 [pid 10401] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10434] ioctl(4, LOOP_SET_FD, 3 [pid 10401] <... openat resumed>) = 4 [pid 10401] ioctl(4, LOOP_CLR_FD) = 0 [pid 10401] close(4) = 0 [pid 10401] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10436] <... munmap resumed>) = 0 [pid 10401] <... openat resumed>) = 4 [pid 10436] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10401] ioctl(-1, SIOCGIFINDEX, NULL [pid 10436] <... openat resumed>) = 4 [pid 10401] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10436] ioctl(4, LOOP_SET_FD, 3 [pid 10401] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10401] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10401] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10401] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10401] exit_group(0) = ? [pid 10401] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10401, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 10436] <... ioctl resumed>) = 0 [pid 5850] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10436] close(3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10436] <... close resumed>) = 0 [pid 10436] close(4 [pid 10435] <... write resumed>) = 16777216 [pid 10434] <... ioctl resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10436] <... close resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10436] mkdir("./file0", 0777 [pid 10435] munmap(0x7f362be00000, 138412032 [pid 10434] close(3) = 0 [pid 5850] unlink("./52/binderfs" [pid 10436] <... mkdir resumed>) = 0 [pid 5850] <... unlink resumed>) = 0 [pid 10434] close(4 [pid 5850] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10435] <... munmap resumed>) = 0 [pid 10434] <... close resumed>) = 0 [pid 10436] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 236.144103][T10434] loop3: detected capacity change from 0 to 32768 [ 236.153684][T10436] loop0: detected capacity change from 0 to 32768 [pid 10434] mkdir("./file0", 0777) = 0 [pid 10434] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10435] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10435] close(3) = 0 [pid 10435] close(4) = 0 [pid 10435] mkdir("./file0", 0777) = 0 [ 236.209896][T10434] BTRFS: device /dev/loop3 (7:3) using temp-fsid 879ecd61-1c75-4501-89f7-ad56b2c7422b [ 236.211252][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 236.230875][T10434] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10434) [ 236.252310][T10435] loop4: detected capacity change from 0 to 32768 [ 236.288394][T10436] BTRFS: device /dev/loop0 (7:0) using temp-fsid 295185bb-41a6-406f-bc8c-643629c4e3b7 [ 236.298245][T10434] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 236.302804][T10436] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10436) [ 236.324061][T10434] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 236.338288][T10435] BTRFS: device /dev/loop4 (7:4) using temp-fsid b4dfc164-300e-4a0e-81c7-d7cad9411447 [ 236.349982][T10434] BTRFS info (device loop3): using free-space-tree [ 236.358662][T10435] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10435) [ 236.373966][T10436] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 236.387757][T10436] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 236.408618][T10436] BTRFS info (device loop0): using free-space-tree [pid 10435] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10437] <... write resumed>) = 16777216 [pid 10437] munmap(0x7f362be00000, 138412032) = 0 [ 236.444414][T10435] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 236.456336][T10435] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 10437] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10437] close(3) = 0 [pid 10437] close(4) = 0 [pid 10437] mkdir("./file0", 0777) = 0 [ 236.503075][T10437] loop1: detected capacity change from 0 to 32768 [ 236.539500][T10435] BTRFS info (device loop4): using free-space-tree [ 236.548986][T10437] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10437) [ 236.624555][T10437] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10437] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10434] <... mount resumed>) = 0 [ 236.680768][T10437] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 10434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10434] chdir("./file0") = 0 [pid 10434] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10434] ioctl(4, LOOP_CLR_FD) = 0 [pid 10434] close(4) = 0 [pid 10434] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10434] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10434] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10434] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10436] <... mount resumed>) = 0 [pid 10434] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10434] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10436] <... openat resumed>) = 3 [pid 10434] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10436] chdir("./file0" [pid 10434] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 10436] <... chdir resumed>) = 0 [pid 10434] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10436] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 236.751927][T10437] BTRFS info (device loop1): using free-space-tree [pid 10434] exit_group(0 [pid 10436] <... openat resumed>) = 4 [pid 5850] <... umount2 resumed>) = 0 [pid 10436] ioctl(4, LOOP_CLR_FD [pid 10434] <... exit_group resumed>) = ? [pid 10434] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10434, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 10436] <... ioctl resumed>) = 0 [pid 10436] close(4) = 0 [pid 10436] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./52/binderfs", [pid 10436] <... openat resumed>) = 4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./52/binderfs") = 0 [pid 5851] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10436] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10436] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10436] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10436] <... write resumed>) = 280 [pid 10436] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5850] newfstatat(AT_FDCWD, "./52/file0", [pid 10436] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10436] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10435] <... mount resumed>) = 0 [pid 5850] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10436] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10436] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10435] <... openat resumed>) = 3 [pid 5850] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10435] chdir("./file0" [pid 5850] <... openat resumed>) = 4 [pid 10435] <... chdir resumed>) = 0 [pid 5850] newfstatat(4, "", [pid 10435] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, [pid 10436] exit_group(0 [pid 10435] <... openat resumed>) = 4 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10435] ioctl(4, LOOP_CLR_FD [pid 5850] getdents64(4, [pid 10436] <... exit_group resumed>) = ? [pid 10435] <... ioctl resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 10436] +++ exited with 0 +++ [pid 10435] close(4 [pid 5850] close(4 [pid 10435] <... close resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 10435] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5850] rmdir("./52/file0") = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10436, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=30 /* 0.30 s */} --- [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./52") = 0 [pid 5850] mkdir("./53", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5848] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10435] <... openat resumed>) = 4 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10516 attached [pid 10435] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10435] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 10516 [pid 10435] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10435] <... write resumed>) = 280 [pid 10435] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... openat resumed>) = 3 [pid 10435] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10516] set_robust_list(0x55558aa90660, 24 [pid 10435] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] newfstatat(3, "", [pid 10435] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10435] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10516] <... set_robust_list resumed>) = 0 [pid 10435] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(3, [pid 10516] chdir("./53" [ 236.861371][ T5851] BTRFS info (device loop3): last unmount of filesystem 879ecd61-1c75-4501-89f7-ad56b2c7422b [pid 10435] exit_group(0 [pid 10516] <... chdir resumed>) = 0 [pid 10435] <... exit_group resumed>) = ? [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10516] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10435] +++ exited with 0 +++ [pid 5848] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10516] <... prctl resumed>) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10435, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 10516] setpgid(0, 0 [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10516] <... setpgid resumed>) = 0 [pid 10516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... restart_syscall resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./54/binderfs", [pid 10516] <... openat resumed>) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./54/binderfs" [pid 10516] write(3, "1000", 4) = 4 [pid 5848] <... unlink resumed>) = 0 [pid 10516] close(3 [pid 5852] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10516] <... close resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10516] symlink("/dev/binderfs", "./binderfs" [pid 5852] <... openat resumed>) = 3 [pid 10516] <... symlink resumed>) = 0 [pid 5852] newfstatat(3, "", executing program [pid 10516] write(1, "executing program\n", 18 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, [pid 10516] <... write resumed>) = 18 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10516] memfd_create("syzkaller", 0 [pid 5852] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10516] <... memfd_create resumed>) = 3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] newfstatat(AT_FDCWD, "./52/binderfs", [pid 10516] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./52/binderfs" [pid 10437] <... mount resumed>) = 0 [pid 5852] <... unlink resumed>) = 0 [pid 10437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10437] <... openat resumed>) = 3 [pid 10437] chdir("./file0") = 0 [pid 10437] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10437] ioctl(4, LOOP_CLR_FD) = 0 [pid 10437] close(4) = 0 [pid 10437] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10437] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10437] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10437] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10437] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10437] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 237.020275][ T5848] BTRFS info (device loop0): last unmount of filesystem 295185bb-41a6-406f-bc8c-643629c4e3b7 [ 237.032059][ T5852] BTRFS info (device loop4): last unmount of filesystem b4dfc164-300e-4a0e-81c7-d7cad9411447 [pid 10437] exit_group(0) = ? [pid 10437] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10437, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./53/binderfs") = 0 [ 237.251332][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./52/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5849] <... umount2 resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./52" [pid 5849] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... rmdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./53/file0", [pid 5851] mkdir("./53", 0777) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5849] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... close resumed>) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10521 attached [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./53/file0" [pid 10521] set_robust_list(0x55558aa90660, 24) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10521 [pid 5849] getdents64(3, [pid 10521] chdir("./53" [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 10521] <... chdir resumed>) = 0 [pid 10521] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] <... close resumed>) = 0 [pid 10521] <... prctl resumed>) = 0 [pid 5849] rmdir("./53" [pid 10521] setpgid(0, 0 [pid 5849] <... rmdir resumed>) = 0 [pid 10521] <... setpgid resumed>) = 0 [pid 10521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] mkdir("./54", 0777 [pid 10521] <... openat resumed>) = 3 [pid 10521] write(3, "1000", 4 [pid 5849] <... mkdir resumed>) = 0 [pid 10521] <... write resumed>) = 4 [pid 10521] close(3 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10521] <... close resumed>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 10521] symlink("/dev/binderfs", "./binderfs" [pid 5849] ioctl(3, LOOP_CLR_FD [pid 10521] <... symlink resumed>) = 0 [pid 5849] <... ioctl resumed>) = 0 [pid 10521] write(1, "executing program\n", 18 [pid 5849] close(3executing program [pid 10521] <... write resumed>) = 18 [pid 5849] <... close resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10521] memfd_create("syzkaller", 0) = 3 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 10522 ./strace-static-x86_64: Process 10522 attached [pid 10521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10522] set_robust_list(0x55558aa90660, 24) = 0 [pid 10522] chdir("./54" [pid 10521] <... mmap resumed>) = 0x7f362be00000 [pid 10522] <... chdir resumed>) = 0 [pid 10522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10522] setpgid(0, 0) = 0 [pid 10522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... umount2 resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 10522] <... openat resumed>) = 3 [pid 5848] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10522] write(3, "1000", 4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10522] <... write resumed>) = 4 [pid 5848] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10522] close(3 [pid 5848] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10522] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10522] symlink("/dev/binderfs", "./binderfs" [pid 5848] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10522] <... symlink resumed>) = 0 executing program [pid 10522] write(1, "executing program\n", 18 [pid 5848] <... openat resumed>) = 4 [pid 10522] <... write resumed>) = 18 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 10522] memfd_create("syzkaller", 0) = 3 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] getdents64(4, [pid 10522] <... mmap resumed>) = 0x7f362be00000 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./54/file0") = 0 [pid 5852] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] getdents64(3, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] newfstatat(AT_FDCWD, "./52/file0", [pid 5848] close(3 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... close resumed>) = 0 [pid 5852] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] rmdir("./54" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./55", 0777 [pid 5852] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... mkdir resumed>) = 0 [pid 5852] <... openat resumed>) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./52/file0") = 0 [pid 5852] getdents64(3, [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./52") = 0 [pid 5852] mkdir("./53", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10523 attached [pid 10523] set_robust_list(0x55558aa90660, 24) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10523 [pid 10523] chdir("./53") = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 10523] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10523] <... prctl resumed>) = 0 [pid 5848] close(3 [pid 10523] setpgid(0, 0) = 0 [pid 5848] <... close resumed>) = 0 [pid 10523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10523] write(3, "1000", 4) = 4 [pid 10523] close(3) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 10524 ./strace-static-x86_64: Process 10524 attached [pid 10523] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10523] write(1, "executing program\n", 18) = 18 [pid 10524] set_robust_list(0x55558aa90660, 24 [pid 10523] memfd_create("syzkaller", 0) = 3 [pid 10523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10524] <... set_robust_list resumed>) = 0 [pid 10523] <... mmap resumed>) = 0x7f362be00000 [pid 10524] chdir("./55") = 0 [pid 10524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10524] setpgid(0, 0) = 0 [pid 10524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10524] write(3, "1000", 4) = 4 [pid 10524] close(3) = 0 [pid 10524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10524] write(1, "executing program\n", 18executing program ) = 18 [pid 10524] memfd_create("syzkaller", 0) = 3 [pid 10524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10516] <... write resumed>) = 16777216 [pid 10516] munmap(0x7f362be00000, 138412032) = 0 [pid 10516] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10516] close(3) = 0 [pid 10516] close(4) = 0 [pid 10516] mkdir("./file0", 0777) = 0 [ 237.766421][T10516] loop2: detected capacity change from 0 to 32768 [ 237.843776][T10516] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10516) [pid 10516] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 237.932053][T10516] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 237.953181][T10516] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 10521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 237.985936][T10516] BTRFS info (device loop2): using free-space-tree [pid 10523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10516] <... mount resumed>) = 0 [pid 10516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10516] chdir("./file0") = 0 [pid 10516] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10516] ioctl(4, LOOP_CLR_FD) = 0 [pid 10516] close(4) = 0 [pid 10516] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10516] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10516] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10516] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10516] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10516] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10516] exit_group(0) = ? [pid 10516] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10516, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=27 /* 0.27 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./53/binderfs") = 0 [ 238.278163][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10523] <... write resumed>) = 16777216 [pid 10523] munmap(0x7f362be00000, 138412032 [pid 10521] <... write resumed>) = 16777216 [pid 10523] <... munmap resumed>) = 0 [pid 10521] munmap(0x7f362be00000, 138412032 [pid 10523] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10524] <... write resumed>) = 16777216 [pid 10523] <... openat resumed>) = 4 [pid 10524] munmap(0x7f362be00000, 138412032 [pid 10523] ioctl(4, LOOP_SET_FD, 3 [pid 10521] <... munmap resumed>) = 0 [pid 10524] <... munmap resumed>) = 0 [pid 10521] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10523] <... ioctl resumed>) = 0 [pid 10524] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10523] close(3 [pid 10521] <... openat resumed>) = 4 [pid 10524] <... openat resumed>) = 4 [pid 10523] <... close resumed>) = 0 [pid 10521] ioctl(4, LOOP_SET_FD, 3 [pid 10524] ioctl(4, LOOP_SET_FD, 3 [pid 10523] close(4) = 0 [pid 10522] <... write resumed>) = 16777216 [pid 10522] munmap(0x7f362be00000, 138412032 [pid 10523] mkdir("./file0", 0777 [pid 10521] <... ioctl resumed>) = 0 [ 238.499047][T10523] loop4: detected capacity change from 0 to 32768 [ 238.519250][T10521] loop3: detected capacity change from 0 to 32768 [ 238.525800][T10524] loop0: detected capacity change from 0 to 32768 [pid 10523] <... mkdir resumed>) = 0 [pid 10521] close(3 [pid 10523] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10521] <... close resumed>) = 0 [pid 10521] close(4) = 0 [pid 10524] <... ioctl resumed>) = 0 [pid 10521] mkdir("./file0", 0777 [pid 10524] close(3) = 0 [pid 10524] close(4) = 0 [pid 10524] mkdir("./file0", 0777 [pid 10521] <... mkdir resumed>) = 0 [pid 10524] <... mkdir resumed>) = 0 [pid 10521] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10524] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10522] <... munmap resumed>) = 0 [pid 10522] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10522] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10522] close(3) = 0 [pid 10522] close(4) = 0 [pid 10522] mkdir("./file0", 0777) = 0 [ 238.551877][T10521] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10521) [ 238.586289][T10522] loop1: detected capacity change from 0 to 32768 [ 238.620383][T10523] BTRFS: device /dev/loop4 (7:4) using temp-fsid 1ab6f0d4-fd5e-4b90-992f-3835b3545282 [ 238.640564][T10523] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10523) [ 238.654409][T10521] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10522] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 238.668308][T10521] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 238.678621][T10521] BTRFS info (device loop3): using free-space-tree [ 238.690672][T10524] BTRFS: device /dev/loop0 (7:0) using temp-fsid 9f6987b7-e88c-4808-bb56-de631b9152a5 [ 238.701021][T10524] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10524) [pid 5850] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./53/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [ 238.701041][T10523] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 238.701111][T10523] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 238.734090][T10523] BTRFS info (device loop4): using free-space-tree [ 238.743548][T10522] BTRFS: device /dev/loop1 (7:1) using temp-fsid f6787991-00a4-4ced-8bdb-6bb0273d185b [ 238.745577][T10524] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] rmdir("./53") = 0 [pid 5850] mkdir("./54", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10555 attached , child_tidptr=0x55558aa90650) = 10555 [ 238.766680][T10522] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10522) [ 238.784714][T10524] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 238.796937][T10524] BTRFS info (device loop0): using free-space-tree [pid 10555] set_robust_list(0x55558aa90660, 24) = 0 [pid 10555] chdir("./54") = 0 [pid 10555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10555] setpgid(0, 0) = 0 [pid 10555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10555] write(3, "1000", 4) = 4 [pid 10555] close(3) = 0 [pid 10555] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10555] write(1, "executing program\n", 18) = 18 [pid 10555] memfd_create("syzkaller", 0) = 3 [ 238.834997][T10522] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10521] <... mount resumed>) = 0 [pid 10521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10521] chdir("./file0") = 0 [pid 10521] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10521] ioctl(4, LOOP_CLR_FD) = 0 [ 238.904846][T10522] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 10521] close(4) = 0 [pid 10521] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10521] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10521] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10521] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10521] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10521] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10521] exit_group(0) = ? [ 238.958635][T10522] BTRFS info (device loop1): using free-space-tree [pid 10521] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10521, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 10523] <... mount resumed>) = 0 [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 10523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10523] chdir("./file0") = 0 [pid 10523] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] <... restart_syscall resumed>) = 0 [pid 5851] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10523] <... openat resumed>) = 4 [pid 5851] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10523] ioctl(4, LOOP_CLR_FD [pid 5851] <... openat resumed>) = 3 [pid 10523] <... ioctl resumed>) = 0 [pid 5851] newfstatat(3, "", [pid 10523] close(4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10523] <... close resumed>) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10523] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] newfstatat(AT_FDCWD, "./53/binderfs", [pid 10523] <... openat resumed>) = 4 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./53/binderfs") = 0 [pid 5851] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10523] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10523] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10523] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10523] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10523] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10523] exit_group(0) = ? [pid 10523] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10523, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5852] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10524] <... mount resumed>) = 0 [pid 10524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10524] <... openat resumed>) = 3 [pid 10524] chdir("./file0" [pid 5852] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10524] <... chdir resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10524] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] unlink("./53/binderfs") = 0 [pid 10524] <... openat resumed>) = 4 [pid 5852] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10524] ioctl(4, LOOP_CLR_FD) = 0 [pid 10524] close(4) = 0 [pid 10524] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10522] <... mount resumed>) = 0 [pid 10524] ioctl(-1, SIOCGIFINDEX, NULL [pid 10522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10524] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10524] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10524] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10522] chdir("./file0" [pid 10524] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10522] <... chdir resumed>) = 0 [pid 10522] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10524] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10522] <... openat resumed>) = 4 [ 239.214930][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10524] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10522] ioctl(4, LOOP_CLR_FD [pid 10524] exit_group(0 [pid 10522] <... ioctl resumed>) = 0 [pid 10555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10524] <... exit_group resumed>) = ? [pid 10522] close(4) = 0 [pid 10522] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10524] +++ exited with 0 +++ [pid 10522] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10524, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=23 /* 0.23 s */} --- [pid 10522] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10522] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10522] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10522] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10522] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10522] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10522] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10522] exit_group(0 [pid 5848] <... openat resumed>) = 3 [pid 10522] <... exit_group resumed>) = ? [pid 10522] +++ exited with 0 +++ [pid 5848] newfstatat(3, "", [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10522, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 239.257494][ T5852] BTRFS info (device loop4): last unmount of filesystem 1ab6f0d4-fd5e-4b90-992f-3835b3545282 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... restart_syscall resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./55/binderfs") = 0 [pid 5849] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./54/binderfs") = 0 [pid 5849] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 239.383766][ T5849] BTRFS info (device loop1): last unmount of filesystem f6787991-00a4-4ced-8bdb-6bb0273d185b [pid 5852] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./53/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [ 239.438505][ T5848] BTRFS info (device loop0): last unmount of filesystem 9f6987b7-e88c-4808-bb56-de631b9152a5 [pid 5852] rmdir("./53") = 0 [pid 5852] mkdir("./54", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10607 attached , child_tidptr=0x55558aa90650) = 10607 [pid 5849] <... umount2 resumed>) = 0 [pid 10607] set_robust_list(0x55558aa90660, 24) = 0 [pid 10607] chdir("./54" [pid 5849] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10607] <... chdir resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./54/file0", [pid 10607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10607] setpgid(0, 0) = 0 [pid 10607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10607] write(3, "1000", 4) = 4 [pid 10607] close(3) = 0 [pid 10607] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10607] <... symlink resumed>) = 0 [pid 10607] write(1, "executing program\n", 18executing program ) = 18 [pid 10607] memfd_create("syzkaller", 0) = 3 [pid 10607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./54/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] close(3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4 [pid 5849] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./53/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./53") = 0 [pid 5851] mkdir("./54", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5849] rmdir("./54" [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10608 attached , child_tidptr=0x55558aa90650) = 10608 [pid 5849] <... rmdir resumed>) = 0 [pid 10608] set_robust_list(0x55558aa90660, 24) = 0 [pid 10608] chdir("./54") = 0 [pid 10608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10608] setpgid(0, 0) = 0 [pid 10608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] mkdir("./55", 0777executing program [pid 10608] write(3, "1000", 4) = 4 [pid 10608] close(3) = 0 [pid 10608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 10608] write(1, "executing program\n", 18 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10608] <... write resumed>) = 18 [pid 10608] memfd_create("syzkaller", 0) = 3 [pid 10608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 10609 ./strace-static-x86_64: Process 10609 attached [pid 10609] set_robust_list(0x55558aa90660, 24) = 0 [pid 10609] chdir("./55") = 0 [pid 10609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10609] setpgid(0, 0) = 0 [pid 10609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10609] write(3, "1000", 4 [pid 10555] <... write resumed>) = 16777216 [pid 10609] <... write resumed>) = 4 [pid 10609] close(3 [pid 10555] munmap(0x7f362be00000, 138412032 [pid 10609] <... close resumed>) = 0 [pid 10609] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10609] write(1, "executing program\n", 18) = 18 [pid 10609] memfd_create("syzkaller", 0 [pid 10555] <... munmap resumed>) = 0 [pid 10609] <... memfd_create resumed>) = 3 [pid 10555] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10555] ioctl(4, LOOP_SET_FD, 3 [pid 10609] <... mmap resumed>) = 0x7f362be00000 [pid 10555] <... ioctl resumed>) = 0 [pid 10555] close(3) = 0 [pid 10555] close(4) = 0 [pid 10555] mkdir("./file0", 0777) = 0 [ 239.835777][T10555] loop2: detected capacity change from 0 to 32768 [pid 10555] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 239.901161][T10555] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10555) [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [ 239.945591][T10555] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] rmdir("./55/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./55") = 0 [pid 5848] mkdir("./56", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3 [pid 10607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 10613 ./strace-static-x86_64: Process 10613 attached [ 239.990982][T10555] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 240.025881][T10555] BTRFS info (device loop2): using free-space-tree [pid 10613] set_robust_list(0x55558aa90660, 24) = 0 [pid 10613] chdir("./56") = 0 [pid 10613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10613] setpgid(0, 0) = 0 [pid 10613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10613] write(3, "1000", 4) = 4 [pid 10613] close(3) = 0 executing program [pid 10613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10613] write(1, "executing program\n", 18) = 18 [pid 10613] memfd_create("syzkaller", 0) = 3 [pid 10613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10607] <... write resumed>) = 16777216 [pid 10607] munmap(0x7f362be00000, 138412032 [pid 10555] <... mount resumed>) = 0 [pid 10555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10555] chdir("./file0") = 0 [pid 10555] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10555] ioctl(4, LOOP_CLR_FD [pid 10607] <... munmap resumed>) = 0 [pid 10555] <... ioctl resumed>) = 0 [pid 10555] close(4) = 0 [pid 10607] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10555] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10607] ioctl(4, LOOP_SET_FD, 3 [pid 10555] <... openat resumed>) = 4 [pid 10607] <... ioctl resumed>) = 0 [pid 10555] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10555] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10555] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10607] close(3 [pid 10555] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10607] <... close resumed>) = 0 [pid 10555] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10607] close(4) = 0 [pid 10555] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10607] mkdir("./file0", 0777 [pid 10555] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10555] exit_group(0) = ? [pid 10555] +++ exited with 0 +++ [pid 10607] <... mkdir resumed>) = 0 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10555, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- [pid 10607] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 240.340301][T10607] loop4: detected capacity change from 0 to 32768 [ 240.365985][T10607] BTRFS: device /dev/loop4 (7:4) using temp-fsid a08106bb-065b-4bcb-97ba-14c4838e4b70 [pid 5850] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 240.387948][T10607] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10607) [ 240.423657][T10607] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./54/binderfs") = 0 [ 240.449196][T10607] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 240.458732][T10607] BTRFS info (device loop4): using free-space-tree [pid 5850] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10609] <... write resumed>) = 16777216 [pid 10609] munmap(0x7f362be00000, 138412032) = 0 [pid 10609] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10609] close(3) = 0 [pid 10609] close(4) = 0 [pid 10609] mkdir("./file0", 0777) = 0 [ 240.524760][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 240.554198][T10609] loop1: detected capacity change from 0 to 32768 [ 240.593590][T10609] BTRFS: device /dev/loop1 (7:1) using temp-fsid bfea4126-fd9a-48d0-87d5-319f009cfb2f [pid 10609] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10608] <... write resumed>) = 16777216 [pid 10608] munmap(0x7f362be00000, 138412032 [pid 10613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10608] <... munmap resumed>) = 0 [pid 10608] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10608] close(3) = 0 [pid 10608] close(4) = 0 [pid 10608] mkdir("./file0", 0777) = 0 [ 240.669217][T10609] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10609) [ 240.692068][T10608] loop3: detected capacity change from 0 to 32768 [ 240.725147][T10608] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10608) [ 240.729261][T10609] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 240.774685][T10609] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 240.791219][T10608] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10608] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10607] <... mount resumed>) = 0 [pid 10607] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10607] chdir("./file0") = 0 [pid 10607] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10607] ioctl(4, LOOP_CLR_FD) = 0 [pid 10607] close(4) = 0 [pid 10607] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10607] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10607] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10607] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10607] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10607] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10607] exit_group(0) = ? [pid 10607] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10607, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=27 /* 0.27 s */} --- [pid 5852] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 240.830048][T10609] BTRFS info (device loop1): using free-space-tree [ 240.850775][T10608] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] unlink("./54/binderfs") = 0 [ 240.905163][T10608] BTRFS info (device loop3): using free-space-tree [pid 5852] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10609] <... mount resumed>) = 0 [pid 10609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10609] chdir("./file0") = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 10609] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5850] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10609] ioctl(4, LOOP_CLR_FD) = 0 [pid 10609] close(4) = 0 [ 240.964023][ T5852] BTRFS info (device loop4): last unmount of filesystem a08106bb-065b-4bcb-97ba-14c4838e4b70 [pid 10609] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10609] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] newfstatat(AT_FDCWD, "./54/file0", [pid 10609] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10609] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10609] <... write resumed>) = 280 [pid 5850] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10609] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10609] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10609] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5850] <... openat resumed>) = 4 [pid 10609] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(4, "", [pid 10609] exit_group(0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10609] <... exit_group resumed>) = ? [pid 5850] getdents64(4, [pid 10609] +++ exited with 0 +++ [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10609, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- [pid 5850] close(4 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5850] <... close resumed>) = 0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5850] rmdir("./54/file0" [pid 5849] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] <... rmdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] getdents64(3, [pid 5849] <... openat resumed>) = 3 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] newfstatat(3, "", [pid 5852] <... umount2 resumed>) = 0 [pid 5850] close(3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./55/binderfs") = 0 [pid 5849] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./54" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./54/file0", [pid 5850] <... rmdir resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] mkdir("./55", 0777 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] <... mkdir resumed>) = 0 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] <... openat resumed>) = 3 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5852] close(4 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] <... close resumed>) = 0 [pid 5850] close(3 [pid 5852] rmdir("./54/file0" [pid 5850] <... close resumed>) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10676 attached [pid 10613] <... write resumed>) = 16777216 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 10676 [pid 10613] munmap(0x7f362be00000, 138412032executing program [pid 5852] <... close resumed>) = 0 [pid 10676] set_robust_list(0x55558aa90660, 24) = 0 [pid 10676] chdir("./55") = 0 [pid 10676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10676] setpgid(0, 0) = 0 [pid 10676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10676] write(3, "1000", 4) = 4 [pid 10676] close(3) = 0 [pid 10676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10676] write(1, "executing program\n", 18) = 18 [pid 10676] memfd_create("syzkaller", 0) = 3 [pid 10676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] rmdir("./54") = 0 [pid 5852] mkdir("./55", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 10676] <... mmap resumed>) = 0x7f362be00000 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3 [pid 10613] <... munmap resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10677 attached [pid 10677] set_robust_list(0x55558aa90660, 24 [pid 10613] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10677] <... set_robust_list resumed>) = 0 [pid 10613] <... openat resumed>) = 4 [pid 10677] chdir("./55") = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10677 [pid 10677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10677] setpgid(0, 0 [pid 10613] ioctl(4, LOOP_SET_FD, 3 [pid 10677] <... setpgid resumed>) = 0 [pid 10677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10677] write(3, "1000", 4) = 4 [pid 10677] close(3) = 0 [pid 10677] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10677] write(1, "executing program\n", 18) = 18 [pid 10677] memfd_create("syzkaller", 0) = 3 [pid 10608] <... mount resumed>) = 0 [pid 10677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10608] chdir("./file0") = 0 [pid 10608] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10608] ioctl(4, LOOP_CLR_FD) = 0 [pid 10608] close(4) = 0 [ 241.175544][T10613] loop0: detected capacity change from 0 to 32768 [ 241.188325][ T5849] BTRFS info (device loop1): last unmount of filesystem bfea4126-fd9a-48d0-87d5-319f009cfb2f [pid 10608] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10613] <... ioctl resumed>) = 0 [pid 10613] close(3 [pid 10608] ioctl(-1, SIOCGIFINDEX, NULL [pid 10613] <... close resumed>) = 0 [pid 10613] close(4 [pid 10608] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10613] <... close resumed>) = 0 [pid 10608] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 10613] mkdir("./file0", 0777 [pid 10608] <... write resumed>) = 280 [pid 10613] <... mkdir resumed>) = 0 [pid 10613] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10608] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10608] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10608] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10608] exit_group(0) = ? [pid 10608] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10608, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 241.259275][T10613] BTRFS: device /dev/loop0 (7:0) using temp-fsid 3b46a813-441f-403d-b492-e9c0d462f1b2 [ 241.268913][T10613] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10613) [pid 5851] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./54/binderfs") = 0 [ 241.380462][T10613] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 241.434958][T10613] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 241.436184][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 241.444661][T10613] BTRFS info (device loop0): using free-space-tree [pid 5851] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./55/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./55") = 0 [pid 5849] mkdir("./56", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10693 attached , child_tidptr=0x55558aa90650) = 10693 [pid 10693] set_robust_list(0x55558aa90660, 24) = 0 [pid 10693] chdir("./56") = 0 [pid 10693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10693] setpgid(0, 0) = 0 [pid 10693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10693] write(3, "1000", 4) = 4 [pid 10693] close(3) = 0 [pid 10693] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10693] write(1, "executing program\n", 18) = 18 [pid 10693] memfd_create("syzkaller", 0) = 3 [pid 10693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./54/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./54") = 0 [pid 10613] <... mount resumed>) = 0 [pid 10613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] mkdir("./55", 0777 [pid 10613] chdir("./file0" [pid 5851] <... mkdir resumed>) = 0 [pid 10613] <... chdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5851] <... openat resumed>) = 3 [pid 10613] ioctl(4, LOOP_CLR_FD [pid 5851] ioctl(3, LOOP_CLR_FD [pid 10613] <... ioctl resumed>) = 0 [pid 10613] close(4 [pid 5851] <... ioctl resumed>) = 0 [pid 10613] <... close resumed>) = 0 [pid 5851] close(3) = 0 [pid 10613] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10613] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 10696 attached [pid 10696] set_robust_list(0x55558aa90660, 24) = 0 [pid 10696] chdir("./55") = 0 [pid 10696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10696] setpgid(0, 0) = 0 [pid 10613] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10696 [pid 10696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10613] <... write resumed>) = 280 [pid 10696] <... openat resumed>) = 3 [pid 10693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10613] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10696] write(3, "1000", 4 [pid 10613] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10696] <... write resumed>) = 4 [pid 10613] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10696] close(3 [pid 10613] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 10696] <... close resumed>) = 0 [pid 10696] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10696] write(1, "executing program\n", 18) = 18 [pid 10696] memfd_create("syzkaller", 0 [pid 10613] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10696] <... memfd_create resumed>) = 3 [pid 10696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10613] exit_group(0) = ? [pid 10613] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10613, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- [pid 10677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./56/binderfs") = 0 [pid 5848] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 241.945491][ T5848] BTRFS info (device loop0): last unmount of filesystem 3b46a813-441f-403d-b492-e9c0d462f1b2 [pid 10676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./56/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./56") = 0 [pid 5848] mkdir("./57", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10698 attached , child_tidptr=0x55558aa90650) = 10698 [pid 10698] set_robust_list(0x55558aa90660, 24) = 0 [pid 10698] chdir("./57") = 0 [pid 10698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10698] setpgid(0, 0) = 0 [pid 10698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10698] write(3, "1000", 4) = 4 [pid 10698] close(3executing program ) = 0 [pid 10698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10698] write(1, "executing program\n", 18) = 18 [pid 10698] memfd_create("syzkaller", 0) = 3 [pid 10698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10693] <... write resumed>) = 16777216 [pid 10677] <... write resumed>) = 16777216 [pid 10693] munmap(0x7f362be00000, 138412032) = 0 [pid 10677] munmap(0x7f362be00000, 138412032 [pid 10693] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10676] <... write resumed>) = 16777216 [pid 10693] <... openat resumed>) = 4 [pid 10676] munmap(0x7f362be00000, 138412032 [pid 10693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10677] <... munmap resumed>) = 0 [pid 10693] close(3) = 0 [pid 10677] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10677] ioctl(4, LOOP_SET_FD, 3 [pid 10693] close(4) = 0 [pid 10676] <... munmap resumed>) = 0 [pid 10693] mkdir("./file0", 0777 [pid 10676] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10693] <... mkdir resumed>) = 0 [ 242.456069][T10693] loop1: detected capacity change from 0 to 32768 [ 242.467884][T10677] loop4: detected capacity change from 0 to 32768 [pid 10693] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10676] ioctl(4, LOOP_SET_FD, 3 [pid 10677] <... ioctl resumed>) = 0 [pid 10677] close(3) = 0 [pid 10677] close(4) = 0 [pid 10677] mkdir("./file0", 0777) = 0 [pid 10677] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10676] <... ioctl resumed>) = 0 [pid 10676] close(3) = 0 [pid 10676] close(4) = 0 [pid 10676] mkdir("./file0", 0777) = 0 [ 242.503822][T10676] loop2: detected capacity change from 0 to 32768 [ 242.505720][T10693] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10693) [ 242.600148][T10677] BTRFS: device /dev/loop4 (7:4) using temp-fsid 0eca32b1-beb8-48d8-b41b-2cec93c2ab82 [ 242.619677][T10693] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 242.636824][T10677] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10677) [pid 10676] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 242.664714][T10693] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 242.679288][T10693] BTRFS info (device loop1): using free-space-tree [ 242.704731][T10676] BTRFS: device /dev/loop2 (7:2) using temp-fsid c803b14d-ef27-4ba5-af95-bdf0fa491c87 [ 242.706517][T10677] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 242.725017][T10676] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10676) [ 242.765322][T10677] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 242.776698][T10677] BTRFS info (device loop4): using free-space-tree [ 242.783852][T10676] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10696] <... write resumed>) = 16777216 [ 242.827630][T10676] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 10696] munmap(0x7f362be00000, 138412032) = 0 [pid 10696] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10696] ioctl(4, LOOP_SET_FD, 3) = 0 [ 242.879336][T10676] BTRFS info (device loop2): using free-space-tree [ 242.898673][T10696] loop3: detected capacity change from 0 to 32768 [pid 10696] close(3) = 0 [pid 10696] close(4) = 0 [pid 10696] mkdir("./file0", 0777) = 0 [ 242.942923][T10696] BTRFS: device /dev/loop3 (7:3) using temp-fsid 79c3a337-191d-4675-b17d-275623e3380d [ 242.979167][T10696] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10696) [pid 10696] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10698] <... write resumed>) = 16777216 [ 243.101237][T10696] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10698] munmap(0x7f362be00000, 138412032) = 0 [pid 10698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10698] close(3) = 0 [pid 10698] close(4 [pid 10693] <... mount resumed>) = 0 [pid 10677] <... mount resumed>) = 0 [pid 10676] <... mount resumed>) = 0 [pid 10698] <... close resumed>) = 0 [pid 10677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10677] <... openat resumed>) = 3 [pid 10676] <... openat resumed>) = 3 [pid 10677] chdir("./file0" [pid 10676] chdir("./file0" [pid 10677] <... chdir resumed>) = 0 [pid 10676] <... chdir resumed>) = 0 [pid 10698] mkdir("./file0", 0777 [pid 10693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10677] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10676] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10693] <... openat resumed>) = 3 [pid 10677] <... openat resumed>) = 4 [pid 10676] <... openat resumed>) = 4 [pid 10693] chdir("./file0" [pid 10698] <... mkdir resumed>) = 0 [pid 10677] ioctl(4, LOOP_CLR_FD [pid 10676] ioctl(4, LOOP_CLR_FD [pid 10693] <... chdir resumed>) = 0 [pid 10677] <... ioctl resumed>) = 0 [pid 10676] <... ioctl resumed>) = 0 [ 243.142940][T10696] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 243.155653][T10698] loop0: detected capacity change from 0 to 32768 [ 243.182370][T10696] BTRFS info (device loop3): using free-space-tree [pid 10693] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10677] close(4 [pid 10676] close(4 [pid 10698] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10693] <... openat resumed>) = 4 [pid 10677] <... close resumed>) = 0 [pid 10676] <... close resumed>) = 0 [pid 10693] ioctl(4, LOOP_CLR_FD [pid 10677] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10676] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10693] <... ioctl resumed>) = 0 [pid 10677] <... openat resumed>) = 4 [pid 10676] <... openat resumed>) = 4 [pid 10693] close(4 [pid 10677] ioctl(-1, SIOCGIFINDEX, NULL [pid 10693] <... close resumed>) = 0 [pid 10693] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10693] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10693] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10693] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10693] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10693] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10693] exit_group(0) = ? [pid 10693] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10693, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=22 /* 0.22 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 10677] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10677] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10677] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10677] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5849] <... restart_syscall resumed>) = 0 [pid 10677] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10677] exit_group(0) = ? [pid 5849] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10677] +++ exited with 0 +++ [pid 10676] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10676] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10677, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [ 243.207445][T10698] BTRFS: device /dev/loop0 (7:0) using temp-fsid dedcc7c4-dad4-4563-9038-51d9b62d6c44 [ 243.223323][T10698] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10698) [pid 5849] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5849] newfstatat(3, "", [pid 5852] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(3, [pid 5852] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] <... openat resumed>) = 3 [pid 5849] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] newfstatat(3, "", [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] newfstatat(AT_FDCWD, "./56/binderfs", [pid 5852] getdents64(3, [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] unlink("./56/binderfs") = 0 [pid 10676] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10676] <... write resumed>) = 280 [pid 5852] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10676] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10676] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10676] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./55/binderfs") = 0 [ 243.281792][T10698] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 243.327347][T10698] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 243.344732][T10698] BTRFS info (device loop0): using free-space-tree [pid 5852] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10676] exit_group(0) = ? [pid 10696] <... mount resumed>) = 0 [pid 10676] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10676, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 10696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10696] chdir("./file0" [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10696] <... chdir resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10696] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5850] <... openat resumed>) = 3 [pid 10696] ioctl(4, LOOP_CLR_FD) = 0 [pid 5850] newfstatat(3, "", [pid 10696] close(4) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10696] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 243.374065][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] getdents64(3, [pid 10696] <... openat resumed>) = 4 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10696] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10696] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10696] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] newfstatat(AT_FDCWD, "./55/binderfs", [pid 10696] <... write resumed>) = 280 [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10696] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5850] unlink("./55/binderfs" [pid 10696] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5850] <... unlink resumed>) = 0 [pid 10696] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5850] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10696] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10696] exit_group(0) = ? [pid 10696] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10696, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [ 243.423637][ T5852] BTRFS info (device loop4): last unmount of filesystem 0eca32b1-beb8-48d8-b41b-2cec93c2ab82 [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./55/binderfs") = 0 [ 243.533790][ T5850] BTRFS info (device loop2): last unmount of filesystem c803b14d-ef27-4ba5-af95-bdf0fa491c87 [pid 5851] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10698] <... mount resumed>) = 0 [pid 10698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] <... umount2 resumed>) = 0 [pid 10698] <... openat resumed>) = 3 [pid 5852] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./55/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./55" [pid 10698] chdir("./file0" [pid 5852] <... rmdir resumed>) = 0 [pid 10698] <... chdir resumed>) = 0 [pid 10698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10698] ioctl(4, LOOP_CLR_FD) = 0 [pid 10698] close(4) = 0 [pid 10698] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] mkdir("./56", 0777 [pid 10698] <... openat resumed>) = 4 [pid 5852] <... mkdir resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10698] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10698] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10781 [pid 10698] bpf(BPF_MAP_CREATE, NULL, 0./strace-static-x86_64: Process 10781 attached ) = -1 EINVAL (Invalid argument) [pid 10698] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10781] set_robust_list(0x55558aa90660, 24 [pid 10698] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 10781] <... set_robust_list resumed>) = 0 [pid 10781] chdir("./56" [pid 10698] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10781] <... chdir resumed>) = 0 [pid 10781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10781] setpgid(0, 0) = 0 [pid 10781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 243.575414][ T5851] BTRFS info (device loop3): last unmount of filesystem 79c3a337-191d-4675-b17d-275623e3380d [pid 10781] write(3, "1000", 4) = 4 [pid 10698] exit_group(0executing program [pid 10781] close(3 [pid 10698] <... exit_group resumed>) = ? [pid 10781] <... close resumed>) = 0 [pid 10781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10781] write(1, "executing program\n", 18) = 18 [pid 10698] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10698, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=33 /* 0.33 s */} --- [pid 5848] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10781] memfd_create("syzkaller", 0 [pid 5848] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./57/binderfs" [pid 10781] <... memfd_create resumed>) = 3 [pid 5848] <... unlink resumed>) = 0 [pid 10781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10781] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./55/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./55") = 0 [pid 5850] mkdir("./56", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [ 243.715063][ T5848] BTRFS info (device loop0): last unmount of filesystem dedcc7c4-dad4-4563-9038-51d9b62d6c44 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10782 attached , child_tidptr=0x55558aa90650) = 10782 [pid 10782] set_robust_list(0x55558aa90660, 24) = 0 [pid 10782] chdir("./56") = 0 [pid 10782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10782] setpgid(0, 0) = 0 [pid 10782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10782] write(3, "1000", 4) = 4 [pid 10782] close(3) = 0 [pid 10782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10782] write(1, "executing program\n", 18) = 18 [pid 10782] memfd_create("syzkaller", 0) = 3 [pid 10782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./57/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./57") = 0 [pid 5848] mkdir("./58", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 10783 ./strace-static-x86_64: Process 10783 attached [pid 10783] set_robust_list(0x55558aa90660, 24) = 0 [pid 10783] chdir("./58") = 0 [pid 10783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10783] setpgid(0, 0) = 0 [pid 10783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10783] write(3, "1000", 4) = 4 [pid 10783] close(3) = 0 [pid 10783] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10783] write(1, "executing program\n", 18) = 18 [pid 10783] memfd_create("syzkaller", 0) = 3 [pid 10783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./56/file0" [pid 5851] <... umount2 resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5851] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] getdents64(3, [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 5851] newfstatat(AT_FDCWD, "./55/file0", [pid 5849] <... close resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] rmdir("./56" [pid 5851] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... rmdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] mkdir("./57", 0777 [pid 5851] <... openat resumed>) = 4 [pid 5849] <... mkdir resumed>) = 0 [pid 5851] newfstatat(4, "", [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5851] getdents64(4, [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] getdents64(4, [pid 5849] close(3 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] <... close resumed>) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./55/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... close resumed>) = 0 [pid 5851] rmdir("./55") = 0 [pid 5851] mkdir("./56", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10785 attached [pid 10785] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10785 ./strace-static-x86_64: Process 10784 attached [pid 10785] <... set_robust_list resumed>) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 10784 [pid 10785] chdir("./56") = 0 [pid 10784] set_robust_list(0x55558aa90660, 24 [pid 10785] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10784] <... set_robust_list resumed>) = 0 [pid 10785] <... prctl resumed>) = 0 [pid 10785] setpgid(0, 0 [pid 10784] chdir("./57" [pid 10785] <... setpgid resumed>) = 0 [pid 10784] <... chdir resumed>) = 0 [pid 10784] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10784] <... prctl resumed>) = 0 [pid 10785] <... openat resumed>) = 3 [pid 10784] setpgid(0, 0 [pid 10785] write(3, "1000", 4 [pid 10784] <... setpgid resumed>) = 0 [pid 10785] <... write resumed>) = 4 [pid 10785] close(3) = 0 [pid 10785] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10785] write(1, "executing program\n", 18) = 18 [pid 10784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10785] memfd_create("syzkaller", 0 [pid 10784] <... openat resumed>) = 3 [pid 10785] <... memfd_create resumed>) = 3 [pid 10785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10784] write(3, "1000", 4 [pid 10785] <... mmap resumed>) = 0x7f362be00000 [pid 10784] <... write resumed>) = 4 [pid 10784] close(3) = 0 [pid 10784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10784] write(1, "executing program\n", 18executing program ) = 18 [pid 10784] memfd_create("syzkaller", 0) = 3 [pid 10784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10781] <... write resumed>) = 16777216 [pid 10781] munmap(0x7f362be00000, 138412032) = 0 [pid 10781] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10781] close(3) = 0 [pid 10781] close(4 [pid 10782] <... write resumed>) = 16777216 [pid 10781] <... close resumed>) = 0 [pid 10782] munmap(0x7f362be00000, 138412032 [pid 10781] mkdir("./file0", 0777) = 0 [ 244.760957][T10781] loop4: detected capacity change from 0 to 32768 [pid 10781] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10782] <... munmap resumed>) = 0 [pid 10782] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10783] <... write resumed>) = 16777216 [ 244.818280][T10781] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10781) [pid 10782] ioctl(4, LOOP_SET_FD, 3 [pid 10783] munmap(0x7f362be00000, 138412032 [pid 10782] <... ioctl resumed>) = 0 [pid 10782] close(3 [pid 10783] <... munmap resumed>) = 0 [pid 10782] <... close resumed>) = 0 [pid 10782] close(4) = 0 [pid 10783] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10782] mkdir("./file0", 0777 [pid 10783] <... openat resumed>) = 4 [pid 10782] <... mkdir resumed>) = 0 [ 244.866627][T10782] loop2: detected capacity change from 0 to 32768 [ 244.873336][T10781] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 244.889401][T10781] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 244.907597][T10781] BTRFS info (device loop4): using free-space-tree [pid 10783] ioctl(4, LOOP_SET_FD, 3 [pid 10782] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 10783] <... ioctl resumed>) = 0 [pid 10783] close(3) = 0 [ 244.934630][T10783] loop0: detected capacity change from 0 to 32768 [ 244.943590][T10782] BTRFS: device /dev/loop2 (7:2) using temp-fsid e46843ec-aefd-405b-81a6-adab48247fae [pid 10783] close(4) = 0 [pid 10783] mkdir("./file0", 0777) = 0 [pid 10783] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10785] <... write resumed>) = 16777216 [ 244.994483][T10782] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10782) [pid 10785] munmap(0x7f362be00000, 138412032) = 0 [pid 10785] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 245.084687][T10783] BTRFS: device /dev/loop0 (7:0) using temp-fsid af78b9a8-f32c-4ce2-9f13-12981e8e52fc [ 245.095853][T10782] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 245.107863][T10785] loop3: detected capacity change from 0 to 32768 [ 245.116040][T10783] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10783) [pid 10785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10784] <... write resumed>) = 16777216 [pid 10785] close(3 [pid 10784] munmap(0x7f362be00000, 138412032) = 0 [pid 10785] <... close resumed>) = 0 [ 245.124644][T10782] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 10785] close(4) = 0 [pid 10784] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10785] mkdir("./file0", 0777) = 0 [pid 10785] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10784] <... openat resumed>) = 4 [pid 10784] ioctl(4, LOOP_SET_FD, 3 [pid 10781] <... mount resumed>) = 0 [pid 10781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10781] chdir("./file0") = 0 [pid 10781] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10781] ioctl(4, LOOP_CLR_FD) = 0 [pid 10781] close(4 [pid 10784] <... ioctl resumed>) = 0 [pid 10781] <... close resumed>) = 0 [ 245.158805][T10782] BTRFS info (device loop2): using free-space-tree [ 245.164462][T10783] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 245.183230][T10784] loop1: detected capacity change from 0 to 32768 [ 245.193277][T10785] BTRFS: device /dev/loop3 (7:3) using temp-fsid 59bb7cd9-c2d6-48b7-a83c-781b595bdb74 [pid 10784] close(3) = 0 [pid 10781] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10784] close(4 [pid 10781] <... openat resumed>) = 4 [pid 10784] <... close resumed>) = 0 [pid 10781] ioctl(-1, SIOCGIFINDEX, NULL [pid 10784] mkdir("./file0", 0777) = 0 [pid 10781] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10781] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 10784] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10781] <... write resumed>) = 280 [pid 10781] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10781] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10781] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10781] exit_group(0) = ? [pid 10781] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10781, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=18 /* 0.18 s */} --- [ 245.229755][T10785] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10785) [ 245.231890][T10783] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 245.291833][T10784] BTRFS: device /dev/loop1 (7:1) using temp-fsid 6f12b11b-0f3e-4264-89f5-adf191cac1a7 [ 245.320230][T10785] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./56/binderfs") = 0 [ 245.336859][T10783] BTRFS info (device loop0): using free-space-tree [ 245.350445][T10784] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10784) [ 245.400598][T10785] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 245.436372][T10784] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 245.465595][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 245.483777][T10785] BTRFS info (device loop3): using free-space-tree [ 245.501554][T10784] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10782] <... mount resumed>) = 0 [pid 10782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10782] chdir("./file0") = 0 [pid 10782] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10782] ioctl(4, LOOP_CLR_FD) = 0 [ 245.512075][T10784] BTRFS info (device loop1): using free-space-tree [pid 10782] close(4) = 0 [pid 10782] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10782] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10782] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10782] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10782] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10782] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10782] exit_group(0) = ? [pid 10782] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10782, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=24 /* 0.24 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./56/binderfs") = 0 [pid 5850] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10783] <... mount resumed>) = 0 [pid 10783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10783] chdir("./file0") = 0 [pid 10783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10783] ioctl(4, LOOP_CLR_FD [pid 5852] <... umount2 resumed>) = 0 [pid 10783] <... ioctl resumed>) = 0 [pid 5852] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10783] close(4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10783] <... close resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./56/file0", [pid 10783] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10783] <... openat resumed>) = 4 [pid 5852] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 245.699896][ T5850] BTRFS info (device loop2): last unmount of filesystem e46843ec-aefd-405b-81a6-adab48247fae [pid 5852] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10783] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] newfstatat(4, "", [pid 10783] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10783] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] getdents64(4, [pid 10783] <... write resumed>) = 280 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10783] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] getdents64(4, [pid 10783] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 10783] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] close(4 [pid 10783] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... close resumed>) = 0 [pid 10783] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] rmdir("./56/file0" [pid 10783] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... rmdir resumed>) = 0 [pid 10783] exit_group(0 [pid 5852] getdents64(3, [pid 10783] <... exit_group resumed>) = ? [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 10783] +++ exited with 0 +++ [pid 5852] close(3) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10783, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=33 /* 0.33 s */} --- [pid 5852] rmdir("./56" [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5852] <... rmdir resumed>) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10784] <... mount resumed>) = 0 [pid 5852] mkdir("./57", 0777 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] <... mkdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10784] <... openat resumed>) = 3 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] <... openat resumed>) = 3 [pid 10784] chdir("./file0" [pid 5852] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 10784] <... chdir resumed>) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5848] getdents64(3, [pid 10784] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10785] <... mount resumed>) = 0 [pid 10784] <... openat resumed>) = 4 [pid 5852] close(3 [pid 5848] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10784] ioctl(4, LOOP_CLR_FD [pid 5852] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10785] <... openat resumed>) = 3 [pid 10784] <... ioctl resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] newfstatat(AT_FDCWD, "./58/binderfs", ./strace-static-x86_64: Process 10869 attached [pid 10785] chdir("./file0" [pid 10784] close(4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10869] set_robust_list(0x55558aa90660, 24 [pid 10785] <... chdir resumed>) = 0 [pid 10784] <... close resumed>) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10869 [pid 5848] unlink("./58/binderfs" [pid 10785] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10784] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10869] <... set_robust_list resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 10869] chdir("./57" [pid 10785] <... openat resumed>) = 4 [pid 10784] <... openat resumed>) = 4 [pid 5848] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10869] <... chdir resumed>) = 0 [pid 10785] ioctl(4, LOOP_CLR_FD [pid 10869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10785] <... ioctl resumed>) = 0 [pid 10784] ioctl(-1, SIOCGIFINDEX, NULL [pid 10869] <... prctl resumed>) = 0 [pid 10869] setpgid(0, 0 [pid 10785] close(4 [pid 10784] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10869] <... setpgid resumed>) = 0 [pid 10785] <... close resumed>) = 0 [pid 10784] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 10869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10785] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10784] <... write resumed>) = 280 [pid 10785] <... openat resumed>) = 4 [pid 10784] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10785] ioctl(-1, SIOCGIFINDEX, NULL [pid 10784] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10785] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10784] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10785] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 10784] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10785] <... write resumed>) = 280 [pid 10784] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 10869] write(3, "1000", 4 [pid 10784] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10869] <... write resumed>) = 4 [pid 10784] exit_group(0) = ? [pid 10784] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10784, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=23 /* 0.23 s */} --- [pid 5849] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10785] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10785] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10785] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5849] <... openat resumed>) = 3 [pid 10869] close(3 [pid 10785] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] newfstatat(3, "", [pid 10869] <... close resumed>) = 0 [pid 10869] symlink("/dev/binderfs", "./binderfs" [pid 10785] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10785] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(3, [pid 10785] exit_group(0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10785] <... exit_group resumed>) = ? [pid 5849] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10869] <... symlink resumed>) = 0 [pid 10785] +++ exited with 0 +++ [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10785, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 5849] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./57/binderfs" [pid 5851] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... unlink resumed>) = 0 [pid 10869] write(1, "executing program\n", 18 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, executing program [pid 10869] <... write resumed>) = 18 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./56/binderfs") = 0 [pid 5851] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10869] memfd_create("syzkaller", 0) = 3 [pid 5850] <... umount2 resumed>) = 0 [pid 10869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10869] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 245.910877][ T5848] BTRFS info (device loop0): last unmount of filesystem af78b9a8-f32c-4ce2-9f13-12981e8e52fc [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./56/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./56") = 0 [pid 5850] mkdir("./57", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 10870 ./strace-static-x86_64: Process 10870 attached [pid 10870] set_robust_list(0x55558aa90660, 24) = 0 [pid 10870] chdir("./57") = 0 [pid 10870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10870] setpgid(0, 0) = 0 [pid 10870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10870] write(3, "1000", 4) = 4 [pid 10870] close(3) = 0 [pid 10870] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10870] write(1, "executing program\n", 18) = 18 [pid 10870] memfd_create("syzkaller", 0) = 3 [pid 10870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 246.001951][ T5849] BTRFS info (device loop1): last unmount of filesystem 6f12b11b-0f3e-4264-89f5-adf191cac1a7 [ 246.013071][ T5851] BTRFS info (device loop3): last unmount of filesystem 59bb7cd9-c2d6-48b7-a83c-781b595bdb74 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./58/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./58") = 0 [pid 5848] mkdir("./59", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 10871 ./strace-static-x86_64: Process 10871 attached [pid 10871] set_robust_list(0x55558aa90660, 24) = 0 [pid 10871] chdir("./59") = 0 [pid 10871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10871] setpgid(0, 0) = 0 [pid 10871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10871] write(3, "1000", 4) = 4 [pid 10871] close(3) = 0 executing program [pid 10871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10871] write(1, "executing program\n", 18) = 18 [pid 10871] memfd_create("syzkaller", 0) = 3 [pid 10871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... umount2 resumed>) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./56/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./56") = 0 [pid 5851] mkdir("./57", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5849] newfstatat(AT_FDCWD, "./57/file0", [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10872 attached [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10872] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10872 [pid 5849] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10872] <... set_robust_list resumed>) = 0 [pid 10872] chdir("./57" [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10872] <... chdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] <... openat resumed>) = 4 [pid 10872] setpgid(0, 0 [pid 5849] newfstatat(4, "", [pid 10870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10872] <... setpgid resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] getdents64(4, [pid 10872] <... openat resumed>) = 3 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10872] write(3, "1000", 4 [pid 5849] getdents64(4, [pid 10872] <... write resumed>) = 4 [pid 10872] close(3 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 10872] <... close resumed>) = 0 [pid 5849] close(4) = 0 [pid 10872] symlink("/dev/binderfs", "./binderfs" [pid 5849] rmdir("./57/file0" [pid 10872] <... symlink resumed>) = 0 executing program [pid 10872] write(1, "executing program\n", 18 [pid 5849] <... rmdir resumed>) = 0 [pid 10872] <... write resumed>) = 18 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 10872] memfd_create("syzkaller", 0 [pid 5849] close(3 [pid 10872] <... memfd_create resumed>) = 3 [pid 5849] <... close resumed>) = 0 [pid 10872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] rmdir("./57") = 0 [pid 10872] <... mmap resumed>) = 0x7f362be00000 [pid 5849] mkdir("./58", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10873 attached , child_tidptr=0x55558aa90650) = 10873 [pid 10873] set_robust_list(0x55558aa90660, 24) = 0 [pid 10873] chdir("./58") = 0 [pid 10873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10873] setpgid(0, 0) = 0 [pid 10873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10873] write(3, "1000", 4) = 4 [pid 10873] close(3) = 0 [pid 10873] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10873] write(1, "executing program\n", 18) = 18 [pid 10873] memfd_create("syzkaller", 0) = 3 [pid 10873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10869] <... write resumed>) = 16777216 [pid 10869] munmap(0x7f362be00000, 138412032) = 0 [pid 10869] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10870] <... write resumed>) = 16777216 [pid 10869] <... openat resumed>) = 4 [pid 10870] munmap(0x7f362be00000, 138412032 [pid 10869] ioctl(4, LOOP_SET_FD, 3 [pid 10870] <... munmap resumed>) = 0 [pid 10869] <... ioctl resumed>) = 0 [pid 10870] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10869] close(3) = 0 [ 246.968979][T10869] loop4: detected capacity change from 0 to 32768 [pid 10869] close(4 [pid 10870] <... openat resumed>) = 4 [pid 10869] <... close resumed>) = 0 [pid 10870] ioctl(4, LOOP_SET_FD, 3 [pid 10869] mkdir("./file0", 0777) = 0 [pid 10869] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10870] <... ioctl resumed>) = 0 [pid 10870] close(3) = 0 [pid 10870] close(4 [pid 10873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10870] <... close resumed>) = 0 [pid 10870] mkdir("./file0", 0777) = 0 [ 247.015950][T10870] loop2: detected capacity change from 0 to 32768 [ 247.031059][T10869] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10869) [ 247.066698][T10870] BTRFS: device /dev/loop2 (7:2) using temp-fsid 7137af99-2a4c-45a0-8150-a9474b7c6a63 [ 247.086926][T10869] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10870] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 247.109997][T10870] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10870) [ 247.131146][T10869] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 10872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10871] <... write resumed>) = 16777216 [ 247.159271][T10869] BTRFS info (device loop4): using free-space-tree [ 247.192164][T10870] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10871] munmap(0x7f362be00000, 138412032) = 0 [pid 10871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 247.269190][T10870] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 247.300989][T10871] loop0: detected capacity change from 0 to 32768 [pid 10871] ioctl(4, LOOP_SET_FD, 3 [pid 10872] <... write resumed>) = 16777216 [pid 10872] munmap(0x7f362be00000, 138412032) = 0 [pid 10871] <... ioctl resumed>) = 0 [pid 10869] <... mount resumed>) = 0 [pid 10869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10872] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10869] <... openat resumed>) = 3 [pid 10872] ioctl(4, LOOP_SET_FD, 3 [ 247.318508][T10870] BTRFS info (device loop2): using free-space-tree [pid 10869] chdir("./file0" [pid 10871] close(3 [pid 10869] <... chdir resumed>) = 0 [pid 10871] <... close resumed>) = 0 [pid 10869] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10871] close(4 [pid 10869] <... openat resumed>) = 4 [pid 10871] <... close resumed>) = 0 [pid 10869] ioctl(4, LOOP_CLR_FD [pid 10872] <... ioctl resumed>) = 0 [pid 10871] mkdir("./file0", 0777 [pid 10869] <... ioctl resumed>) = 0 [pid 10869] close(4) = 0 [pid 10871] <... mkdir resumed>) = 0 [pid 10871] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10869] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10869] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10869] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10869] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10872] close(3 [pid 10869] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10872] <... close resumed>) = 0 [pid 10869] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10872] close(4 [pid 10869] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10872] <... close resumed>) = 0 [ 247.362000][T10872] loop3: detected capacity change from 0 to 32768 [ 247.380032][T10871] BTRFS: device /dev/loop0 (7:0) using temp-fsid 47d0b0a8-2c35-487e-a046-e3ef210a8343 [pid 10869] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 10872] mkdir("./file0", 0777 [pid 10869] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10872] <... mkdir resumed>) = 0 [pid 10869] exit_group(0) = ? [pid 10869] +++ exited with 0 +++ [pid 10872] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10869, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 247.431266][T10871] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10871) [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./57/binderfs") = 0 [pid 5852] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10873] <... write resumed>) = 16777216 [ 247.519640][T10872] BTRFS: device /dev/loop3 (7:3) using temp-fsid 07619cbc-8e8a-4b4a-b150-d950e433878d [ 247.536154][T10871] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 247.551178][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10873] munmap(0x7f362be00000, 138412032) = 0 [pid 10873] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 247.571855][T10872] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10872) [ 247.585787][T10871] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 247.609639][T10873] loop1: detected capacity change from 0 to 32768 [pid 10873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10873] close(3) = 0 [pid 10873] close(4) = 0 [ 247.619884][T10871] BTRFS info (device loop0): using free-space-tree [pid 10873] mkdir("./file0", 0777) = 0 [pid 10873] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10870] <... mount resumed>) = 0 [pid 10870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10870] chdir("./file0") = 0 [pid 10870] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10870] ioctl(4, LOOP_CLR_FD) = 0 [ 247.654145][T10872] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 247.671140][T10873] BTRFS: device /dev/loop1 (7:1) using temp-fsid 1921b7db-2794-4076-81ab-5704ae60969f [pid 10870] close(4) = 0 [pid 10870] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10870] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10870] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10870] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10870] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 247.710182][T10873] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10873) [ 247.728815][T10872] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 10870] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10870] exit_group(0) = ? [pid 10870] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10870, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./57/binderfs") = 0 [ 247.765541][T10872] BTRFS info (device loop3): using free-space-tree [ 247.823571][T10873] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 247.857310][ T5850] BTRFS info (device loop2): last unmount of filesystem 7137af99-2a4c-45a0-8150-a9474b7c6a63 [pid 5850] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10871] <... mount resumed>) = 0 [pid 10871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10871] chdir("./file0") = 0 [pid 10871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10871] ioctl(4, LOOP_CLR_FD) = 0 [pid 10871] close(4) = 0 [pid 10871] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10871] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10871] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10871] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10871] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10871] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10871] exit_group(0) = ? [pid 10871] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10871, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [ 247.892595][T10873] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 247.923207][T10873] BTRFS info (device loop1): using free-space-tree [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./59/binderfs") = 0 [pid 5848] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10872] <... mount resumed>) = 0 [pid 10872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10872] chdir("./file0") = 0 [pid 10872] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10872] ioctl(4, LOOP_CLR_FD) = 0 [pid 10872] close(4) = 0 [pid 10872] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10872] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10872] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10872] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10872] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10872] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 248.022083][ T5848] BTRFS info (device loop0): last unmount of filesystem 47d0b0a8-2c35-487e-a046-e3ef210a8343 [pid 10872] exit_group(0) = ? [pid 10872] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10872, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./57/binderfs") = 0 [pid 5851] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./59/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./59") = 0 [pid 5848] mkdir("./60", 0777) = 0 [pid 10873] <... mount resumed>) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] <... openat resumed>) = 3 [pid 10873] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 10873] chdir("./file0" [pid 5848] <... ioctl resumed>) = 0 [pid 5848] close(3) = 0 [pid 10873] <... chdir resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10956 attached [pid 10873] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10873] ioctl(4, LOOP_CLR_FD) = 0 [pid 10873] close(4) = 0 [pid 10873] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10956] set_robust_list(0x55558aa90660, 24 [pid 10873] <... openat resumed>) = 4 [pid 10956] <... set_robust_list resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 10956 [pid 10873] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10873] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10873] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10873] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 10873] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10873] exit_group(0) = ? [pid 10873] +++ exited with 0 +++ [pid 5852] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10873, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10956] chdir("./60") = 0 [pid 5852] newfstatat(AT_FDCWD, "./57/file0", [pid 10956] prctl(PR_SET_PDEATHSIG, SIGKILL [ 248.248694][ T5851] BTRFS info (device loop3): last unmount of filesystem 07619cbc-8e8a-4b4a-b150-d950e433878d [pid 5849] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10956] <... prctl resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10956] setpgid(0, 0 [pid 5852] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 5849] newfstatat(3, "", [pid 10956] <... setpgid resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, [pid 10956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10956] <... openat resumed>) = 3 [pid 5852] <... openat resumed>) = 4 [pid 5849] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10956] write(3, "1000", 4 [pid 5852] newfstatat(4, "", [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] newfstatat(AT_FDCWD, "./58/binderfs", [pid 10956] <... write resumed>) = 4 [pid 5852] getdents64(4, [pid 10956] close(3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10956] <... close resumed>) = 0 [pid 5849] unlink("./58/binderfs" [pid 10956] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... unlink resumed>) = 0 [pid 10956] <... symlink resumed>) = 0 [pid 5849] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 10956] write(1, "executing program\n", 18 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10956] <... write resumed>) = 18 [pid 5852] getdents64(4, [pid 10956] memfd_create("syzkaller", 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4 [pid 10956] <... memfd_create resumed>) = 3 [pid 5852] <... close resumed>) = 0 [pid 10956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] rmdir("./57/file0" [pid 10956] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./57" [pid 5850] <... umount2 resumed>) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] mkdir("./58", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5850] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./57/file0", [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] close(3 [pid 5850] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... close resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", ./strace-static-x86_64: Process 10958 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 10958] set_robust_list(0x55558aa90660, 24) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 10958] chdir("./58" [pid 5850] close(4 [pid 10958] <... chdir resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 10958] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] rmdir("./57/file0" [pid 10958] <... prctl resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 10958] setpgid(0, 0 [pid 5850] getdents64(3, [pid 10958] <... setpgid resumed>) = 0 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 10958 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./57") = 0 [pid 5850] mkdir("./58", 0777 [pid 10958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... mkdir resumed>) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 248.446640][ T5849] BTRFS info (device loop1): last unmount of filesystem 1921b7db-2794-4076-81ab-5704ae60969f [pid 5850] close(3) = 0 [pid 10958] <... openat resumed>) = 3 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 10959 attached [pid 10958] write(3, "1000", 4) = 4 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 10959 [pid 10959] set_robust_list(0x55558aa90660, 24 [pid 10958] close(3) = 0 [pid 10959] <... set_robust_list resumed>) = 0 [pid 10958] symlink("/dev/binderfs", "./binderfs" [pid 10959] chdir("./58" [pid 10958] <... symlink resumed>) = 0 [pid 10959] <... chdir resumed>) = 0 [pid 10958] write(1, "executing program\n", 18 [pid 10959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10958] <... write resumed>) = 18 [pid 10959] <... prctl resumed>) = 0 [pid 10959] setpgid(0, 0 [pid 10958] memfd_create("syzkaller", 0 [pid 10959] <... setpgid resumed>) = 0 [pid 10958] <... memfd_create resumed>) = 3 [pid 10959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10959] <... openat resumed>) = 3 [pid 10958] <... mmap resumed>) = 0x7f362be00000 [pid 10959] write(3, "1000", 4) = 4 [pid 10959] close(3) = 0 [pid 10959] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10959] write(1, "executing program\n", 18) = 18 [pid 10959] memfd_create("syzkaller", 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", [pid 10959] <... memfd_create resumed>) = 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./58/file0" [pid 10959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, [pid 10959] <... mmap resumed>) = 0x7f362be00000 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./58") = 0 [pid 5849] mkdir("./59", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10960 attached [pid 10960] set_robust_list(0x55558aa90660, 24) = 0 [pid 10960] chdir("./59" [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 10960 [pid 10960] <... chdir resumed>) = 0 [pid 10960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10960] setpgid(0, 0) = 0 [pid 10960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10960] write(3, "1000", 4) = 4 [pid 10960] close(3) = 0 [pid 10960] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10960] write(1, "executing program\n", 18) = 18 [pid 10960] memfd_create("syzkaller", 0) = 3 [pid 10960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./57/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./57") = 0 [pid 5851] mkdir("./58", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10961 attached [pid 10961] set_robust_list(0x55558aa90660, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 10961 [pid 10961] <... set_robust_list resumed>) = 0 [pid 10961] chdir("./58") = 0 [pid 10961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10961] setpgid(0, 0) = 0 [pid 10961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10961] write(3, "1000", 4) = 4 [pid 10961] close(3) = 0 [pid 10961] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10961] write(1, "executing program\n", 18 [pid 10956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10961] <... write resumed>) = 18 [pid 10961] memfd_create("syzkaller", 0) = 3 [pid 10961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 10958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10956] <... write resumed>) = 16777216 [pid 10961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10956] munmap(0x7f362be00000, 138412032) = 0 [pid 10956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10956] ioctl(4, LOOP_SET_FD, 3 [pid 10958] <... write resumed>) = 16777216 [pid 10956] <... ioctl resumed>) = 0 [pid 10956] close(3) = 0 [pid 10958] munmap(0x7f362be00000, 138412032 [pid 10959] <... write resumed>) = 16777216 [pid 10958] <... munmap resumed>) = 0 [pid 10956] close(4) = 0 [pid 10956] mkdir("./file0", 0777 [pid 10959] munmap(0x7f362be00000, 138412032 [pid 10956] <... mkdir resumed>) = 0 [ 249.437854][T10956] loop0: detected capacity change from 0 to 32768 [pid 10956] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 10958] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10960] <... write resumed>) = 16777216 [pid 10958] <... openat resumed>) = 4 [pid 10958] ioctl(4, LOOP_SET_FD, 3 [pid 10960] munmap(0x7f362be00000, 138412032) = 0 [pid 10959] <... munmap resumed>) = 0 [pid 10959] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10960] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10959] <... openat resumed>) = 4 [pid 10958] <... ioctl resumed>) = 0 [ 249.499977][T10956] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (10956) [ 249.504541][T10958] loop4: detected capacity change from 0 to 32768 [pid 10959] ioctl(4, LOOP_SET_FD, 3 [pid 10960] <... openat resumed>) = 4 [pid 10958] close(3 [pid 10960] ioctl(4, LOOP_SET_FD, 3 [pid 10958] <... close resumed>) = 0 [pid 10959] <... ioctl resumed>) = 0 [pid 10958] close(4) = 0 [pid 10958] mkdir("./file0", 0777) = 0 [pid 10958] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 10959] close(3) = 0 [pid 10959] close(4) = 0 [pid 10960] <... ioctl resumed>) = 0 [pid 10959] mkdir("./file0", 0777 [pid 10960] close(3 [pid 10959] <... mkdir resumed>) = 0 [pid 10960] <... close resumed>) = 0 [pid 10959] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 10960] close(4) = 0 [ 249.550246][T10959] loop2: detected capacity change from 0 to 32768 [ 249.551965][T10960] loop1: detected capacity change from 0 to 32768 [ 249.568935][T10958] BTRFS: device /dev/loop4 (7:4) using temp-fsid f38f6e01-a11f-4aed-8e6e-c87b29cfcdd7 [ 249.580259][T10956] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10960] mkdir("./file0", 0777) = 0 [ 249.602638][T10958] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (10958) [ 249.625213][T10956] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 249.645056][T10956] BTRFS info (device loop0): using free-space-tree [ 249.653058][T10959] BTRFS: device /dev/loop2 (7:2) using temp-fsid d8c40c8f-a23d-4eff-96f9-d9142c518e93 [ 249.653351][T10958] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 249.684253][T10959] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (10959) [ 249.717212][T10958] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 249.728891][T10958] BTRFS info (device loop4): using free-space-tree [ 249.748118][T10960] BTRFS: device /dev/loop1 (7:1) using temp-fsid 0024c7f0-941d-4592-ae2b-3c33f777d39d [pid 10960] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 10961] <... write resumed>) = 16777216 [pid 10961] munmap(0x7f362be00000, 138412032) = 0 [ 249.759319][T10959] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 249.777157][T10960] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (10960) [ 249.789243][T10959] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 249.801358][T10959] BTRFS info (device loop2): using free-space-tree [pid 10961] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10961] close(3) = 0 [pid 10961] close(4) = 0 [pid 10961] mkdir("./file0", 0777) = 0 [ 249.831278][T10961] loop3: detected capacity change from 0 to 32768 [ 249.853769][T10960] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 249.874370][T10961] BTRFS: device /dev/loop3 (7:3) using temp-fsid 5a106147-016a-4cfe-8f2a-1e972ce94a45 [ 249.889403][T10961] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (10961) [ 249.902885][T10960] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 249.944401][T10960] BTRFS info (device loop1): using free-space-tree [pid 10961] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 10956] <... mount resumed>) = 0 [pid 10956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 249.999864][T10961] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 10956] chdir("./file0") = 0 [pid 10956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10956] ioctl(4, LOOP_CLR_FD) = 0 [pid 10956] close(4) = 0 [pid 10956] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10956] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 10956] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10956] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 10956] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 250.051383][T10961] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 250.062566][T10961] BTRFS info (device loop3): using free-space-tree [pid 10956] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 10958] <... mount resumed>) = 0 [pid 10958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10958] chdir("./file0") = 0 [pid 10958] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10958] ioctl(4, LOOP_CLR_FD) = 0 [pid 10958] close(4) = 0 [pid 10956] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10958] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10956] exit_group(0 [pid 10958] <... openat resumed>) = 4 [pid 10956] <... exit_group resumed>) = ? [pid 10958] ioctl(-1, SIOCGIFINDEX, NULL [pid 10956] +++ exited with 0 +++ [pid 10958] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10956, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 10958] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10958] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10958] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10958] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10958] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] <... openat resumed>) = 3 [pid 10958] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] newfstatat(3, "", [pid 10958] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10958] exit_group(0 [pid 5848] getdents64(3, [pid 10958] <... exit_group resumed>) = ? [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./60/binderfs", [pid 10958] +++ exited with 0 +++ [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10958, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5848] unlink("./60/binderfs" [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 10959] <... mount resumed>) = 0 [pid 5852] <... restart_syscall resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 10959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10959] <... openat resumed>) = 3 [pid 10959] chdir("./file0") = 0 [pid 10959] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10959] ioctl(4, LOOP_CLR_FD [pid 5852] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10959] <... ioctl resumed>) = 0 [pid 10959] close(4) = 0 [pid 10959] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10959] <... openat resumed>) = 4 [pid 5852] <... openat resumed>) = 3 [pid 5852] newfstatat(3, "", [pid 10959] ioctl(-1, SIOCGIFINDEX, NULL [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10959] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10959] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 10959] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 10959] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./58/binderfs", [pid 10959] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10959] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] unlink("./58/binderfs" [pid 10959] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10959] exit_group(0 [pid 5852] <... unlink resumed>) = 0 [pid 10959] <... exit_group resumed>) = ? [pid 5852] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10959] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10959, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=23 /* 0.23 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./58/binderfs") = 0 [ 250.200032][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10960] <... mount resumed>) = 0 [pid 10961] <... mount resumed>) = 0 [pid 10960] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10960] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = 0 [pid 10960] chdir("./file0" [pid 10961] <... openat resumed>) = 3 [ 250.327841][ T5850] BTRFS info (device loop2): last unmount of filesystem d8c40c8f-a23d-4eff-96f9-d9142c518e93 [ 250.362304][ T5852] BTRFS info (device loop4): last unmount of filesystem f38f6e01-a11f-4aed-8e6e-c87b29cfcdd7 [pid 10961] chdir("./file0" [pid 10960] <... chdir resumed>) = 0 [pid 10961] <... chdir resumed>) = 0 [pid 10961] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10960] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10961] <... openat resumed>) = 4 [pid 10960] <... openat resumed>) = 4 [pid 10960] ioctl(4, LOOP_CLR_FD [pid 10961] ioctl(4, LOOP_CLR_FD [pid 10960] <... ioctl resumed>) = 0 [pid 10961] <... ioctl resumed>) = 0 [pid 10960] close(4 [pid 10961] close(4) = 0 [pid 10960] <... close resumed>) = 0 [pid 10961] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10960] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10961] <... openat resumed>) = 4 [pid 10960] <... openat resumed>) = 4 [pid 10961] ioctl(-1, SIOCGIFINDEX, NULL [pid 10960] ioctl(-1, SIOCGIFINDEX, NULL [pid 10961] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10960] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10961] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 10960] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./60/file0", [pid 10960] <... write resumed>) = 280 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10960] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10961] <... write resumed>) = 280 [pid 10960] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10961] bpf(BPF_MAP_CREATE, NULL, 0 [pid 10960] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10961] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10960] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10961] bpf(BPF_PROG_LOAD, NULL, 0 [pid 10960] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 10961] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 10960] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 10961] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10961] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 10960] exit_group(0 [pid 5848] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10961] exit_group(0 [pid 10960] <... exit_group resumed>) = ? [pid 10961] <... exit_group resumed>) = ? [pid 10960] +++ exited with 0 +++ [pid 5848] <... openat resumed>) = 4 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10960, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 10961] +++ exited with 0 +++ [pid 5848] newfstatat(4, "", [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10961, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... restart_syscall resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... openat resumed>) = 3 [pid 5848] getdents64(4, [pid 5851] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] newfstatat(3, "", [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] getdents64(3, [pid 5851] <... openat resumed>) = 3 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] newfstatat(3, "", [pid 5849] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] getdents64(3, [pid 5849] newfstatat(AT_FDCWD, "./59/binderfs", [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] getdents64(4, [pid 5851] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] unlink("./59/binderfs" [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5849] <... unlink resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] close(4 [pid 5851] unlink("./58/binderfs") = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./60/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5851] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] rmdir("./60") = 0 [pid 5848] mkdir("./61", 0777) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5850] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] close(3) = 0 [pid 5850] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 11044 attached ) = 4 [pid 5850] newfstatat(4, "", [pid 11044] set_robust_list(0x55558aa90660, 24 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11044] <... set_robust_list resumed>) = 0 [pid 5850] getdents64(4, [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11044 [pid 11044] chdir("./61" [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4 [pid 11044] <... chdir resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 11044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] rmdir("./58/file0" [pid 11044] <... prctl resumed>) = 0 [pid 5850] <... rmdir resumed>) = 0 [pid 11044] setpgid(0, 0) = 0 [pid 11044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] getdents64(3, [pid 11044] <... openat resumed>) = 3 [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3 [pid 11044] write(3, "1000", 4 [pid 5850] <... close resumed>) = 0 [pid 11044] <... write resumed>) = 4 [pid 11044] close(3 [pid 5850] rmdir("./58" [pid 11044] <... close resumed>) = 0 [pid 11044] symlink("/dev/binderfs", "./binderfs" [pid 5850] <... rmdir resumed>) = 0 [pid 11044] <... symlink resumed>) = 0 [pid 5850] mkdir("./59", 0777executing program [pid 11044] write(1, "executing program\n", 18 [pid 5850] <... mkdir resumed>) = 0 [pid 11044] <... write resumed>) = 18 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11044] memfd_create("syzkaller", 0 [pid 5850] <... openat resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 11044] <... memfd_create resumed>) = 3 [pid 5850] <... ioctl resumed>) = 0 [pid 11044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] close(3 [pid 11044] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... close resumed>) = 0 [ 250.557185][ T5849] BTRFS info (device loop1): last unmount of filesystem 0024c7f0-941d-4592-ae2b-3c33f777d39d [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11046 attached [pid 11046] set_robust_list(0x55558aa90660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 11046 [pid 11046] <... set_robust_list resumed>) = 0 [pid 11046] chdir("./59") = 0 [pid 11046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11046] setpgid(0, 0) = 0 [pid 11046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11046] write(3, "1000", 4) = 4 [pid 11046] close(3) = 0 [pid 11046] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11046] write(1, "executing program\n", 18) = 18 [pid 11046] memfd_create("syzkaller", 0) = 3 [pid 11046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 250.600792][ T5851] BTRFS info (device loop3): last unmount of filesystem 5a106147-016a-4cfe-8f2a-1e972ce94a45 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./59/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./59") = 0 [pid 5849] mkdir("./60", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11047 ./strace-static-x86_64: Process 11047 attached [pid 11047] set_robust_list(0x55558aa90660, 24) = 0 [pid 11047] chdir("./60") = 0 [pid 11047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11047] setpgid(0, 0) = 0 [pid 11047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11047] write(3, "1000", 4) = 4 [pid 11047] close(3) = 0 [pid 11047] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 11047] write(1, "executing program\n", 18) = 18 [pid 11047] memfd_create("syzkaller", 0 [pid 5852] <... umount2 resumed>) = 0 [pid 11047] <... memfd_create resumed>) = 3 [pid 11047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", [pid 11044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./58/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./58") = 0 [pid 5852] mkdir("./59", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11048 attached , child_tidptr=0x55558aa90650) = 11048 [pid 11048] set_robust_list(0x55558aa90660, 24) = 0 [pid 11048] chdir("./59") = 0 [pid 11048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11048] setpgid(0, 0) = 0 [pid 11048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11048] write(3, "1000", 4) = 4 [pid 5851] <... umount2 resumed>) = 0 [pid 11048] close(3 [pid 5851] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./58/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./58") = 0 [pid 5851] mkdir("./59", 0777) = 0 executing program [pid 11048] <... close resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11048] write(1, "executing program\n", 18./strace-static-x86_64: Process 11049 attached ) = 18 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 11049 [pid 11049] set_robust_list(0x55558aa90660, 24) = 0 [pid 11049] chdir("./59" [pid 11048] memfd_create("syzkaller", 0) = 3 [pid 11049] <... chdir resumed>) = 0 [pid 11048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11048] <... mmap resumed>) = 0x7f362be00000 [pid 11049] <... prctl resumed>) = 0 [pid 11049] setpgid(0, 0) = 0 [pid 11049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11049] write(3, "1000", 4) = 4 [pid 11049] close(3) = 0 [pid 11049] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 11049] write(1, "executing program\n", 18) = 18 [pid 11049] memfd_create("syzkaller", 0) = 3 [pid 11049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11044] <... write resumed>) = 16777216 [pid 11044] munmap(0x7f362be00000, 138412032) = 0 [pid 11044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11044] close(3) = 0 [pid 11044] close(4) = 0 [pid 11044] mkdir("./file0", 0777) = 0 [ 251.529630][T11044] loop0: detected capacity change from 0 to 32768 [pid 11044] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11046] <... write resumed>) = 16777216 [pid 11046] munmap(0x7f362be00000, 138412032 [ 251.580932][T11044] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11044) [pid 11049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11046] <... munmap resumed>) = 0 [pid 11046] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11046] close(3) = 0 [pid 11046] close(4) = 0 [pid 11046] mkdir("./file0", 0777) = 0 [ 251.651475][T11046] loop2: detected capacity change from 0 to 32768 [ 251.659587][T11044] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 251.682702][T11044] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 251.705731][T11046] BTRFS: device /dev/loop2 (7:2) using temp-fsid 7b6361cd-537b-440a-8d8a-da6cdaefe350 [ 251.723176][T11044] BTRFS info (device loop0): using free-space-tree [pid 11046] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 11047] <... write resumed>) = 16777216 [ 251.754090][T11046] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11046) [pid 11047] munmap(0x7f362be00000, 138412032) = 0 [pid 11047] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 251.814635][T11046] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 251.878447][T11047] loop1: detected capacity change from 0 to 32768 [ 251.889277][T11046] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 11047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11047] close(3) = 0 [pid 11047] close(4) = 0 [pid 11047] mkdir("./file0", 0777) = 0 [ 251.930697][T11047] BTRFS: device /dev/loop1 (7:1) using temp-fsid c2cb8bbc-db37-4086-973c-4d03b7973399 [ 251.949264][T11046] BTRFS info (device loop2): using free-space-tree [ 251.970006][T11047] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11047) [ 251.998683][T11047] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 252.020023][T11047] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 11047] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 11044] <... mount resumed>) = 0 [pid 11044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11044] chdir("./file0") = 0 [pid 11044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11044] ioctl(4, LOOP_CLR_FD) = 0 [pid 11044] close(4) = 0 [pid 11044] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11044] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11044] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11044] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11044] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11044] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11044] exit_group(0) = ? [pid 11044] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11044, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=17 /* 0.17 s */} --- [ 252.032936][T11047] BTRFS info (device loop1): using free-space-tree [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./61/binderfs") = 0 [ 252.141435][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11049] <... write resumed>) = 16777216 [pid 11049] munmap(0x7f362be00000, 138412032 [pid 11046] <... mount resumed>) = 0 [pid 11046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11048] <... write resumed>) = 16777216 [pid 11046] <... openat resumed>) = 3 [pid 11048] munmap(0x7f362be00000, 138412032 [pid 11049] <... munmap resumed>) = 0 [pid 11046] chdir("./file0" [pid 5848] <... umount2 resumed>) = 0 [pid 11046] <... chdir resumed>) = 0 [pid 5848] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11046] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11049] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11046] <... openat resumed>) = 4 [pid 5848] newfstatat(AT_FDCWD, "./61/file0", [pid 11048] <... munmap resumed>) = 0 [pid 11047] <... mount resumed>) = 0 [pid 11046] ioctl(4, LOOP_CLR_FD [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11046] <... ioctl resumed>) = 0 [pid 5848] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11046] close(4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11046] <... close resumed>) = 0 [pid 11049] <... openat resumed>) = 4 [pid 11047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11049] ioctl(4, LOOP_SET_FD, 3 [pid 11047] <... openat resumed>) = 3 [pid 11046] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... openat resumed>) = 4 [pid 11047] chdir("./file0" [pid 11046] <... openat resumed>) = 4 [pid 11047] <... chdir resumed>) = 0 [pid 11046] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] newfstatat(4, "", [pid 11047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11046] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11047] <... openat resumed>) = 4 [pid 11046] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] getdents64(4, [pid 11047] ioctl(4, LOOP_CLR_FD [pid 11046] <... write resumed>) = 280 [pid 11047] <... ioctl resumed>) = 0 [pid 11046] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11047] close(4 [pid 11046] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11047] <... close resumed>) = 0 [pid 5848] getdents64(4, [pid 11047] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11046] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11048] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11047] <... openat resumed>) = 4 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11048] <... openat resumed>) = 4 [pid 11047] ioctl(-1, SIOCGIFINDEX, NULL [pid 11046] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] close(4 [pid 11048] ioctl(4, LOOP_SET_FD, 3 [pid 11047] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11046] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... close resumed>) = 0 [pid 11047] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11046] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] rmdir("./61/file0" [pid 11047] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11046] exit_group(0 [pid 5848] <... rmdir resumed>) = 0 [pid 11047] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11046] <... exit_group resumed>) = ? [pid 5848] getdents64(3, [pid 11047] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11046] +++ exited with 0 +++ [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 11047] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] close(3 [pid 11047] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... close resumed>) = 0 [pid 11047] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] rmdir("./61" [pid 11047] exit_group(0 [pid 5848] <... rmdir resumed>) = 0 [pid 11047] <... exit_group resumed>) = ? [pid 5848] mkdir("./62", 0777 [pid 11049] <... ioctl resumed>) = 0 [pid 11047] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11046, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=21 /* 0.21 s */} --- [pid 5848] <... mkdir resumed>) = 0 [pid 11049] close(3 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11047, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11049] <... close resumed>) = 0 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... openat resumed>) = 3 [pid 11049] close(4 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 11049] <... close resumed>) = 0 [pid 11049] mkdir("./file0", 0777 [pid 11048] <... ioctl resumed>) = 0 [pid 11049] <... mkdir resumed>) = 0 [pid 11048] close(3 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5848] close(3 [pid 11048] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 11048] close(4 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11048] <... close resumed>) = 0 [pid 11049] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11048] mkdir("./file0", 0777 [pid 5850] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11099 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11048] <... mkdir resumed>) = 0 [pid 11048] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd,"./strace-static-x86_64: Process 11099 attached [pid 5850] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 3 [ 252.302763][T11049] loop3: detected capacity change from 0 to 32768 [ 252.320709][T11048] loop4: detected capacity change from 0 to 32768 [pid 5850] newfstatat(3, "", [pid 5849] newfstatat(3, "", [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11099] set_robust_list(0x55558aa90660, 24 [pid 5850] getdents64(3, [pid 5849] getdents64(3, [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11099] <... set_robust_list resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11099] chdir("./62" [pid 5849] newfstatat(AT_FDCWD, "./60/binderfs", [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./59/binderfs", [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./60/binderfs" [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./59/binderfs" [pid 11099] <... chdir resumed>) = 0 [pid 5849] <... unlink resumed>) = 0 [pid 5850] <... unlink resumed>) = 0 [pid 11099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11099] <... prctl resumed>) = 0 [pid 5850] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11099] setpgid(0, 0) = 0 [pid 11099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 252.363061][T11049] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11049) [pid 11099] write(3, "1000", 4) = 4 [pid 11099] close(3) = 0 [pid 11099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11099] write(1, "executing program\n", 18executing program ) = 18 [pid 11099] memfd_create("syzkaller", 0) = 3 [pid 11099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 252.419729][T11048] BTRFS: device /dev/loop4 (7:4) using temp-fsid c7504b2b-2fa3-43de-b699-7408c79997ab [ 252.448983][ T5849] BTRFS info (device loop1): last unmount of filesystem c2cb8bbc-db37-4086-973c-4d03b7973399 [ 252.450597][T11049] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 252.480434][T11048] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11048) [ 252.518561][T11049] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 252.549920][ T5850] BTRFS info (device loop2): last unmount of filesystem 7b6361cd-537b-440a-8d8a-da6cdaefe350 [ 252.552425][T11048] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 252.562031][T11049] BTRFS info (device loop3): using free-space-tree [ 252.652698][T11048] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./59/file0") = 0 [ 252.697411][T11048] BTRFS info (device loop4): using free-space-tree [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./59") = 0 [pid 5850] mkdir("./60", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11116 attached , child_tidptr=0x55558aa90650) = 11116 [pid 11116] set_robust_list(0x55558aa90660, 24) = 0 [pid 11116] chdir("./60") = 0 [pid 11116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11116] setpgid(0, 0) = 0 [pid 11116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11116] write(3, "1000", 4) = 4 [pid 11116] close(3) = 0 [pid 11116] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11116] write(1, "executing program\n", 18) = 18 [pid 11116] memfd_create("syzkaller", 0) = 3 [pid 11116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11049] <... mount resumed>) = 0 [pid 5849] getdents64(4, [pid 11049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11049] <... openat resumed>) = 3 [pid 5849] close(4 [pid 11049] chdir("./file0" [pid 5849] <... close resumed>) = 0 [pid 11049] <... chdir resumed>) = 0 [pid 5849] rmdir("./60/file0" [pid 11049] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5849] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, [pid 11049] ioctl(4, LOOP_CLR_FD [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 11049] <... ioctl resumed>) = 0 [pid 5849] close(3 [pid 11049] close(4 [pid 5849] <... close resumed>) = 0 [pid 11049] <... close resumed>) = 0 [pid 5849] rmdir("./60" [pid 11049] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5849] <... rmdir resumed>) = 0 [pid 11048] <... mount resumed>) = 0 [pid 11048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11048] chdir("./file0") = 0 [pid 11048] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11048] ioctl(4, LOOP_CLR_FD) = 0 [pid 11048] close(4) = 0 [pid 11048] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11049] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] mkdir("./61", 0777 [pid 11049] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] <... mkdir resumed>) = 0 [pid 11049] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11049] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11048] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11049] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... openat resumed>) = 3 [pid 11049] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11049] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11048] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11048] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11049] exit_group(0 [pid 11048] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 11049] <... exit_group resumed>) = ? [pid 11048] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11048] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11048] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11048] exit_group(0) = ? [pid 11049] +++ exited with 0 +++ [pid 11048] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11048, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11049, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 5851] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] close(3 [pid 5851] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... close resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 11134 attached [pid 5851] getdents64(3, [pid 11134] set_robust_list(0x55558aa90660, 24 [pid 5852] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 11134 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... openat resumed>) = 3 [pid 5851] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./59/binderfs" [pid 11134] <... set_robust_list resumed>) = 0 [pid 5852] newfstatat(3, "", [pid 5851] <... unlink resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11134] chdir("./61") = 0 [pid 5852] getdents64(3, [pid 11134] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 11134] <... prctl resumed>) = 0 [pid 5852] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11134] setpgid(0, 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11134] <... setpgid resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./59/binderfs", [pid 11134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./59/binderfs") = 0 [pid 5852] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11134] <... openat resumed>) = 3 [pid 11134] write(3, "1000", 4) = 4 [pid 11134] close(3) = 0 [pid 11134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11134] write(1, "executing program\n", 18executing program ) = 18 [pid 11134] memfd_create("syzkaller", 0) = 3 [pid 11134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 253.151686][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 253.190154][ T5852] BTRFS info (device loop4): last unmount of filesystem c7504b2b-2fa3-43de-b699-7408c79997ab [pid 11099] <... write resumed>) = 16777216 [pid 11099] munmap(0x7f362be00000, 138412032 [pid 11116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11099] <... munmap resumed>) = 0 [pid 11099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11099] close(3) = 0 [pid 11099] close(4) = 0 [pid 11099] mkdir("./file0", 0777) = 0 [ 253.417696][T11099] loop0: detected capacity change from 0 to 32768 [ 253.447611][T11099] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11099) [ 253.489792][T11099] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11099] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 5851] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... openat resumed>) = 4 [pid 5852] newfstatat(AT_FDCWD, "./59/file0", [pid 5851] newfstatat(4, "", [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] getdents64(4, [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 253.531016][T11099] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 253.569308][T11099] BTRFS info (device loop0): using free-space-tree [pid 5851] getdents64(4, [pid 5852] newfstatat(4, "", [pid 11134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] close(4) = 0 [pid 5852] getdents64(4, [pid 5851] rmdir("./59/file0" [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, [pid 5851] <... rmdir resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] getdents64(3, [pid 5852] close(4 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] <... close resumed>) = 0 [pid 5851] close(3) = 0 [pid 5852] rmdir("./59/file0" [pid 5851] rmdir("./59") = 0 [pid 5851] mkdir("./60", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11148 ./strace-static-x86_64: Process 11148 attached [pid 11148] set_robust_list(0x55558aa90660, 24) = 0 [pid 11148] chdir("./60" [pid 5852] <... rmdir resumed>) = 0 [pid 11148] <... chdir resumed>) = 0 [pid 11148] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./59") = 0 [pid 5852] mkdir("./60", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 11148] <... prctl resumed>) = 0 [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11148] setpgid(0, 0 [pid 5852] close(3 [pid 11148] <... setpgid resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 11148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11150 attached [pid 11148] <... openat resumed>) = 3 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 11150 [pid 11150] set_robust_list(0x55558aa90660, 24 [pid 11148] write(3, "1000", 4 [pid 11150] <... set_robust_list resumed>) = 0 [pid 11150] chdir("./60" [pid 11148] <... write resumed>) = 4 [pid 11148] close(3 [pid 11150] <... chdir resumed>) = 0 [pid 11148] <... close resumed>) = 0 [pid 11148] symlink("/dev/binderfs", "./binderfs" [pid 11150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11148] <... symlink resumed>) = 0 [pid 11150] setpgid(0, 0) = 0 executing program [pid 11150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11148] write(1, "executing program\n", 18) = 18 [pid 11148] memfd_create("syzkaller", 0 [pid 11150] <... openat resumed>) = 3 [pid 11150] write(3, "1000", 4 [pid 11148] <... memfd_create resumed>) = 3 [pid 11150] <... write resumed>) = 4 [pid 11148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11150] close(3 [pid 11148] <... mmap resumed>) = 0x7f362be00000 [pid 11150] <... close resumed>) = 0 [pid 11150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11116] <... write resumed>) = 16777216 [pid 11116] munmap(0x7f362be00000, 138412032executing program [pid 11150] write(1, "executing program\n", 18) = 18 [pid 11150] memfd_create("syzkaller", 0) = 3 [pid 11150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11116] <... munmap resumed>) = 0 [pid 11099] <... mount resumed>) = 0 [pid 11099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11099] chdir("./file0") = 0 [pid 11099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11099] ioctl(4, LOOP_CLR_FD) = 0 [pid 11099] close(4) = 0 [pid 11099] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11116] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11099] ioctl(-1, SIOCGIFINDEX, NULL [pid 11116] <... openat resumed>) = 4 [pid 11099] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11099] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11116] ioctl(4, LOOP_SET_FD, 3 [pid 11099] <... write resumed>) = 280 [pid 11099] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11116] <... ioctl resumed>) = 0 [pid 11116] close(3) = 0 [pid 11099] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11116] close(4 [pid 11099] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11116] <... close resumed>) = 0 [pid 11099] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11116] mkdir("./file0", 0777 [pid 11099] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11099] exit_group(0) = ? [pid 11116] <... mkdir resumed>) = 0 [pid 11099] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11099, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=22 /* 0.22 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 253.790724][T11116] loop2: detected capacity change from 0 to 32768 [pid 11116] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./62/binderfs") = 0 [ 253.838343][T11116] BTRFS: device /dev/loop2 (7:2) using temp-fsid 6a001447-fd10-4fb0-be74-2183786b2d9e [ 253.862264][T11116] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11116) [ 253.894365][T11116] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 253.934700][T11116] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 253.939896][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 253.971508][T11116] BTRFS info (device loop2): using free-space-tree [pid 5848] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11134] <... write resumed>) = 16777216 [pid 11134] munmap(0x7f362be00000, 138412032) = 0 [pid 11134] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11134] close(3) = 0 [pid 11134] close(4) = 0 [pid 11134] mkdir("./file0", 0777) = 0 [ 254.146215][T11134] loop1: detected capacity change from 0 to 32768 [pid 11134] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 11116] <... mount resumed>) = 0 [pid 11116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11116] chdir("./file0") = 0 [pid 11116] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11116] ioctl(4, LOOP_CLR_FD) = 0 [pid 11116] close(4) = 0 [pid 11116] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11116] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11116] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11116] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11116] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 254.195080][T11134] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11134) [pid 11116] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11116] exit_group(0) = ? [pid 11150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11116] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11116, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- [pid 5850] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 254.238022][T11134] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 254.269217][T11134] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./60/binderfs") = 0 [ 254.297967][T11134] BTRFS info (device loop1): using free-space-tree [ 254.390841][ T5850] BTRFS info (device loop2): last unmount of filesystem 6a001447-fd10-4fb0-be74-2183786b2d9e [pid 5850] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./62/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./62") = 0 [pid 5848] mkdir("./63", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11134] <... mount resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 11134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 11134] <... openat resumed>) = 3 [pid 5848] close(3 [pid 11134] chdir("./file0" [pid 5848] <... close resumed>) = 0 [pid 11134] <... chdir resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11134] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 11185 attached [pid 11185] set_robust_list(0x55558aa90660, 24 [pid 11134] <... openat resumed>) = 4 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11185 [pid 11134] ioctl(4, LOOP_CLR_FD [pid 11185] <... set_robust_list resumed>) = 0 [pid 11185] chdir("./63" [pid 11134] <... ioctl resumed>) = 0 [pid 11185] <... chdir resumed>) = 0 [pid 11134] close(4 [pid 11185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11134] <... close resumed>) = 0 [pid 11134] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11185] setpgid(0, 0) = 0 [pid 11150] <... write resumed>) = 16777216 [pid 11134] <... openat resumed>) = 4 [pid 11185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11150] munmap(0x7f362be00000, 138412032 [pid 11134] ioctl(-1, SIOCGIFINDEX, NULL [pid 11185] <... openat resumed>) = 3 [pid 11134] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11185] write(3, "1000", 4 [pid 11134] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11185] <... write resumed>) = 4 [pid 11185] close(3) = 0 [pid 11148] <... write resumed>) = 16777216 [pid 11134] <... write resumed>) = 280 [pid 11185] symlink("/dev/binderfs", "./binderfs" [pid 11150] <... munmap resumed>) = 0 [pid 11134] bpf(BPF_MAP_CREATE, NULL, 0executing program [pid 11185] <... symlink resumed>) = 0 [pid 11150] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11134] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11185] write(1, "executing program\n", 18) = 18 [pid 11150] <... openat resumed>) = 4 [pid 11148] munmap(0x7f362be00000, 138412032 [pid 11134] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11185] memfd_create("syzkaller", 0 [pid 11150] ioctl(4, LOOP_SET_FD, 3 [pid 11185] <... memfd_create resumed>) = 3 [pid 11185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11134] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11134] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11134] exit_group(0) = ? [pid 11134] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11134, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=20 /* 0.20 s */} --- [pid 11148] <... munmap resumed>) = 0 [pid 11148] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11148] ioctl(4, LOOP_SET_FD, 3 [pid 5849] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11150] <... ioctl resumed>) = 0 [pid 11150] close(3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./61/binderfs") = 0 [pid 5849] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11148] <... ioctl resumed>) = 0 [pid 11148] close(3) = 0 [pid 11148] close(4 [pid 11150] <... close resumed>) = 0 [pid 11148] <... close resumed>) = 0 [pid 11150] close(4 [pid 11148] mkdir("./file0", 0777 [pid 11150] <... close resumed>) = 0 [pid 11148] <... mkdir resumed>) = 0 [ 254.599156][T11150] loop4: detected capacity change from 0 to 32768 [ 254.621567][T11148] loop3: detected capacity change from 0 to 32768 [pid 11150] mkdir("./file0", 0777 [pid 11148] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11150] <... mkdir resumed>) = 0 [pid 11150] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [ 254.643384][T11148] BTRFS: device /dev/loop3 (7:3) using temp-fsid 31bd5434-c17c-4349-866a-53b56ba0cc63 [pid 5850] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./60/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./60") = 0 [pid 5850] mkdir("./61", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11186 ./strace-static-x86_64: Process 11186 attached [pid 11186] set_robust_list(0x55558aa90660, 24) = 0 [pid 11186] chdir("./61") = 0 [pid 11186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11186] setpgid(0, 0) = 0 [pid 11186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11186] write(3, "1000", 4) = 4 [pid 11186] close(3) = 0 [pid 11186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11186] write(1, "executing program\n", 18executing program ) = 18 [pid 11186] memfd_create("syzkaller", 0) = 3 [pid 11186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 254.701343][T11148] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11148) [ 254.731875][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 254.753943][T11150] BTRFS: device /dev/loop4 (7:4) using temp-fsid b0a41031-e7c1-45ec-8fce-f98611faa9cc [ 254.769933][T11148] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 254.786765][T11150] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11150) [ 254.806701][T11148] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 254.822079][T11148] BTRFS info (device loop3): using free-space-tree [ 254.843892][T11150] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 254.915974][T11150] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 254.960272][T11150] BTRFS info (device loop4): using free-space-tree [pid 11185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] <... umount2 resumed>) = 0 [pid 11185] munmap(0x7f362be00000, 138412032 [pid 5849] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11185] <... munmap resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11185] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11148] <... mount resumed>) = 0 [pid 5849] getdents64(4, [pid 11185] <... openat resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11185] ioctl(4, LOOP_SET_FD, 3 [pid 5849] getdents64(4, [pid 11148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11148] chdir("./file0") = 0 [pid 11148] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11148] ioctl(4, LOOP_CLR_FD) = 0 [pid 11148] close(4) = 0 [pid 11148] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11148] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./61/file0" [pid 11148] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11148] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11148] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] <... rmdir resumed>) = 0 [pid 11148] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11148] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11148] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] getdents64(3, [pid 11148] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11148] exit_group(0) = ? [pid 11148] +++ exited with 0 +++ [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11148, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=28 /* 0.28 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5849] close(3) = 0 [pid 5851] <... restart_syscall resumed>) = 0 [pid 5849] rmdir("./61" [pid 11185] <... ioctl resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 11185] close(3 [pid 5849] mkdir("./62", 0777 [pid 11185] <... close resumed>) = 0 [pid 5851] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11185] close(4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... mkdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11185] <... close resumed>) = 0 [pid 11185] mkdir("./file0", 0777 [pid 5851] <... openat resumed>) = 3 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] newfstatat(3, "", [pid 5849] <... openat resumed>) = 3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11185] <... mkdir resumed>) = 0 [pid 11185] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 255.195023][T11185] loop0: detected capacity change from 0 to 32768 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] newfstatat(AT_FDCWD, "./60/binderfs", [pid 5849] close(3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... close resumed>) = 0 [pid 5851] unlink("./60/binderfs" [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11217 attached [pid 5851] <... unlink resumed>) = 0 [pid 11217] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 11217 [pid 11217] <... set_robust_list resumed>) = 0 [pid 11217] chdir("./62") = 0 [pid 5851] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11217] setpgid(0, 0) = 0 [ 255.249696][T11185] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11185) [ 255.277031][T11185] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11217] write(3, "1000", 4 [pid 11150] <... mount resumed>) = 0 [pid 11217] <... write resumed>) = 4 [pid 11217] close(3 [pid 11150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11150] chdir("./file0") = 0 [pid 11217] <... close resumed>) = 0 [pid 11150] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11150] ioctl(4, LOOP_CLR_FD) = 0 [pid 11150] close(4) = 0 [pid 11150] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11217] symlink("/dev/binderfs", "./binderfs" [pid 11150] <... openat resumed>) = 4 [pid 11217] <... symlink resumed>) = 0 executing program [pid 11217] write(1, "executing program\n", 18 [pid 11150] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11217] <... write resumed>) = 18 [pid 11150] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11217] memfd_create("syzkaller", 0) = 3 [pid 11150] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11150] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11150] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11150] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11150] exit_group(0) = ? [pid 11150] +++ exited with 0 +++ [pid 11217] <... mmap resumed>) = 0x7f362be00000 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11150, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=22 /* 0.22 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 255.320594][T11185] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 255.351229][ T5851] BTRFS info (device loop3): last unmount of filesystem 31bd5434-c17c-4349-866a-53b56ba0cc63 [ 255.361733][T11185] BTRFS info (device loop0): using free-space-tree [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./60/binderfs") = 0 [pid 5852] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11185] <... mount resumed>) = 0 [pid 11185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11185] chdir("./file0") = 0 [pid 11185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 255.492716][ T5852] BTRFS info (device loop4): last unmount of filesystem b0a41031-e7c1-45ec-8fce-f98611faa9cc [pid 11185] ioctl(4, LOOP_CLR_FD) = 0 [pid 11185] close(4) = 0 [pid 11185] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11185] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11185] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... umount2 resumed>) = 0 [pid 11185] <... write resumed>) = 280 [pid 11185] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11185] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11185] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11185] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11185] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11185] exit_group(0) = ? [pid 11185] +++ exited with 0 +++ [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11185, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5851] close(4) = 0 [pid 5851] rmdir("./60/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./60" [pid 5848] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5851] mkdir("./61", 0777 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5851] <... mkdir resumed>) = 0 [pid 5848] unlink("./63/binderfs") = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... openat resumed>) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11236 ./strace-static-x86_64: Process 11236 attached [pid 11236] set_robust_list(0x55558aa90660, 24) = 0 [pid 11236] chdir("./61") = 0 [pid 11236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11236] setpgid(0, 0) = 0 [pid 11236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11236] write(3, "1000", 4) = 4 [pid 11236] close(3) = 0 [pid 11236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11236] write(1, "executing program\n", 18) = 18 [pid 11236] memfd_create("syzkaller", 0) = 3 [pid 11236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11186] <... write resumed>) = 16777216 [ 255.692975][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11186] munmap(0x7f362be00000, 138412032) = 0 [pid 11186] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11186] close(3) = 0 [pid 11186] close(4) = 0 [pid 11186] mkdir("./file0", 0777 [pid 11217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11186] <... mkdir resumed>) = 0 [ 255.796334][T11186] loop2: detected capacity change from 0 to 32768 [pid 11186] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] <... umount2 resumed>) = 0 [ 255.856717][T11186] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11186) [pid 5852] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./60/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [ 255.915041][T11186] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 255.935917][T11186] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 255.956157][T11186] BTRFS info (device loop2): using free-space-tree [pid 5852] rmdir("./60") = 0 [pid 5852] mkdir("./61", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11246 attached [pid 11246] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 11246 [pid 11246] <... set_robust_list resumed>) = 0 [pid 11246] chdir("./61") = 0 [pid 11246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11246] setpgid(0, 0) = 0 [pid 11246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 11246] write(3, "1000", 4) = 4 [pid 11246] close(3) = 0 [pid 11246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11246] write(1, "executing program\n", 18) = 18 [pid 11246] memfd_create("syzkaller", 0) = 3 [pid 11246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./63/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./63") = 0 [pid 5848] mkdir("./64", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11254 attached , child_tidptr=0x55558aa90650) = 11254 [pid 11254] set_robust_list(0x55558aa90660, 24) = 0 [pid 11254] chdir("./64") = 0 [pid 11254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11254] setpgid(0, 0) = 0 [pid 11254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11254] write(3, "1000", 4) = 4 [pid 11254] close(3) = 0 [pid 11254] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 11254] write(1, "executing program\n", 18) = 18 [pid 11254] memfd_create("syzkaller", 0 [pid 11186] <... mount resumed>) = 0 [pid 11186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11254] <... memfd_create resumed>) = 3 [pid 11186] <... openat resumed>) = 3 [pid 11254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11186] chdir("./file0") = 0 [pid 11186] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11186] ioctl(4, LOOP_CLR_FD) = 0 [pid 11186] close(4) = 0 [pid 11186] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11217] <... write resumed>) = 16777216 [pid 11186] ioctl(-1, SIOCGIFINDEX, NULL [pid 11217] munmap(0x7f362be00000, 138412032 [pid 11186] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11186] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11186] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11217] <... munmap resumed>) = 0 [pid 11186] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11217] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11186] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11217] <... openat resumed>) = 4 [pid 11217] ioctl(4, LOOP_SET_FD, 3 [pid 11186] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11186] exit_group(0) = ? [pid 11186] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11186, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 11217] <... ioctl resumed>) = 0 [pid 11217] close(3 [pid 5850] <... restart_syscall resumed>) = 0 [pid 11217] <... close resumed>) = 0 [pid 11217] close(4) = 0 [pid 5850] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11217] mkdir("./file0", 0777 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", [pid 11217] <... mkdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 256.324859][T11217] loop1: detected capacity change from 0 to 32768 [pid 5850] getdents64(3, [pid 11217] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./61/binderfs") = 0 [pid 5850] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 256.369207][T11217] BTRFS: device /dev/loop1 (7:1) using temp-fsid a50073a3-e6c8-49fb-9bf2-c40b22f2150f [ 256.400253][T11217] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11217) [ 256.443180][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 256.498324][T11217] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 256.533130][T11217] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./61/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./61") = 0 [pid 5850] mkdir("./62", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11257 ./strace-static-x86_64: Process 11257 attached [pid 11257] set_robust_list(0x55558aa90660, 24) = 0 [pid 11257] chdir("./62") = 0 [pid 11257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 256.591954][T11217] BTRFS info (device loop1): using free-space-tree [pid 11257] setpgid(0, 0) = 0 [pid 11257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11257] write(3, "1000", 4) = 4 [pid 11257] close(3) = 0 [pid 11257] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 11257] write(1, "executing program\n", 18) = 18 [pid 11236] <... write resumed>) = 16777216 [pid 11257] memfd_create("syzkaller", 0) = 3 [pid 11257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11236] munmap(0x7f362be00000, 138412032) = 0 [pid 11236] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11236] close(3) = 0 [pid 11236] close(4) = 0 [pid 11236] mkdir("./file0", 0777) = 0 [ 256.771885][T11236] loop3: detected capacity change from 0 to 32768 [pid 11217] <... mount resumed>) = 0 [pid 11217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11236] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11217] <... openat resumed>) = 3 [pid 11217] chdir("./file0") = 0 [pid 11217] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11246] <... write resumed>) = 16777216 [pid 11217] <... openat resumed>) = 4 [pid 11217] ioctl(4, LOOP_CLR_FD) = 0 [pid 11217] close(4) = 0 [pid 11217] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11246] munmap(0x7f362be00000, 138412032 [pid 11217] <... openat resumed>) = 4 [pid 11217] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11217] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11217] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 256.849857][T11236] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11236) [pid 11217] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11217] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11217] exit_group(0) = ? [pid 11217] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11217, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11246] <... munmap resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./62/binderfs") = 0 [pid 5849] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11246] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11246] close(3) = 0 [pid 11246] close(4) = 0 [pid 11246] mkdir("./file0", 0777) = 0 [ 256.932701][T11236] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 256.935914][T11246] loop4: detected capacity change from 0 to 32768 [ 257.001425][T11236] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 257.007323][ T5849] BTRFS info (device loop1): last unmount of filesystem a50073a3-e6c8-49fb-9bf2-c40b22f2150f [ 257.021311][T11246] BTRFS: device /dev/loop4 (7:4) using temp-fsid 5ae57462-3ede-4e32-b463-8b83766dfef9 [ 257.048362][T11246] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11246) [ 257.052868][T11236] BTRFS info (device loop3): using free-space-tree [pid 11246] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11254] <... write resumed>) = 16777216 [pid 11254] munmap(0x7f362be00000, 138412032 [pid 11257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11254] <... munmap resumed>) = 0 [ 257.142847][T11246] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 257.171192][T11246] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 11254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11254] close(3) = 0 [pid 11254] close(4) = 0 [pid 11254] mkdir("./file0", 0777) = 0 [ 257.202528][T11246] BTRFS info (device loop4): using free-space-tree [ 257.218671][T11254] loop0: detected capacity change from 0 to 32768 [ 257.273833][T11254] BTRFS: device /dev/loop0 (7:0) using temp-fsid 6c4b27b3-761f-4783-a151-bc5c0b61aa3c [ 257.313141][T11254] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11254) [pid 11254] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11246] <... mount resumed>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 11246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11246] <... openat resumed>) = 3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./62/file0", [pid 11246] chdir("./file0") = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11246] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11236] <... mount resumed>) = 0 [pid 5849] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11246] <... openat resumed>) = 4 [pid 11236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11246] ioctl(4, LOOP_CLR_FD [pid 11236] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 4 [pid 11246] <... ioctl resumed>) = 0 [pid 11236] chdir("./file0" [pid 5849] newfstatat(4, "", [pid 11246] close(4 [pid 11236] <... chdir resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11246] <... close resumed>) = 0 [pid 11236] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] getdents64(4, [pid 11246] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11236] <... openat resumed>) = 4 [pid 11246] <... openat resumed>) = 4 [pid 11236] ioctl(4, LOOP_CLR_FD [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11236] <... ioctl resumed>) = 0 [pid 5849] getdents64(4, [pid 11246] ioctl(-1, SIOCGIFINDEX, NULL [pid 11236] close(4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11246] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11236] <... close resumed>) = 0 [pid 5849] close(4 [pid 11246] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11236] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... close resumed>) = 0 [pid 11246] <... write resumed>) = 280 [pid 11236] <... openat resumed>) = 4 [pid 11246] bpf(BPF_MAP_CREATE, NULL, 0 [ 257.416701][T11254] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11236] ioctl(-1, SIOCGIFINDEX, NULL [pid 11246] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11236] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] rmdir("./62/file0" [pid 11246] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11236] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11246] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11236] <... write resumed>) = 280 [pid 5849] <... rmdir resumed>) = 0 [pid 11246] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11236] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11246] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11236] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(3, [pid 11246] exit_group(0 [pid 11236] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11246] <... exit_group resumed>) = ? [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./62") = 0 [pid 5849] mkdir("./63", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11306 attached [pid 11246] +++ exited with 0 +++ [pid 11236] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 11306 [pid 11236] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11246, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 11306] set_robust_list(0x55558aa90660, 24) = 0 [pid 11306] chdir("./63") = 0 [pid 11306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11306] setpgid(0, 0) = 0 [pid 11306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11306] write(3, "1000", 4 [pid 11236] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11306] <... write resumed>) = 4 [pid 11306] close(3) = 0 [pid 11236] exit_group(0 [pid 11306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11306] write(1, "executing program\n", 18 [pid 11236] <... exit_group resumed>) = ? executing program [pid 11306] <... write resumed>) = 18 [pid 11306] memfd_create("syzkaller", 0) = 3 [pid 11306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11236] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11236, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... openat resumed>) = 3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 257.487520][T11254] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] getdents64(3, [pid 5851] <... openat resumed>) = 3 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] newfstatat(3, "", [pid 5852] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5851] getdents64(3, [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] unlink("./61/binderfs" [pid 5851] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... unlink resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./61/binderfs") = 0 [ 257.547897][T11254] BTRFS info (device loop0): using free-space-tree [ 257.589456][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 257.602335][ T5852] BTRFS info (device loop4): last unmount of filesystem 5ae57462-3ede-4e32-b463-8b83766dfef9 [pid 5851] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11257] <... write resumed>) = 16777216 [pid 11257] munmap(0x7f362be00000, 138412032) = 0 [pid 11257] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11257] close(3) = 0 [pid 11257] close(4) = 0 [pid 11257] mkdir("./file0", 0777) = 0 [ 257.723470][T11257] loop2: detected capacity change from 0 to 32768 [pid 11257] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] newfstatat(AT_FDCWD, "./61/file0", [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] newfstatat(AT_FDCWD, "./61/file0", [pid 5852] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... openat resumed>) = 4 [pid 5851] <... openat resumed>) = 4 [ 257.775831][T11257] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11257) [pid 5852] newfstatat(4, "", [pid 5851] newfstatat(4, "", [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, [pid 11254] <... mount resumed>) = 0 [pid 5852] getdents64(4, [pid 11254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11254] <... openat resumed>) = 3 [pid 5852] close(4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11254] chdir("./file0" [pid 5852] <... close resumed>) = 0 [pid 5851] getdents64(4, [pid 5852] rmdir("./61/file0" [pid 11254] <... chdir resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] <... rmdir resumed>) = 0 [pid 5851] close(4 [pid 11254] ioctl(4, LOOP_CLR_FD [pid 5852] getdents64(3, [pid 5851] <... close resumed>) = 0 [pid 11254] <... ioctl resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] rmdir("./61/file0" [pid 11254] close(4 [pid 5852] close(3 [pid 11254] <... close resumed>) = 0 [pid 11254] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] <... close resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 11254] <... openat resumed>) = 4 [pid 5852] rmdir("./61" [pid 5851] getdents64(3, [pid 11254] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11254] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] <... rmdir resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 11254] <... write resumed>) = 280 [pid 5852] mkdir("./62", 0777 [pid 5851] close(3 [pid 11254] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 11254] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5851] rmdir("./61" [pid 11254] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11254] exit_group(0) = ? [pid 11254] +++ exited with 0 +++ [pid 5851] <... rmdir resumed>) = 0 [pid 5851] mkdir("./62", 0777) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11254, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... mkdir resumed>) = 0 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5848] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... ioctl resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5851] close(3 [pid 5848] newfstatat(3, "", [pid 5851] <... close resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 11324 attached [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11324] set_robust_list(0x55558aa90660, 24 [pid 5848] unlink("./64/binderfs" [pid 5852] <... openat resumed>) = 3 [pid 5848] <... unlink resumed>) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 11324] <... set_robust_list resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 11324 [pid 5848] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... ioctl resumed>) = 0 [pid 5852] close(3) = 0 [pid 11324] chdir("./62" [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11324] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 11325 attached executing program [pid 11324] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 11325 [pid 11325] set_robust_list(0x55558aa90660, 24) = 0 [pid 11325] chdir("./62") = 0 [pid 11325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11325] setpgid(0, 0) = 0 [pid 11325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11325] write(3, "1000", 4) = 4 [pid 11325] close(3) = 0 [pid 11325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11325] write(1, "executing program\n", 18) = 18 [pid 11325] memfd_create("syzkaller", 0 [pid 11324] <... prctl resumed>) = 0 [pid 11324] setpgid(0, 0 [pid 11325] <... memfd_create resumed>) = 3 [pid 11324] <... setpgid resumed>) = 0 [ 257.900241][T11257] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 257.925311][ T5848] BTRFS info (device loop0): last unmount of filesystem 6c4b27b3-761f-4783-a151-bc5c0b61aa3c [pid 11325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11324] write(3, "1000", 4) = 4 [pid 11324] close(3) = 0 [pid 11324] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11324] write(1, "executing program\n", 18) = 18 [pid 11324] memfd_create("syzkaller", 0) = 3 [pid 11324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 257.946696][T11257] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 257.973055][T11257] BTRFS info (device loop2): using free-space-tree [pid 11306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./64/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./64") = 0 [pid 5848] mkdir("./65", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11342 ./strace-static-x86_64: Process 11342 attached [pid 11342] set_robust_list(0x55558aa90660, 24) = 0 [pid 11342] chdir("./65") = 0 [pid 11342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11342] setpgid(0, 0) = 0 [pid 11342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11257] <... mount resumed>) = 0 [pid 11342] <... openat resumed>) = 3 [pid 11257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11342] write(3, "1000", 4 [pid 11257] <... openat resumed>) = 3 [pid 11342] <... write resumed>) = 4 [pid 11257] chdir("./file0") = 0 [pid 11257] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11257] ioctl(4, LOOP_CLR_FD [pid 11342] close(3 [pid 11257] <... ioctl resumed>) = 0 [pid 11342] <... close resumed>) = 0 [pid 11342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11257] close(4) = 0 executing program [pid 11342] write(1, "executing program\n", 18) = 18 [pid 11342] memfd_create("syzkaller", 0) = 3 [pid 11342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11257] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11257] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11257] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11257] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11257] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11257] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11257] exit_group(0) = ? [pid 11257] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11257, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5850] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./62/binderfs") = 0 [ 258.420758][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11306] <... write resumed>) = 16777216 [pid 11306] munmap(0x7f362be00000, 138412032) = 0 [pid 11306] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11306] <... openat resumed>) = 4 [pid 11306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11306] close(3) = 0 [pid 11306] close(4) = 0 [pid 11306] mkdir("./file0", 0777) = 0 [ 258.639445][T11306] loop1: detected capacity change from 0 to 32768 [pid 11306] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 258.692275][T11306] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11306) [pid 11342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./62/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [ 258.769565][T11306] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 258.803026][T11306] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] close(3) = 0 [pid 5850] rmdir("./62") = 0 [pid 5850] mkdir("./63", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 258.835877][T11306] BTRFS info (device loop1): using free-space-tree [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11351 attached , child_tidptr=0x55558aa90650) = 11351 [pid 11351] set_robust_list(0x55558aa90660, 24) = 0 [pid 11351] chdir("./63") = 0 [pid 11351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11351] setpgid(0, 0) = 0 [pid 11351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 11351] write(3, "1000", 4) = 4 [pid 11351] close(3) = 0 [pid 11351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11351] write(1, "executing program\n", 18) = 18 [pid 11351] memfd_create("syzkaller", 0) = 3 [pid 11351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11324] <... write resumed>) = 16777216 [pid 11324] munmap(0x7f362be00000, 138412032) = 0 [pid 11306] <... mount resumed>) = 0 [pid 11306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11306] chdir("./file0") = 0 [pid 11306] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11306] ioctl(4, LOOP_CLR_FD) = 0 [pid 11306] close(4) = 0 [pid 11306] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11306] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11306] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11324] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11306] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11324] <... openat resumed>) = 4 [pid 11324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11325] <... write resumed>) = 16777216 [pid 11306] <... bpf resumed>) = -1 EINVAL (Invalid argument) [ 259.060028][T11324] loop3: detected capacity change from 0 to 32768 [pid 11324] close(3 [pid 11306] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11324] <... close resumed>) = 0 [pid 11306] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11324] close(4 [pid 11306] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11324] <... close resumed>) = 0 [pid 11306] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11324] mkdir("./file0", 0777 [pid 11306] exit_group(0 [pid 11324] <... mkdir resumed>) = 0 [pid 11306] <... exit_group resumed>) = ? [pid 11325] munmap(0x7f362be00000, 138412032 [pid 11324] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11306] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11306, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./63/binderfs") = 0 [pid 5849] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11325] <... munmap resumed>) = 0 [pid 11325] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 259.121211][T11324] BTRFS: device /dev/loop3 (7:3) using temp-fsid 053bd1b5-622a-43d2-927d-b13484588da9 [ 259.151917][T11325] loop4: detected capacity change from 0 to 32768 [pid 11325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11325] close(3) = 0 [pid 11325] close(4) = 0 [pid 11325] mkdir("./file0", 0777) = 0 [pid 11325] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11342] <... write resumed>) = 16777216 [ 259.159262][T11324] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11324) [ 259.189316][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11342] munmap(0x7f362be00000, 138412032) = 0 [ 259.252501][T11325] BTRFS: device /dev/loop4 (7:4) using temp-fsid 3f90458e-8e2b-44f5-9933-0c5a517dea86 [ 259.262310][T11324] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 259.279691][T11325] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11325) [pid 11342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11342] close(3) = 0 [pid 11342] close(4) = 0 [ 259.304340][T11342] loop0: detected capacity change from 0 to 32768 [ 259.305951][T11324] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 11342] mkdir("./file0", 0777) = 0 [ 259.349205][T11324] BTRFS info (device loop3): using free-space-tree [ 259.358977][T11325] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 259.360308][T11342] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11342) [ 259.377299][T11325] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 259.395190][T11325] BTRFS info (device loop4): using free-space-tree [pid 11342] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11325] <... mount resumed>) = 0 [pid 11324] <... mount resumed>) = 0 [pid 11324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11324] chdir("./file0") = 0 [pid 11324] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11324] ioctl(4, LOOP_CLR_FD) = 0 [pid 11324] close(4) = 0 [ 259.514386][T11342] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11324] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11325] <... openat resumed>) = 3 [pid 11324] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11324] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11325] chdir("./file0") = 0 [pid 11325] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11324] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11325] ioctl(4, LOOP_CLR_FD [pid 11324] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11325] <... ioctl resumed>) = 0 [pid 11324] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11325] close(4 [pid 11324] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11325] <... close resumed>) = 0 [pid 11324] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11325] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11324] exit_group(0 [pid 11325] <... openat resumed>) = 4 [pid 11324] <... exit_group resumed>) = ? [pid 11324] +++ exited with 0 +++ [pid 11325] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11324, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=32 /* 0.32 s */} --- [pid 11325] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11325] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11325] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11325] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11325] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11325] exit_group(0) = ? [pid 5851] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11325] +++ exited with 0 +++ [pid 5851] <... openat resumed>) = 3 [ 259.584545][T11342] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 5851] newfstatat(3, "", [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11325, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... restart_syscall resumed>) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./62/binderfs", [pid 5852] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5851] unlink("./62/binderfs") = 0 [pid 5851] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./62/binderfs") = 0 [ 259.639243][T11342] BTRFS info (device loop0): using free-space-tree [pid 5852] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11351] <... write resumed>) = 16777216 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./63/file0", [pid 11351] munmap(0x7f362be00000, 138412032 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11351] <... munmap resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 259.696307][ T5851] BTRFS info (device loop3): last unmount of filesystem 053bd1b5-622a-43d2-927d-b13484588da9 [ 259.727007][ T5852] BTRFS info (device loop4): last unmount of filesystem 3f90458e-8e2b-44f5-9933-0c5a517dea86 [pid 11351] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5849] <... openat resumed>) = 4 [pid 5849] newfstatat(4, "", [pid 11351] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11351] <... ioctl resumed>) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11351] close(3 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11351] <... close resumed>) = 0 [pid 11351] close(4 [pid 5849] close(4) = 0 [pid 11351] <... close resumed>) = 0 [pid 5849] rmdir("./63/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 11351] mkdir("./file0", 0777 [pid 5849] close(3 [pid 11351] <... mkdir resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 11351] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5849] rmdir("./63") = 0 [pid 5849] mkdir("./64", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11406 ./strace-static-x86_64: Process 11406 attached [ 259.790843][T11351] loop2: detected capacity change from 0 to 32768 [ 259.816956][T11351] BTRFS: device /dev/loop2 (7:2) using temp-fsid 7957b454-6114-46e6-b3af-1190b42513cf [pid 11406] set_robust_list(0x55558aa90660, 24) = 0 [pid 11406] chdir("./64") = 0 [pid 11406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11406] setpgid(0, 0) = 0 [pid 11406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11406] write(3, "1000", 4) = 4 [pid 11406] close(3) = 0 [pid 11406] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11406] write(1, "executing program\n", 18) = 18 [pid 11406] memfd_create("syzkaller", 0) = 3 [pid 11406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11342] <... mount resumed>) = 0 [pid 11342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 259.837954][T11351] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11351) [pid 11342] chdir("./file0") = 0 [pid 11342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11342] ioctl(4, LOOP_CLR_FD) = 0 [pid 11342] close(4) = 0 [pid 11342] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11342] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11342] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11342] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11342] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11342] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 259.911220][T11351] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 259.939207][T11351] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 259.950070][T11351] BTRFS info (device loop2): using free-space-tree [pid 11342] exit_group(0) = ? [pid 11342] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11342, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./65/binderfs") = 0 [pid 5848] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./62/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./62") = 0 [pid 5851] mkdir("./63", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11426 ./strace-static-x86_64: Process 11426 attached [pid 11426] set_robust_list(0x55558aa90660, 24) = 0 [pid 11426] chdir("./63" [pid 11351] <... mount resumed>) = 0 [pid 11351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11426] <... chdir resumed>) = 0 [pid 11351] chdir("./file0" [pid 11426] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11351] <... chdir resumed>) = 0 [pid 11426] <... prctl resumed>) = 0 [pid 11426] setpgid(0, 0 [pid 11351] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11426] <... setpgid resumed>) = 0 [pid 11351] <... openat resumed>) = 4 [pid 11426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11351] ioctl(4, LOOP_CLR_FD) = 0 [pid 11426] <... openat resumed>) = 3 [pid 11351] close(4 [pid 11426] write(3, "1000", 4 [pid 11406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11351] <... close resumed>) = 0 [ 260.091909][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11426] <... write resumed>) = 4 [pid 11351] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11426] close(3 [pid 11351] <... openat resumed>) = 4 [pid 11426] <... close resumed>) = 0 [pid 11426] symlink("/dev/binderfs", "./binderfs" [pid 11351] ioctl(-1, SIOCGIFINDEX, NULL [pid 11426] <... symlink resumed>) = 0 [pid 11351] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11351] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11426] write(1, "executing program\n", 18 [pid 11351] <... write resumed>) = 280 [pid 11351] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11351] bpf(BPF_PROG_LOAD, NULL, 0executing program ) = -1 E2BIG (Argument list too long) [pid 11426] <... write resumed>) = 18 [pid 11351] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11426] memfd_create("syzkaller", 0 [pid 11351] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11351] exit_group(0) = ? [pid 11351] +++ exited with 0 +++ [pid 11426] <... memfd_create resumed>) = 3 [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11351, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 11426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] <... restart_syscall resumed>) = 0 [pid 5850] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./63/binderfs") = 0 [pid 5850] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./65/file0", [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... openat resumed>) = 4 [pid 5848] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] newfstatat(4, "", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, [pid 5848] <... openat resumed>) = 4 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./62/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./62" [pid 5848] newfstatat(4, "", [pid 5852] <... rmdir resumed>) = 0 [pid 5852] mkdir("./63", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5848] getdents64(4, [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11427 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 11427 attached [pid 11427] set_robust_list(0x55558aa90660, 24 [pid 5848] getdents64(4, [pid 11427] <... set_robust_list resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11427] chdir("./63" [pid 5848] close(4 [pid 11427] <... chdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./65/file0" [pid 11427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11427] setpgid(0, 0) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, [pid 11427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 11427] <... openat resumed>) = 3 [pid 5848] close(3executing program [pid 11427] write(3, "1000", 4 [pid 5848] <... close resumed>) = 0 [pid 11427] <... write resumed>) = 4 [pid 11427] close(3) = 0 [pid 11427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11427] write(1, "executing program\n", 18) = 18 [pid 11427] memfd_create("syzkaller", 0) = 3 [pid 11427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] rmdir("./65") = 0 [ 260.316545][ T5850] BTRFS info (device loop2): last unmount of filesystem 7957b454-6114-46e6-b3af-1190b42513cf [pid 5848] mkdir("./66", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11428 ./strace-static-x86_64: Process 11428 attached [pid 11428] set_robust_list(0x55558aa90660, 24) = 0 [pid 11428] chdir("./66") = 0 [pid 11428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11428] setpgid(0, 0) = 0 [pid 11428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11428] write(3, "1000", 4) = 4 [pid 11428] close(3) = 0 [pid 11428] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 11428] write(1, "executing program\n", 18) = 18 [pid 11428] memfd_create("syzkaller", 0) = 3 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... openat resumed>) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./63/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./63" [pid 11428] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... rmdir resumed>) = 0 [pid 5850] mkdir("./64", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11429 attached [pid 11429] set_robust_list(0x55558aa90660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 11429 [pid 11429] <... set_robust_list resumed>) = 0 [pid 11429] chdir("./64") = 0 [pid 11429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11429] setpgid(0, 0) = 0 [pid 11429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 11429] write(3, "1000", 4) = 4 [pid 11429] close(3) = 0 [pid 11429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11429] write(1, "executing program\n", 18) = 18 [pid 11429] memfd_create("syzkaller", 0) = 3 [pid 11429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11406] <... write resumed>) = 16777216 [pid 11406] munmap(0x7f362be00000, 138412032) = 0 [pid 11406] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11406] ioctl(4, LOOP_SET_FD, 3) = 0 [ 260.633648][T11406] loop1: detected capacity change from 0 to 32768 [pid 11426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11406] close(3) = 0 [pid 11406] close(4) = 0 [pid 11406] mkdir("./file0", 0777) = 0 [ 260.707907][T11406] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11406) [ 260.793959][T11406] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 260.857024][T11406] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 11406] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 260.900470][T11406] BTRFS info (device loop1): using free-space-tree [pid 11427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11428] <... write resumed>) = 16777216 [pid 11428] munmap(0x7f362be00000, 138412032) = 0 [pid 11428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11428] close(3) = 0 [pid 11428] close(4) = 0 [pid 11428] mkdir("./file0", 0777) = 0 [ 261.180367][T11428] loop0: detected capacity change from 0 to 32768 [ 261.193404][T11428] BTRFS: device /dev/loop0 (7:0) using temp-fsid 4ca383be-9dc4-4a97-92cb-782dfe15dc00 [pid 11428] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11406] <... mount resumed>) = 0 [pid 11406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11406] chdir("./file0") = 0 [pid 11426] <... write resumed>) = 16777216 [pid 11426] munmap(0x7f362be00000, 138412032 [pid 11406] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11426] <... munmap resumed>) = 0 [pid 11406] <... openat resumed>) = 4 [ 261.225946][T11428] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11428) [pid 11406] ioctl(4, LOOP_CLR_FD [pid 11426] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11406] <... ioctl resumed>) = 0 [pid 11406] close(4 [pid 11426] <... openat resumed>) = 4 [pid 11426] ioctl(4, LOOP_SET_FD, 3 [pid 11406] <... close resumed>) = 0 [pid 11406] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11426] <... ioctl resumed>) = 0 [pid 11426] close(3) = 0 [pid 11406] <... openat resumed>) = 4 [pid 11426] close(4) = 0 [pid 11426] mkdir("./file0", 0777) = 0 [pid 11426] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11406] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11406] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11406] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 261.301715][T11426] loop3: detected capacity change from 0 to 32768 [ 261.311904][T11428] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 261.325265][T11426] BTRFS: device /dev/loop3 (7:3) using temp-fsid 51abebc9-8a30-417f-aba5-6c2543ec2b6a [pid 11406] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11427] <... write resumed>) = 16777216 [pid 11406] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11406] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11406] exit_group(0) = ? [pid 11427] munmap(0x7f362be00000, 138412032 [pid 11406] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11406, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=24 /* 0.24 s */} --- [pid 5849] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11427] <... munmap resumed>) = 0 [pid 11427] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 261.354850][T11426] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11426) [ 261.363890][T11428] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 11427] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11427] <... ioctl resumed>) = 0 [pid 5849] unlink("./64/binderfs" [pid 11427] close(3) = 0 [pid 11427] close(4 [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11427] <... close resumed>) = 0 [pid 11427] mkdir("./file0", 0777) = 0 [ 261.416598][T11427] loop4: detected capacity change from 0 to 32768 [ 261.438916][T11428] BTRFS info (device loop0): using free-space-tree [ 261.479817][T11427] BTRFS: device /dev/loop4 (7:4) using temp-fsid e88ec546-5d6a-4d69-b6ae-b5854f537ea0 [ 261.491605][T11426] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 261.494085][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 261.526715][T11427] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11427) [ 261.545402][T11426] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 261.569524][T11426] BTRFS info (device loop3): using free-space-tree [ 261.641474][T11427] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11427] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11429] <... write resumed>) = 16777216 [pid 11429] munmap(0x7f362be00000, 138412032) = 0 [ 261.711769][T11427] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 11429] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11429] ioctl(4, LOOP_SET_FD, 3 [pid 11428] <... mount resumed>) = 0 [ 261.774600][T11427] BTRFS info (device loop4): using free-space-tree [ 261.787617][T11429] loop2: detected capacity change from 0 to 32768 [pid 11428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11428] chdir("./file0") = 0 [pid 11428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11429] <... ioctl resumed>) = 0 [pid 11428] ioctl(4, LOOP_CLR_FD [pid 11429] close(3 [pid 11428] <... ioctl resumed>) = 0 [pid 11429] <... close resumed>) = 0 [pid 11428] close(4) = 0 [pid 11428] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11429] close(4 [pid 11428] <... openat resumed>) = 4 [pid 11429] <... close resumed>) = 0 [pid 11428] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11428] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11428] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11428] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11429] mkdir("./file0", 0777 [pid 11428] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11429] <... mkdir resumed>) = 0 [pid 11428] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11429] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 11428] exit_group(0) = ? [pid 11428] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11428, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=23 /* 0.23 s */} --- [pid 5848] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./66/binderfs") = 0 [ 261.898841][T11429] BTRFS: device /dev/loop2 (7:2) using temp-fsid 44ce7d27-69d6-44e1-a01c-cbc86b65cc3b [pid 5848] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11426] <... mount resumed>) = 0 [pid 11426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11426] chdir("./file0") = 0 [pid 11426] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11426] ioctl(4, LOOP_CLR_FD) = 0 [ 261.961054][T11429] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11429) [pid 11426] close(4) = 0 [pid 11426] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11426] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11426] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11426] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11426] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11426] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11426] exit_group(0) = ? [pid 11426] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11426, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 5851] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 262.014145][ T5848] BTRFS info (device loop0): last unmount of filesystem 4ca383be-9dc4-4a97-92cb-782dfe15dc00 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./63/binderfs") = 0 [ 262.100475][T11429] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 262.124855][ T5851] BTRFS info (device loop3): last unmount of filesystem 51abebc9-8a30-417f-aba5-6c2543ec2b6a [ 262.135303][T11429] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 5851] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, [pid 5848] <... umount2 resumed>) = 0 [pid 11427] <... mount resumed>) = 0 [pid 11427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11427] chdir("./file0") = 0 [pid 11427] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11427] ioctl(4, LOOP_CLR_FD) = 0 [pid 5849] getdents64(4, [pid 5848] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11427] close(4 [pid 5849] close(4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... close resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./66/file0", [pid 5849] rmdir("./64/file0" [pid 11427] <... close resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11427] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] getdents64(3, [pid 11427] <... openat resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] close(3) = 0 [pid 5849] rmdir("./64" [pid 11427] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11427] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5849] <... rmdir resumed>) = 0 [ 262.171549][T11429] BTRFS info (device loop2): using free-space-tree [pid 11427] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] mkdir("./65", 0777 [pid 11427] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11427] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11427] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5849] <... mkdir resumed>) = 0 [pid 11427] exit_group(0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11427] <... exit_group resumed>) = ? [pid 11427] +++ exited with 0 +++ [pid 5849] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11427, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5848] <... openat resumed>) = 4 [pid 5849] close(3 [pid 5852] <... restart_syscall resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 11506 [pid 5848] getdents64(4, [pid 5852] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] getdents64(4, [pid 5852] newfstatat(3, "", ./strace-static-x86_64: Process 11506 attached [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11506] set_robust_list(0x55558aa90660, 24 [pid 5848] close(4 [pid 11506] <... set_robust_list resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... close resumed>) = 0 [pid 11506] chdir("./65" [pid 5852] getdents64(3, [pid 5848] rmdir("./66/file0" [pid 11506] <... chdir resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] <... rmdir resumed>) = 0 [pid 11506] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] getdents64(3, [pid 11506] <... prctl resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 11506] setpgid(0, 0 [pid 5848] close(3 [pid 11506] <... setpgid resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 11506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] rmdir("./66" [pid 5852] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11506] <... openat resumed>) = 3 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... rmdir resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./63/binderfs", [pid 11506] write(3, "1000", 4 [pid 5848] mkdir("./67", 0777 [pid 11506] <... write resumed>) = 4 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5852] unlink("./63/binderfs" [pid 11506] close(3 [pid 5852] <... unlink resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11506] <... close resumed>) = 0 [pid 11506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5848] <... openat resumed>) = 3 executing program [pid 5848] ioctl(3, LOOP_CLR_FD [pid 11506] write(1, "executing program\n", 18 [pid 5848] <... ioctl resumed>) = 0 [pid 11506] <... write resumed>) = 18 [pid 5848] close(3 [pid 11506] memfd_create("syzkaller", 0 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11511 attached [pid 11506] <... memfd_create resumed>) = 3 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11511 [pid 11511] set_robust_list(0x55558aa90660, 24 [pid 11506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11511] <... set_robust_list resumed>) = 0 [pid 11511] chdir("./67" [pid 11506] <... mmap resumed>) = 0x7f362be00000 [pid 11511] <... chdir resumed>) = 0 [pid 11511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11511] setpgid(0, 0) = 0 [pid 11511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11511] write(3, "1000", 4) = 4 [pid 11511] close(3) = 0 [pid 11511] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11511] write(1, "executing program\n", 18) = 18 [pid 11511] memfd_create("syzkaller", 0) = 3 [pid 11511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11429] <... mount resumed>) = 0 [pid 11429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11429] chdir("./file0") = 0 [pid 11429] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11429] ioctl(4, LOOP_CLR_FD) = 0 [pid 11429] close(4) = 0 [pid 11429] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11429] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11429] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11429] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11429] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11429] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11429] exit_group(0) = ? [ 262.448528][ T5852] BTRFS info (device loop4): last unmount of filesystem e88ec546-5d6a-4d69-b6ae-b5854f537ea0 [pid 11429] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11429, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=25 /* 0.25 s */} --- [pid 5850] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./64/binderfs") = 0 [pid 5850] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./63/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./63") = 0 [pid 5852] mkdir("./64", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11515 attached [pid 5851] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11515] set_robust_list(0x55558aa90660, 24 [pid 5851] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11515] <... set_robust_list resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 262.630324][ T5850] BTRFS info (device loop2): last unmount of filesystem 44ce7d27-69d6-44e1-a01c-cbc86b65cc3b [pid 11515] chdir("./64" [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 11515 [pid 5851] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11515] <... chdir resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 11515] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] newfstatat(4, "", [pid 11515] <... prctl resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11515] setpgid(0, 0 [pid 5851] getdents64(4, [pid 11515] <... setpgid resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11515] write(3, "1000", 4 [pid 5851] getdents64(4, [pid 11515] <... write resumed>) = 4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 11515] close(3 [pid 5851] close(4 [pid 5850] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11515] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11515] symlink("/dev/binderfs", "./binderfs" [pid 5851] rmdir("./63/file0" [pid 5850] newfstatat(AT_FDCWD, "./64/file0", [pid 5851] <... rmdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 11515] <... symlink resumed>) = 0 [pid 5851] getdents64(3, [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... openat resumed>) = 4 [pid 11515] write(1, "executing program\n", 18 [pid 5851] close(3 [pid 5850] newfstatat(4, "", [pid 5851] <... close resumed>) = 0 [pid 11515] <... write resumed>) = 18 [pid 5851] rmdir("./63" [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5850] getdents64(4, [pid 11515] memfd_create("syzkaller", 0 [pid 5851] mkdir("./64", 0777 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11515] <... memfd_create resumed>) = 3 [pid 5850] getdents64(4, [pid 5851] <... mkdir resumed>) = 0 [pid 11515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4 [pid 11515] <... mmap resumed>) = 0x7f362be00000 [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./64/file0") = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5850] close(3 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 5850] <... close resumed>) = 0 [pid 5850] rmdir("./64" [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] close(3 [pid 5850] <... rmdir resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5850] mkdir("./65", 0777 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11516 attached [pid 5850] <... mkdir resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 11516 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11516] set_robust_list(0x55558aa90660, 24) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 11516] chdir("./64") = 0 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11516] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] close(3 [pid 11516] <... prctl resumed>) = 0 [pid 11516] setpgid(0, 0 [pid 5850] <... close resumed>) = 0 [pid 11516] <... setpgid resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11517 attached [pid 11516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11517] set_robust_list(0x55558aa90660, 24) = 0 [pid 11516] <... openat resumed>) = 3 [pid 11517] chdir("./65" [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 11517 [pid 11517] <... chdir resumed>) = 0 [pid 11517] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11516] write(3, "1000", 4 [pid 11506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11517] <... prctl resumed>) = 0 [pid 11516] <... write resumed>) = 4 [pid 11516] close(3) = 0 [pid 11517] setpgid(0, 0 [pid 11516] symlink("/dev/binderfs", "./binderfs" [pid 11517] <... setpgid resumed>) = 0 [pid 11516] <... symlink resumed>) = 0 executing program [pid 11517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11516] write(1, "executing program\n", 18) = 18 [pid 11517] <... openat resumed>) = 3 [pid 11516] memfd_create("syzkaller", 0 [pid 11517] write(3, "1000", 4) = 4 [pid 11516] <... memfd_create resumed>) = 3 [pid 11516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11517] close(3) = 0 [pid 11516] <... mmap resumed>) = 0x7f362be00000 [pid 11517] symlink("/dev/binderfs", "./binderfs" [pid 11511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11517] <... symlink resumed>) = 0 [pid 11517] write(1, "executing program\n", 18executing program ) = 18 [pid 11517] memfd_create("syzkaller", 0) = 3 [pid 11517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11506] <... write resumed>) = 16777216 [pid 11506] munmap(0x7f362be00000, 138412032) = 0 [pid 11506] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11506] close(3) = 0 [pid 11511] <... write resumed>) = 16777216 [pid 11511] munmap(0x7f362be00000, 138412032 [ 263.421537][T11506] loop1: detected capacity change from 0 to 32768 [pid 11506] close(4 [pid 11511] <... munmap resumed>) = 0 [pid 11506] <... close resumed>) = 0 [pid 11506] mkdir("./file0", 0777) = 0 [pid 11506] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 11511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11511] close(3) = 0 [pid 11511] close(4) = 0 [pid 11511] mkdir("./file0", 0777) = 0 [ 263.491598][T11506] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11506) [ 263.512399][T11511] loop0: detected capacity change from 0 to 32768 [ 263.573815][T11511] BTRFS: device /dev/loop0 (7:0) using temp-fsid 91c3a989-eabb-44ab-8be7-9a8e1357fe77 [ 263.585187][T11506] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 263.607670][T11506] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 11511] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11515] <... write resumed>) = 16777216 [ 263.622889][T11511] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11511) [ 263.649653][T11506] BTRFS info (device loop1): using free-space-tree [pid 11515] munmap(0x7f362be00000, 138412032) = 0 [pid 11515] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 263.700365][T11511] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 263.734397][T11511] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 263.746091][T11515] loop4: detected capacity change from 0 to 32768 [pid 11515] ioctl(4, LOOP_SET_FD, 3 [pid 11516] <... write resumed>) = 16777216 [pid 11516] munmap(0x7f362be00000, 138412032 [pid 11515] <... ioctl resumed>) = 0 [pid 11515] close(3) = 0 [pid 11515] close(4) = 0 [pid 11515] mkdir("./file0", 0777) = 0 [ 263.780475][T11511] BTRFS info (device loop0): using free-space-tree [pid 11515] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11506] <... mount resumed>) = 0 [pid 11506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11506] chdir("./file0") = 0 [pid 11506] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11506] ioctl(4, LOOP_CLR_FD) = 0 [pid 11506] close(4) = 0 [pid 11506] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11506] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11506] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11516] <... munmap resumed>) = 0 [pid 11506] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11506] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11506] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [ 263.833657][T11515] BTRFS: device /dev/loop4 (7:4) using temp-fsid a5f07aa6-d22b-45eb-917b-2bf44c7c8f67 [pid 11506] exit_group(0) = ? [pid 11506] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11506, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=19 /* 0.19 s */} --- [pid 5849] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, [pid 11516] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 11516] <... openat resumed>) = 4 [pid 5849] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./65/binderfs", [pid 11516] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./65/binderfs") = 0 [ 263.880055][T11515] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11515) [ 263.905685][T11516] loop3: detected capacity change from 0 to 32768 [pid 5849] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11517] <... write resumed>) = 16777216 [pid 11517] munmap(0x7f362be00000, 138412032 [pid 11516] <... ioctl resumed>) = 0 [pid 11516] close(3) = 0 [pid 11516] close(4) = 0 [pid 11516] mkdir("./file0", 0777) = 0 [ 263.934344][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11516] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11517] <... munmap resumed>) = 0 [pid 11517] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11517] ioctl(4, LOOP_SET_FD, 3 [pid 11511] <... mount resumed>) = 0 [pid 11511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11511] chdir("./file0") = 0 [pid 11511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11511] ioctl(4, LOOP_CLR_FD) = 0 [pid 11511] close(4) = 0 [pid 11511] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 263.974691][T11515] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 263.985066][T11515] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 263.987136][T11517] loop2: detected capacity change from 0 to 32768 [ 263.994697][T11515] BTRFS info (device loop4): using free-space-tree [ 264.003114][T11516] BTRFS: device /dev/loop3 (7:3) using temp-fsid e7d085e7-05ac-4a87-9f28-ca552c2f2a85 [pid 11511] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11511] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11511] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11511] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11511] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11511] exit_group(0) = ? [pid 11511] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11511, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=24 /* 0.24 s */} --- [pid 11517] <... ioctl resumed>) = 0 [pid 11517] close(3) = 0 [pid 11517] close(4) = 0 [pid 11517] mkdir("./file0", 0777) = 0 [pid 5848] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11517] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./67/binderfs") = 0 [ 264.082552][T11516] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11516) [ 264.132987][ T5848] BTRFS info (device loop0): last unmount of filesystem 91c3a989-eabb-44ab-8be7-9a8e1357fe77 [ 264.164395][T11516] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 264.166063][T11517] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11517) [ 264.186430][T11516] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 264.219732][T11516] BTRFS info (device loop3): using free-space-tree [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./65/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./65") = 0 [pid 5849] mkdir("./66", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11571 ./strace-static-x86_64: Process 11571 attached [pid 11515] <... mount resumed>) = 0 [pid 11515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11515] chdir("./file0") = 0 [pid 11515] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11515] ioctl(4, LOOP_CLR_FD) = 0 [pid 11515] close(4) = 0 [pid 11515] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11571] set_robust_list(0x55558aa90660, 24 [pid 11515] <... openat resumed>) = 4 [pid 11571] <... set_robust_list resumed>) = 0 [pid 11571] chdir("./66") = 0 [pid 11571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11515] ioctl(-1, SIOCGIFINDEX, NULL [pid 11571] setpgid(0, 0 [pid 11515] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11571] <... setpgid resumed>) = 0 [ 264.227270][T11517] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 264.245922][T11517] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 264.258004][T11517] BTRFS info (device loop2): using free-space-tree [pid 11515] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11515] <... write resumed>) = 280 [pid 11515] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11571] <... openat resumed>) = 3 [pid 11515] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11571] write(3, "1000", 4 [pid 11515] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11571] <... write resumed>) = 4 [pid 11515] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11571] close(3 [pid 11515] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11571] <... close resumed>) = 0 [pid 11515] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11571] symlink("/dev/binderfs", "./binderfs" [pid 11515] exit_group(0 [pid 11571] <... symlink resumed>) = 0 [pid 11515] <... exit_group resumed>) = ? [pid 11571] write(1, "executing program\n", 18 [pid 11515] +++ exited with 0 +++ executing program [pid 11571] <... write resumed>) = 18 [pid 11571] memfd_create("syzkaller", 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11515, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=23 /* 0.23 s */} --- [pid 11571] <... memfd_create resumed>) = 3 [pid 11571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 11571] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... restart_syscall resumed>) = 0 [pid 5852] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./64/binderfs") = 0 [pid 5852] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11517] <... mount resumed>) = 0 [pid 11516] <... mount resumed>) = 0 [pid 5848] <... openat resumed>) = 4 [pid 11517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] newfstatat(4, "", [pid 11517] <... openat resumed>) = 3 [pid 11516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11516] <... openat resumed>) = 3 [pid 5848] getdents64(4, [pid 11517] chdir("./file0" [pid 11516] chdir("./file0" [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11517] <... chdir resumed>) = 0 [pid 11516] <... chdir resumed>) = 0 [pid 5848] getdents64(4, [pid 11517] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11516] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11517] <... openat resumed>) = 4 [pid 11516] <... openat resumed>) = 4 [pid 5848] close(4 [pid 11517] ioctl(4, LOOP_CLR_FD [pid 11516] ioctl(4, LOOP_CLR_FD [pid 5848] <... close resumed>) = 0 [ 264.502108][ T5852] BTRFS info (device loop4): last unmount of filesystem a5f07aa6-d22b-45eb-917b-2bf44c7c8f67 [pid 11517] <... ioctl resumed>) = 0 [pid 11516] <... ioctl resumed>) = 0 [pid 5848] rmdir("./67/file0" [pid 11517] close(4 [pid 11516] close(4 [pid 11517] <... close resumed>) = 0 [pid 11516] <... close resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 11517] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11516] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] getdents64(3, [pid 11517] <... openat resumed>) = 4 [pid 11516] <... openat resumed>) = 4 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 11517] ioctl(-1, SIOCGIFINDEX, NULL [pid 11516] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... close resumed>) = 0 [pid 11517] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11516] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] rmdir("./67" [pid 11517] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11516] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./68", 0777 [pid 11517] <... write resumed>) = 280 [pid 5848] <... mkdir resumed>) = 0 [pid 11517] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11516] <... write resumed>) = 280 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11517] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11516] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... openat resumed>) = 3 [pid 11517] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11516] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] ioctl(3, LOOP_CLR_FD [pid 11517] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11516] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11517] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11516] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5848] close(3 [pid 11517] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11516] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11517] exit_group(0 [pid 11516] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11517] <... exit_group resumed>) = ? [pid 11516] exit_group(0 [pid 11517] +++ exited with 0 +++ [pid 11516] <... exit_group resumed>) = ? [pid 11516] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11517, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=38 /* 0.38 s */} --- [pid 5848] <... close resumed>) = 0 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11516, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=34 /* 0.34 s */} --- [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5850] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11599 attached ) = -1 EINVAL (Invalid argument) [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11599 [pid 5850] newfstatat(AT_FDCWD, "./65/binderfs", [pid 11599] set_robust_list(0x55558aa90660, 24) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11599] chdir("./68" [pid 5850] unlink("./65/binderfs" [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... unlink resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11599] <... chdir resumed>) = 0 [pid 11571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./64/binderfs") = 0 [pid 5851] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11599] setpgid(0, 0) = 0 [pid 11599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11599] write(3, "1000", 4) = 4 [pid 11599] close(3) = 0 [pid 11599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11599] write(1, "executing program\n", 18executing program ) = 18 [pid 11599] memfd_create("syzkaller", 0) = 3 [pid 11599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 264.738709][ T5851] BTRFS info (device loop3): last unmount of filesystem e7d085e7-05ac-4a87-9f28-ca552c2f2a85 [ 264.739822][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./64/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./64") = 0 [pid 5852] mkdir("./65", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11600 ./strace-static-x86_64: Process 11600 attached [pid 11600] set_robust_list(0x55558aa90660, 24) = 0 [pid 11600] chdir("./65") = 0 [pid 11600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11600] setpgid(0, 0) = 0 [pid 11600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11600] write(3, "1000", 4) = 4 executing program [pid 11600] close(3) = 0 [pid 11600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11600] write(1, "executing program\n", 18) = 18 [pid 11600] memfd_create("syzkaller", 0) = 3 [pid 11600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11571] <... write resumed>) = 16777216 [pid 11571] munmap(0x7f362be00000, 138412032) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 11571] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5851] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11571] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./64/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./64") = 0 [pid 5851] mkdir("./65", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11601 ./strace-static-x86_64: Process 11601 attached [pid 11601] set_robust_list(0x55558aa90660, 24) = 0 [pid 11601] chdir("./65") = 0 [pid 11601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11601] setpgid(0, 0) = 0 [pid 11601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11571] <... ioctl resumed>) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 11601] <... openat resumed>) = 3 [pid 11571] close(3 [pid 11601] write(3, "1000", 4) = 4 [pid 11571] <... close resumed>) = 0 [pid 5850] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11571] close(4 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./65/file0", [pid 11601] close(3) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 265.124334][T11571] loop1: detected capacity change from 0 to 32768 [pid 11601] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5850] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11601] write(1, "executing program\n", 18 [pid 11571] <... close resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11601] <... write resumed>) = 18 [pid 11601] memfd_create("syzkaller", 0) = 3 [pid 11601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5850] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", [pid 11599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11571] mkdir("./file0", 0777 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11571] <... mkdir resumed>) = 0 [pid 5850] getdents64(4, [pid 11571] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./65/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./65") = 0 [pid 5850] mkdir("./66", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 265.224683][T11571] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11571) [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11603 attached [pid 11603] set_robust_list(0x55558aa90660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 11603 [ 265.270754][T11571] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11603] <... set_robust_list resumed>) = 0 [pid 11600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11603] chdir("./66") = 0 [pid 11603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11603] setpgid(0, 0) = 0 [pid 11603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 11603] write(3, "1000", 4) = 4 [pid 11603] close(3) = 0 [pid 11603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11603] write(1, "executing program\n", 18) = 18 [pid 11603] memfd_create("syzkaller", 0) = 3 [pid 11603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 265.319418][T11571] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 265.328959][T11571] BTRFS info (device loop1): using free-space-tree [pid 11571] <... mount resumed>) = 0 [pid 11571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11600] <... write resumed>) = 16777216 [pid 11571] chdir("./file0") = 0 [pid 11571] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11571] ioctl(4, LOOP_CLR_FD) = 0 [pid 11600] munmap(0x7f362be00000, 138412032 [pid 11571] close(4 [pid 11600] <... munmap resumed>) = 0 [pid 11571] <... close resumed>) = 0 [pid 11571] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11571] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11600] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11599] <... write resumed>) = 16777216 [pid 11571] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11599] munmap(0x7f362be00000, 138412032 [pid 11571] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11600] close(3) = 0 [pid 11600] close(4 [pid 11571] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11600] <... close resumed>) = 0 [pid 11600] mkdir("./file0", 0777) = 0 [pid 11600] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11571] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11571] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11571] exit_group(0) = ? [ 265.631659][T11600] loop4: detected capacity change from 0 to 32768 [ 265.661410][T11600] BTRFS: device /dev/loop4 (7:4) using temp-fsid 6d8dca72-77ef-4155-928e-c4911f9a78af [pid 11571] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11571, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 11599] <... munmap resumed>) = 0 [pid 5849] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11599] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11599] <... openat resumed>) = 4 [pid 11599] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... openat resumed>) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 265.687666][T11600] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11600) [ 265.714211][T11600] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 265.726329][T11599] loop0: detected capacity change from 0 to 32768 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11599] <... ioctl resumed>) = 0 [pid 5849] unlink("./66/binderfs" [pid 11599] close(3) = 0 [pid 5849] <... unlink resumed>) = 0 [ 265.736503][T11600] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 11599] close(4) = 0 [pid 11599] mkdir("./file0", 0777) = 0 [pid 5849] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 265.785694][T11600] BTRFS info (device loop4): using free-space-tree [ 265.819582][T11599] BTRFS: device /dev/loop0 (7:0) using temp-fsid 90394a40-0bc6-4bbb-b924-d0b2bf19896a [ 265.831588][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 265.856337][T11599] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11599) [pid 11599] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [ 265.949452][T11599] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11601] <... write resumed>) = 16777216 [pid 11601] munmap(0x7f362be00000, 138412032 [pid 11600] <... mount resumed>) = 0 [pid 11601] <... munmap resumed>) = 0 [pid 11600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11600] chdir("./file0") = 0 [pid 11600] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11600] ioctl(4, LOOP_CLR_FD) = 0 [pid 11600] close(4) = 0 [ 266.001962][T11599] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 266.033684][T11599] BTRFS info (device loop0): using free-space-tree [pid 11600] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11600] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11600] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11600] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11600] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11600] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11600] exit_group(0) = ? [pid 11600] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11600, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 11601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5852] <... restart_syscall resumed>) = 0 [pid 11601] <... openat resumed>) = 4 [pid 5852] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11601] ioctl(4, LOOP_SET_FD, 3 [pid 5852] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", [pid 11601] <... ioctl resumed>) = 0 [pid 11601] close(3 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11601] <... close resumed>) = 0 [pid 5852] getdents64(3, [pid 11601] close(4 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 11601] <... close resumed>) = 0 [pid 5852] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11601] mkdir("./file0", 0777 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./65/binderfs", [pid 11601] <... mkdir resumed>) = 0 [pid 11601] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./65/binderfs") = 0 [ 266.100583][T11601] loop3: detected capacity change from 0 to 32768 [ 266.132773][T11601] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11601) [pid 5849] <... umount2 resumed>) = 0 [pid 5852] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./66/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./66") = 0 [pid 5849] mkdir("./67", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [ 266.189445][T11601] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11651 attached , child_tidptr=0x55558aa90650) = 11651 [pid 11651] set_robust_list(0x55558aa90660, 24) = 0 [pid 11599] <... mount resumed>) = 0 [pid 11651] chdir("./67" [pid 11599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11651] <... chdir resumed>) = 0 [pid 11599] <... openat resumed>) = 3 [pid 11651] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11599] chdir("./file0" [pid 11651] <... prctl resumed>) = 0 [pid 11599] <... chdir resumed>) = 0 [pid 11651] setpgid(0, 0 [pid 11599] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11651] <... setpgid resumed>) = 0 [pid 11599] <... openat resumed>) = 4 [pid 11651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11599] ioctl(4, LOOP_CLR_FD [pid 11651] <... openat resumed>) = 3 [pid 11599] <... ioctl resumed>) = 0 [pid 11651] write(3, "1000", 4 [pid 11599] close(4 [pid 11651] <... write resumed>) = 4 [pid 11599] <... close resumed>) = 0 [pid 11651] close(3 [pid 11599] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11651] <... close resumed>) = 0 [pid 11599] <... openat resumed>) = 4 [ 266.244636][ T5852] BTRFS info (device loop4): last unmount of filesystem 6d8dca72-77ef-4155-928e-c4911f9a78af [ 266.254275][T11601] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 11651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11599] ioctl(-1, SIOCGIFINDEX, NULLexecuting program [pid 11651] write(1, "executing program\n", 18 [pid 11599] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11599] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11651] <... write resumed>) = 18 [pid 11599] <... write resumed>) = 280 [pid 11651] memfd_create("syzkaller", 0 [pid 11599] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11651] <... memfd_create resumed>) = 3 [pid 11599] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11599] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11599] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11599] exit_group(0) = ? [pid 11599] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11599, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=26 /* 0.26 s */} --- [pid 11651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 11651] <... mmap resumed>) = 0x7f362be00000 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... umount2 resumed>) = 0 [pid 5848] unlink("./68/binderfs" [pid 5852] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] <... unlink resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./65/file0", [pid 5848] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./65/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [ 266.349887][T11601] BTRFS info (device loop3): using free-space-tree [pid 5852] rmdir("./65") = 0 [pid 5852] mkdir("./66", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11659 attached , child_tidptr=0x55558aa90650) = 11659 [pid 11659] set_robust_list(0x55558aa90660, 24) = 0 [pid 11659] chdir("./66") = 0 [pid 11659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11659] setpgid(0, 0) = 0 [pid 11659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11659] write(3, "1000", 4) = 4 [pid 11659] close(3) = 0 [pid 11659] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11659] write(1, "executing program\n", 18) = 18 [pid 11659] memfd_create("syzkaller", 0) = 3 [ 266.494118][ T5848] BTRFS info (device loop0): last unmount of filesystem 90394a40-0bc6-4bbb-b924-d0b2bf19896a [pid 11659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11601] <... mount resumed>) = 0 [pid 11601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11603] <... write resumed>) = 16777216 [pid 11601] <... openat resumed>) = 3 [pid 11601] chdir("./file0") = 0 [pid 11601] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11601] ioctl(4, LOOP_CLR_FD [pid 11603] munmap(0x7f362be00000, 138412032 [pid 11601] <... ioctl resumed>) = 0 [pid 11601] close(4) = 0 [pid 11601] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11601] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11601] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11601] <... write resumed>) = 280 [pid 11601] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11603] <... munmap resumed>) = 0 [pid 11601] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11601] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11601] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11601] exit_group(0) = ? [pid 11601] +++ exited with 0 +++ [pid 11603] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11601, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 11603] <... openat resumed>) = 4 [pid 11603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5851] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./65/binderfs") = 0 [pid 5851] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11603] close(3) = 0 [pid 11603] close(4) = 0 [pid 11603] mkdir("./file0", 0777) = 0 [ 266.690749][T11603] loop2: detected capacity change from 0 to 32768 [ 266.739248][T11603] BTRFS: device /dev/loop2 (7:2) using temp-fsid 9e82fca8-5dbd-4c5e-969e-1e961adc2672 [ 266.766726][T11603] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11603) [ 266.792903][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 266.823461][T11603] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 266.867814][T11603] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 266.906608][T11603] BTRFS info (device loop2): using free-space-tree [pid 11603] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./68/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./68") = 0 [pid 11659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] mkdir("./69", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11683 attached [pid 11651] <... write resumed>) = 16777216 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11683 [pid 11651] munmap(0x7f362be00000, 138412032 [pid 11683] set_robust_list(0x55558aa90660, 24) = 0 [pid 11683] chdir("./69") = 0 [pid 11683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11683] setpgid(0, 0) = 0 [pid 11683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11683] write(3, "1000", 4) = 4 [pid 11683] close(3) = 0 [pid 11683] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11683] write(1, "executing program\n", 18) = 18 [pid 11683] memfd_create("syzkaller", 0) = 3 [pid 11683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11651] <... munmap resumed>) = 0 [pid 11603] <... mount resumed>) = 0 [pid 11603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11603] chdir("./file0") = 0 [pid 11603] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11651] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11603] <... openat resumed>) = 4 [pid 11651] <... openat resumed>) = 4 [pid 11603] ioctl(4, LOOP_CLR_FD [pid 11651] ioctl(4, LOOP_SET_FD, 3 [pid 11603] <... ioctl resumed>) = 0 [pid 11603] close(4) = 0 [pid 11603] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11603] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11603] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11603] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11603] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11603] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11603] exit_group(0) = ? [pid 11603] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11603, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 11651] <... ioctl resumed>) = 0 [pid 11651] close(3 [pid 5850] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11651] <... close resumed>) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11651] close(4 [pid 5850] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11651] <... close resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 11651] mkdir("./file0", 0777 [pid 5850] newfstatat(3, "", [pid 11651] <... mkdir resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./66/binderfs") = 0 [ 267.164739][T11651] loop1: detected capacity change from 0 to 32768 [pid 5850] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11659] <... write resumed>) = 16777216 [pid 11651] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 11659] munmap(0x7f362be00000, 138412032) = 0 [pid 11659] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 267.222176][T11651] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11651) [pid 11659] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11659] close(3) = 0 [pid 11659] close(4) = 0 [pid 11659] mkdir("./file0", 0777) = 0 [pid 11659] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 267.266823][T11659] loop4: detected capacity change from 0 to 32768 [ 267.268983][ T5850] BTRFS info (device loop2): last unmount of filesystem 9e82fca8-5dbd-4c5e-969e-1e961adc2672 [ 267.299220][T11659] BTRFS: device /dev/loop4 (7:4) using temp-fsid 32e16feb-d206-46db-8bc2-645d1ffe2827 [pid 5851] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./65/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./65") = 0 [pid 5851] mkdir("./66", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [ 267.323755][T11651] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11688 attached , child_tidptr=0x55558aa90650) = 11688 [pid 11688] set_robust_list(0x55558aa90660, 24) = 0 [pid 11688] chdir("./66") = 0 [pid 11688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11688] setpgid(0, 0) = 0 [ 267.361185][T11659] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11659) [ 267.372891][T11651] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 267.395686][T11651] BTRFS info (device loop1): using free-space-tree [pid 11688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11688] write(3, "1000", 4) = 4 [pid 11688] close(3) = 0 [ 267.429206][T11659] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11688] write(1, "executing program\n", 18executing program ) = 18 [pid 5850] <... umount2 resumed>) = 0 [pid 11688] memfd_create("syzkaller", 0 [pid 5850] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11688] <... memfd_create resumed>) = 3 [pid 11688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11688] <... mmap resumed>) = 0x7f362be00000 [pid 5850] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./66/file0") = 0 [ 267.478765][T11659] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 267.505457][T11659] BTRFS info (device loop4): using free-space-tree [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./66") = 0 [pid 5850] mkdir("./67", 0777 [pid 11651] <... mount resumed>) = 0 [pid 11651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5850] <... mkdir resumed>) = 0 [pid 11651] <... openat resumed>) = 3 [pid 11651] chdir("./file0" [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11651] <... chdir resumed>) = 0 [pid 11651] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] <... openat resumed>) = 3 [pid 11651] <... openat resumed>) = 4 [pid 11651] ioctl(4, LOOP_CLR_FD [pid 5850] ioctl(3, LOOP_CLR_FD [pid 11651] <... ioctl resumed>) = 0 [pid 11651] close(4 [pid 5850] <... ioctl resumed>) = 0 [pid 11651] <... close resumed>) = 0 [pid 11651] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11651] ioctl(-1, SIOCGIFINDEX, NULL./strace-static-x86_64: Process 11721 attached ) = -1 EBADF (Bad file descriptor) [pid 11651] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 11721 [pid 11651] <... write resumed>) = 280 [pid 11721] set_robust_list(0x55558aa90660, 24 [pid 11683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11651] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11721] <... set_robust_list resumed>) = 0 [pid 11721] chdir("./67") = 0 [pid 11651] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11651] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11721] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11651] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11721] <... prctl resumed>) = 0 [pid 11651] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11651] exit_group(0 [pid 11721] setpgid(0, 0 [pid 11651] <... exit_group resumed>) = ? [pid 11721] <... setpgid resumed>) = 0 [pid 11651] +++ exited with 0 +++ [pid 11721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11651, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 11721] write(3, "1000", 4 [pid 5849] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11721] <... write resumed>) = 4 [pid 11659] <... mount resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11721] close(3 [pid 11659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", [pid 11721] <... close resumed>) = 0 [pid 11659] <... openat resumed>) = 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, [pid 11721] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 11721] <... symlink resumed>) = 0 [pid 5849] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11659] chdir("./file0" [pid 5849] unlink("./67/binderfs" [pid 11659] <... chdir resumed>) = 0 [pid 5849] <... unlink resumed>) = 0 [pid 11659] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 11721] write(1, "executing program\n", 18 [pid 11659] <... openat resumed>) = 4 [pid 11659] ioctl(4, LOOP_CLR_FD [pid 11721] <... write resumed>) = 18 [pid 11659] <... ioctl resumed>) = 0 [pid 11721] memfd_create("syzkaller", 0 [pid 11659] close(4) = 0 [pid 11659] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11721] <... memfd_create resumed>) = 3 [pid 11659] <... openat resumed>) = 4 [pid 11721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11659] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11659] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11659] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11659] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11659] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11659] exit_group(0) = ? [pid 11659] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11659, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=22 /* 0.22 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./66/binderfs") = 0 [ 267.721405][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 267.792831][ T5852] BTRFS info (device loop4): last unmount of filesystem 32e16feb-d206-46db-8bc2-645d1ffe2827 [pid 5852] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./67/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./67") = 0 [pid 5849] mkdir("./68", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11722 attached [pid 11722] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 11722 [pid 11722] <... set_robust_list resumed>) = 0 [pid 11722] chdir("./68") = 0 [pid 11722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11722] setpgid(0, 0) = 0 [pid 11722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11722] write(3, "1000", 4) = 4 [pid 11722] close(3) = 0 [pid 11722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11722] write(1, "executing program\n", 18executing program ) = 18 [pid 11722] memfd_create("syzkaller", 0) = 3 [pid 11722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11683] <... write resumed>) = 16777216 [pid 11683] munmap(0x7f362be00000, 138412032) = 0 [pid 11721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11683] close(3) = 0 [pid 11683] close(4) = 0 [ 268.179700][T11683] loop0: detected capacity change from 0 to 32768 [pid 11683] mkdir("./file0", 0777 [pid 5852] <... umount2 resumed>) = 0 [pid 11683] <... mkdir resumed>) = 0 [pid 5852] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11683] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./66/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./66") = 0 [pid 5852] mkdir("./67", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11723 ./strace-static-x86_64: Process 11723 attached [ 268.249544][T11683] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11683) [pid 11723] set_robust_list(0x55558aa90660, 24) = 0 [pid 11723] chdir("./67") = 0 [pid 11723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11723] setpgid(0, 0) = 0 [ 268.311387][T11683] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11723] write(3, "1000", 4) = 4 [pid 11723] close(3) = 0 [pid 11723] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11723] write(1, "executing program\n", 18) = 18 [pid 11723] memfd_create("syzkaller", 0) = 3 [pid 11723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 268.351512][T11683] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 268.380837][T11683] BTRFS info (device loop0): using free-space-tree [pid 11722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11721] <... write resumed>) = 16777216 [pid 11721] munmap(0x7f362be00000, 138412032) = 0 [pid 11721] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11721] close(3) = 0 [pid 11721] close(4) = 0 [pid 11721] mkdir("./file0", 0777) = 0 [pid 11721] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 11683] <... mount resumed>) = 0 [pid 11688] <... write resumed>) = 16777216 [pid 11683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11683] chdir("./file0") = 0 [pid 11683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 268.578857][T11721] loop2: detected capacity change from 0 to 32768 [ 268.611979][T11721] BTRFS: device /dev/loop2 (7:2) using temp-fsid 2f7c317f-906a-405a-a8fa-e319c4244fb7 [pid 11688] munmap(0x7f362be00000, 138412032 [pid 11683] ioctl(4, LOOP_CLR_FD) = 0 [pid 11683] close(4) = 0 [pid 11683] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11683] ioctl(-1, SIOCGIFINDEX, NULL [pid 11723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11683] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11683] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11683] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11683] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11683] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11683] exit_group(0) = ? [pid 11683] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11683, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./69/binderfs", [pid 11688] <... munmap resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./69/binderfs") = 0 [pid 5848] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 268.679153][T11721] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11721) [pid 11688] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11688] close(3) = 0 [pid 11688] close(4) = 0 [pid 11688] mkdir("./file0", 0777) = 0 [ 268.741665][T11688] loop3: detected capacity change from 0 to 32768 [ 268.755475][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 268.800546][T11688] BTRFS: device /dev/loop3 (7:3) using temp-fsid 5fceb0d7-df22-4edf-bc8e-fa8ab6e59674 [ 268.822341][T11721] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 268.844745][T11688] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11688) [ 268.859817][T11721] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 268.889274][T11721] BTRFS info (device loop2): using free-space-tree [ 268.920896][T11688] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11688] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11722] <... write resumed>) = 16777216 [pid 11723] <... write resumed>) = 16777216 [ 268.962447][T11688] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 11722] munmap(0x7f362be00000, 138412032 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 11723] munmap(0x7f362be00000, 138412032 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 11722] <... munmap resumed>) = 0 [pid 11721] <... mount resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] close(4 [pid 11721] <... openat resumed>) = 3 [pid 5848] <... close resumed>) = 0 [pid 11721] chdir("./file0" [pid 5848] rmdir("./69/file0" [pid 11721] <... chdir resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 11721] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] getdents64(3, [pid 11721] <... openat resumed>) = 4 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 11721] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] close(3 [pid 11723] <... munmap resumed>) = 0 [pid 11722] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11721] close(4) = 0 [pid 11722] <... openat resumed>) = 4 [pid 11721] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11722] ioctl(4, LOOP_SET_FD, 3 [pid 11721] <... openat resumed>) = 4 [pid 5848] <... close resumed>) = 0 [ 269.019298][T11688] BTRFS info (device loop3): using free-space-tree [pid 5848] rmdir("./69") = 0 [pid 5848] mkdir("./70", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11721] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11723] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 11764 attached ) = 4 [pid 11721] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11764 [ 269.078577][T11722] loop1: detected capacity change from 0 to 32768 [pid 11764] set_robust_list(0x55558aa90660, 24 [pid 11723] ioctl(4, LOOP_SET_FD, 3executing program [pid 11764] <... set_robust_list resumed>) = 0 [pid 11722] <... ioctl resumed>) = 0 [pid 11721] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11722] close(3 [pid 11764] chdir("./70" [pid 11722] <... close resumed>) = 0 [pid 11764] <... chdir resumed>) = 0 [pid 11722] close(4) = 0 [pid 11722] mkdir("./file0", 0777 [pid 11764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11764] setpgid(0, 0) = 0 [pid 11764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11764] write(3, "1000", 4) = 4 [pid 11764] close(3) = 0 [pid 11764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11764] write(1, "executing program\n", 18) = 18 [pid 11764] memfd_create("syzkaller", 0 [pid 11722] <... mkdir resumed>) = 0 [pid 11764] <... memfd_create resumed>) = 3 [pid 11722] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 11764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11721] <... write resumed>) = 280 [pid 11721] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11723] <... ioctl resumed>) = 0 [pid 11721] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11723] close(3 [pid 11721] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11723] <... close resumed>) = 0 [pid 11723] close(4) = 0 [pid 11721] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11723] mkdir("./file0", 0777 [pid 11721] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11723] <... mkdir resumed>) = 0 [pid 11721] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11723] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11721] exit_group(0) = ? [pid 11721] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11721, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 269.124632][T11723] loop4: detected capacity change from 0 to 32768 [ 269.142838][T11722] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11722) [pid 5850] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 269.180940][T11723] BTRFS: device /dev/loop4 (7:4) using temp-fsid e8c8baa3-74fe-4d68-816b-ef17f34618fb [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./67/binderfs") = 0 [ 269.229271][T11722] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 269.232998][T11723] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11723) [ 269.269451][T11722] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 269.315691][T11722] BTRFS info (device loop1): using free-space-tree [ 269.327719][ T5850] BTRFS info (device loop2): last unmount of filesystem 2f7c317f-906a-405a-a8fa-e319c4244fb7 [pid 5850] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11722] <... mount resumed>) = 0 [pid 11722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11722] chdir("./file0") = 0 [pid 11722] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11722] ioctl(4, LOOP_CLR_FD) = 0 [pid 11722] close(4) = 0 [ 269.364928][T11723] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11722] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11722] ioctl(-1, SIOCGIFINDEX, NULL [pid 11688] <... mount resumed>) = 0 [pid 11722] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11722] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11722] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11688] <... openat resumed>) = 3 [pid 11722] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [ 269.428028][T11723] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 11722] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11688] chdir("./file0" [pid 11722] exit_group(0 [pid 11688] <... chdir resumed>) = 0 [pid 11722] <... exit_group resumed>) = ? [pid 11688] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11688] ioctl(4, LOOP_CLR_FD [pid 11722] +++ exited with 0 +++ [pid 11688] <... ioctl resumed>) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11722, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=23 /* 0.23 s */} --- [pid 11688] close(4) = 0 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 11688] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... restart_syscall resumed>) = 0 [pid 11688] <... openat resumed>) = 4 [pid 11688] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11688] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11688] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11688] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11688] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11688] exit_group(0) = ? [pid 5849] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11688] +++ exited with 0 +++ [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11688, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5849] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 269.470864][T11723] BTRFS info (device loop4): using free-space-tree [pid 5849] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] <... restart_syscall resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./68/binderfs", [pid 5851] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] unlink("./68/binderfs" [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, [pid 5849] <... unlink resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./66/binderfs") = 0 [pid 5851] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 269.641642][ T5851] BTRFS info (device loop3): last unmount of filesystem 5fceb0d7-df22-4edf-bc8e-fa8ab6e59674 [ 269.681857][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11723] <... mount resumed>) = 0 [pid 11723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11723] chdir("./file0") = 0 [pid 11723] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11723] ioctl(4, LOOP_CLR_FD) = 0 [pid 11723] close(4) = 0 [pid 11723] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11723] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11723] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11723] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11723] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11723] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11723] exit_group(0) = ? [pid 11723] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11723, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5852] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] unlink("./67/binderfs" [pid 5850] newfstatat(AT_FDCWD, "./67/file0", [pid 5852] <... unlink resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] <... umount2 resumed>) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./67/file0") = 0 [pid 5850] getdents64(3, [pid 5851] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] close(3 [pid 5851] newfstatat(AT_FDCWD, "./66/file0", [pid 5850] <... close resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] rmdir("./67" [pid 5851] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... rmdir resumed>) = 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] mkdir("./68", 0777 [pid 5851] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] <... mkdir resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 5850] ioctl(3, LOOP_CLR_FD [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] getdents64(4, [pid 5850] close(3 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] <... close resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] close(4) = 0 [pid 5851] rmdir("./66/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 11808 [pid 5851] close(3./strace-static-x86_64: Process 11808 attached ) = 0 [pid 5851] rmdir("./66") = 0 [pid 5851] mkdir("./67", 0777 [pid 11808] set_robust_list(0x55558aa90660, 24 [pid 5851] <... mkdir resumed>) = 0 [pid 11808] <... set_robust_list resumed>) = 0 [pid 11808] chdir("./68") = 0 [pid 11808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11808] setpgid(0, 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 11808] <... setpgid resumed>) = 0 [pid 11808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 11808] write(3, "1000", 4 [pid 5851] <... ioctl resumed>) = 0 executing program [pid 11808] <... write resumed>) = 4 [pid 5851] close(3 [pid 11808] close(3 [pid 5851] <... close resumed>) = 0 [pid 11808] <... close resumed>) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 11809 [pid 11808] write(1, "executing program\n", 18./strace-static-x86_64: Process 11809 attached ) = 18 [pid 11808] memfd_create("syzkaller", 0) = 3 [pid 11808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 269.946648][ T5852] BTRFS info (device loop4): last unmount of filesystem e8c8baa3-74fe-4d68-816b-ef17f34618fb executing program [pid 11809] set_robust_list(0x55558aa90660, 24) = 0 [pid 11809] chdir("./67") = 0 [pid 11809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11809] setpgid(0, 0) = 0 [pid 11809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11809] write(3, "1000", 4) = 4 [pid 11809] close(3) = 0 [pid 11809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11809] write(1, "executing program\n", 18) = 18 [pid 11809] memfd_create("syzkaller", 0) = 3 [pid 11809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 11764] <... write resumed>) = 16777216 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11764] munmap(0x7f362be00000, 138412032 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./67/file0") = 0 [pid 5852] getdents64(3, [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] close(3 [pid 5849] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, [pid 5852] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5852] rmdir("./67" [pid 5849] rmdir("./68/file0" [pid 11764] <... munmap resumed>) = 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, [pid 5852] mkdir("./68", 0777 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5849] rmdir("./68" [pid 11764] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] <... rmdir resumed>) = 0 [pid 5849] mkdir("./69", 0777 [pid 11764] <... openat resumed>) = 4 [pid 5852] <... openat resumed>) = 3 [pid 5849] <... mkdir resumed>) = 0 [pid 11764] ioctl(4, LOOP_SET_FD, 3 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11810 attached [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 11810 [pid 11810] set_robust_list(0x55558aa90660, 24) = 0 ./strace-static-x86_64: Process 11811 attached [pid 11810] chdir("./69") = 0 [pid 11811] set_robust_list(0x55558aa90660, 24 [pid 11810] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 11811 [pid 11811] <... set_robust_list resumed>) = 0 [pid 11810] <... prctl resumed>) = 0 [pid 11764] <... ioctl resumed>) = 0 [pid 11811] chdir("./68" [pid 11810] setpgid(0, 0 [pid 11764] close(3) = 0 [pid 11764] close(4 [pid 11810] <... setpgid resumed>) = 0 [pid 11764] <... close resumed>) = 0 [pid 11810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11811] <... chdir resumed>) = 0 [pid 11810] write(3, "1000", 4 [pid 11764] mkdir("./file0", 0777 [pid 11811] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11764] <... mkdir resumed>) = 0 [pid 11811] <... prctl resumed>) = 0 [pid 11810] <... write resumed>) = 4 [pid 11811] setpgid(0, 0 [ 270.227907][T11764] loop0: detected capacity change from 0 to 32768 [pid 11764] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11810] close(3) = 0 [pid 11810] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11810] write(1, "executing program\n", 18) = 18 [pid 11810] memfd_create("syzkaller", 0) = 3 [pid 11810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11811] <... setpgid resumed>) = 0 [pid 11811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11811] write(3, "1000", 4) = 4 [pid 11811] close(3) = 0 [pid 11811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11811] write(1, "executing program\n", 18executing program ) = 18 [pid 11811] memfd_create("syzkaller", 0) = 3 [pid 11811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 270.283148][T11764] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11764) [ 270.400566][T11764] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 270.462749][T11764] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 270.509250][T11764] BTRFS info (device loop0): using free-space-tree [pid 11808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11764] <... mount resumed>) = 0 [pid 11764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11764] chdir("./file0") = 0 [pid 11764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11764] ioctl(4, LOOP_CLR_FD) = 0 [pid 11764] close(4) = 0 [pid 11764] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11764] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11764] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11764] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11764] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11764] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11764] exit_group(0) = ? [pid 11764] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11764, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./70/binderfs") = 0 [ 270.848755][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5848] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./70/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./70") = 0 [pid 5848] mkdir("./71", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11828 attached , child_tidptr=0x55558aa90650) = 11828 [pid 11828] set_robust_list(0x55558aa90660, 24) = 0 [pid 11828] chdir("./71") = 0 [pid 11828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11828] setpgid(0, 0) = 0 executing program [pid 11828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11828] write(3, "1000", 4) = 4 [pid 11828] close(3) = 0 [pid 11828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11828] write(1, "executing program\n", 18) = 18 [pid 11828] memfd_create("syzkaller", 0) = 3 [pid 11828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11811] <... write resumed>) = 16777216 [pid 11811] munmap(0x7f362be00000, 138412032) = 0 [pid 11808] <... write resumed>) = 16777216 [pid 11808] munmap(0x7f362be00000, 138412032 [pid 11811] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11808] <... munmap resumed>) = 0 [pid 11811] close(3 [pid 11808] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11811] <... close resumed>) = 0 [pid 11808] <... openat resumed>) = 4 [pid 11811] close(4 [pid 11808] ioctl(4, LOOP_SET_FD, 3 [pid 11811] <... close resumed>) = 0 [pid 11811] mkdir("./file0", 0777 [pid 11808] <... ioctl resumed>) = 0 [pid 11811] <... mkdir resumed>) = 0 [pid 11809] <... write resumed>) = 16777216 [ 271.096379][T11811] loop4: detected capacity change from 0 to 32768 [ 271.121409][T11808] loop2: detected capacity change from 0 to 32768 [pid 11811] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11809] munmap(0x7f362be00000, 138412032 [pid 11810] <... write resumed>) = 16777216 [pid 11808] close(3 [pid 11810] munmap(0x7f362be00000, 138412032 [pid 11808] <... close resumed>) = 0 [pid 11808] close(4) = 0 [pid 11808] mkdir("./file0", 0777) = 0 [pid 11808] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 11809] <... munmap resumed>) = 0 [ 271.154346][T11811] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11811) [pid 11809] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11810] <... munmap resumed>) = 0 [pid 11809] <... openat resumed>) = 4 [pid 11809] ioctl(4, LOOP_SET_FD, 3 [ 271.217030][T11808] BTRFS: device /dev/loop2 (7:2) using temp-fsid bb2acf7c-d291-48ca-a52f-9380d2b5ef02 [ 271.219836][T11809] loop3: detected capacity change from 0 to 32768 [ 271.238982][T11811] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11809] <... ioctl resumed>) = 0 [pid 11810] <... openat resumed>) = 4 [pid 11810] ioctl(4, LOOP_SET_FD, 3 [pid 11809] close(3) = 0 [pid 11809] close(4) = 0 [pid 11809] mkdir("./file0", 0777) = 0 [pid 11809] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 11810] <... ioctl resumed>) = 0 [pid 11810] close(3) = 0 [pid 11810] close(4) = 0 [pid 11810] mkdir("./file0", 0777) = 0 [ 271.255245][T11808] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11808) [ 271.276739][T11810] loop1: detected capacity change from 0 to 32768 [ 271.289570][T11811] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 271.299657][T11811] BTRFS info (device loop4): using free-space-tree [ 271.337381][T11809] BTRFS: device /dev/loop3 (7:3) using temp-fsid 4e62334c-183b-40b4-9c23-730657ad20c6 [ 271.361811][T11808] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 271.390488][T11809] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11809) [ 271.418604][T11808] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 271.430241][T11808] BTRFS info (device loop2): using free-space-tree [pid 11810] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 271.470154][T11810] BTRFS: device /dev/loop1 (7:1) using temp-fsid 4951e1de-a6c3-49af-913d-fa5435cf7af8 [ 271.482655][T11809] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 271.489974][T11810] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11810) [ 271.508731][T11809] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 11828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11811] <... mount resumed>) = 0 [ 271.531425][T11809] BTRFS info (device loop3): using free-space-tree [ 271.558178][T11810] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11811] chdir("./file0") = 0 [pid 11811] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11811] ioctl(4, LOOP_CLR_FD) = 0 [pid 11811] close(4) = 0 [pid 11811] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 271.619308][T11810] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 271.629048][T11810] BTRFS info (device loop1): using free-space-tree [pid 11811] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11808] <... mount resumed>) = 0 [pid 11811] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11811] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11811] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11808] <... openat resumed>) = 3 [pid 11811] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11808] chdir("./file0" [pid 11811] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11808] <... chdir resumed>) = 0 [pid 11811] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11808] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11811] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11808] <... openat resumed>) = 4 [pid 11811] exit_group(0 [pid 11808] ioctl(4, LOOP_CLR_FD [pid 11811] <... exit_group resumed>) = ? [pid 11808] <... ioctl resumed>) = 0 [pid 11811] +++ exited with 0 +++ [pid 11808] close(4) = 0 [pid 11808] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11811, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 11808] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11808] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11808] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11808] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11808] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11808] exit_group(0) = ? [pid 11808] +++ exited with 0 +++ [pid 5852] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11808, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- [pid 5852] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5852] newfstatat(3, "", [pid 5850] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] getdents64(3, [pid 5850] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] <... openat resumed>) = 3 [pid 5852] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] newfstatat(3, "", [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./68/binderfs", [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] getdents64(3, [pid 5852] unlink("./68/binderfs" [pid 5850] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] <... unlink resumed>) = 0 [pid 5852] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./68/binderfs") = 0 [pid 5850] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11828] <... write resumed>) = 16777216 [pid 11828] munmap(0x7f362be00000, 138412032) = 0 [pid 11828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11828] ioctl(4, LOOP_SET_FD, 3 [pid 11809] <... mount resumed>) = 0 [pid 11809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 271.821927][ T5850] BTRFS info (device loop2): last unmount of filesystem bb2acf7c-d291-48ca-a52f-9380d2b5ef02 [ 271.840854][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11809] chdir("./file0" [pid 11810] <... mount resumed>) = 0 [pid 11809] <... chdir resumed>) = 0 [pid 11810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11809] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11810] <... openat resumed>) = 3 [pid 11809] <... openat resumed>) = 4 [pid 11810] chdir("./file0" [pid 11809] ioctl(4, LOOP_CLR_FD [pid 11810] <... chdir resumed>) = 0 [pid 11809] <... ioctl resumed>) = 0 [pid 11810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11809] close(4 [pid 11810] <... openat resumed>) = 4 [pid 11809] <... close resumed>) = 0 [pid 11810] ioctl(4, LOOP_CLR_FD [pid 11809] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11810] <... ioctl resumed>) = 0 [pid 11809] <... openat resumed>) = 4 [pid 11810] close(4 [pid 11809] ioctl(-1, SIOCGIFINDEX, NULL [pid 11810] <... close resumed>) = 0 [pid 11809] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11810] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11809] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11810] <... openat resumed>) = 4 [pid 11809] <... write resumed>) = 280 [pid 11809] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11809] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11809] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11810] ioctl(-1, SIOCGIFINDEX, NULL [pid 11809] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11809] exit_group(0 [pid 11810] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11810] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11828] <... ioctl resumed>) = 0 [pid 11810] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11828] close(3) = 0 [pid 11810] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11828] close(4) = 0 [pid 11828] mkdir("./file0", 0777 [pid 11809] <... exit_group resumed>) = ? [pid 11828] <... mkdir resumed>) = 0 [pid 11809] +++ exited with 0 +++ [pid 11810] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11810] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11828] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11810] <... bpf resumed>) = -1 EINVAL (Invalid argument) [ 271.892276][T11828] loop0: detected capacity change from 0 to 32768 [pid 11810] exit_group(0) = ? [pid 11810] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11809, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5851] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11810, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] unlink("./67/binderfs" [pid 5850] <... umount2 resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(3, "", [pid 5850] newfstatat(AT_FDCWD, "./68/file0", [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... unlink resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] getdents64(3, [pid 5851] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... openat resumed>) = 4 [pid 5849] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 271.946057][T11828] BTRFS: device /dev/loop0 (7:0) using temp-fsid 545d209a-3650-4ccb-b914-c01794450ee6 [pid 5849] unlink("./69/binderfs" [pid 5850] newfstatat(4, "", [pid 5849] <... unlink resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, [pid 5849] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./68/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./68") = 0 [pid 5850] mkdir("./69", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11894 ./strace-static-x86_64: Process 11894 attached executing program [pid 11894] set_robust_list(0x55558aa90660, 24) = 0 [pid 11894] chdir("./69") = 0 [pid 11894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11894] setpgid(0, 0) = 0 [pid 11894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11894] write(3, "1000", 4) = 4 [pid 11894] close(3) = 0 [pid 11894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11894] write(1, "executing program\n", 18) = 18 [ 272.034261][T11828] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11828) [ 272.062655][ T5851] BTRFS info (device loop3): last unmount of filesystem 4e62334c-183b-40b4-9c23-730657ad20c6 [pid 11894] memfd_create("syzkaller", 0) = 3 [pid 11894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 272.074937][ T5849] BTRFS info (device loop1): last unmount of filesystem 4951e1de-a6c3-49af-913d-fa5435cf7af8 [ 272.094616][T11828] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 272.150123][T11828] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 272.190366][T11828] BTRFS info (device loop0): using free-space-tree [pid 11828] <... mount resumed>) = 0 [pid 11828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11828] chdir("./file0") = 0 [pid 11828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11828] ioctl(4, LOOP_CLR_FD) = 0 [pid 11828] close(4) = 0 [pid 11828] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11828] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11828] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11828] <... write resumed>) = 280 [pid 11828] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11828] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11828] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11828] exit_group(0) = ? [pid 11828] +++ exited with 0 +++ [pid 5852] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11828, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=25 /* 0.25 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5852] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... restart_syscall resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] newfstatat(4, "", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, [pid 5848] <... openat resumed>) = 3 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] newfstatat(3, "", [pid 5852] getdents64(4, [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] getdents64(3, [pid 5852] close(4) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] rmdir("./68/file0" [pid 5848] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5852] getdents64(3, [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] unlink("./71/binderfs" [pid 5852] close(3 [pid 5848] <... unlink resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5848] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] rmdir("./68") = 0 [pid 5852] mkdir("./69", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11911 attached , child_tidptr=0x55558aa90650) = 11911 [pid 11911] set_robust_list(0x55558aa90660, 24) = 0 [pid 11911] chdir("./69") = 0 [pid 11911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] <... umount2 resumed>) = 0 [pid 11911] <... prctl resumed>) = 0 [pid 5849] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11911] setpgid(0, 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11911] <... setpgid resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./69/file0", [pid 11911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11911] <... openat resumed>) = 3 [pid 5849] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11911] write(3, "1000", 4 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11911] <... write resumed>) = 4 [pid 5849] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11911] close(3) = 0 [pid 5849] <... openat resumed>) = 4 [pid 11911] symlink("/dev/binderfs", "./binderfs" [pid 5849] newfstatat(4, "", executing program [pid 11911] <... symlink resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11911] write(1, "executing program\n", 18) = 18 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, [pid 11911] memfd_create("syzkaller", 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [ 272.482321][ T5848] BTRFS info (device loop0): last unmount of filesystem 545d209a-3650-4ccb-b914-c01794450ee6 [pid 5849] rmdir("./69/file0" [pid 11911] <... memfd_create resumed>) = 3 [pid 5849] <... rmdir resumed>) = 0 [pid 11911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] getdents64(3, [pid 11911] <... mmap resumed>) = 0x7f362be00000 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./69") = 0 [pid 5849] mkdir("./70", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 11912 ./strace-static-x86_64: Process 11912 attached [pid 11912] set_robust_list(0x55558aa90660, 24) = 0 [pid 11912] chdir("./70") = 0 [pid 11894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11912] setpgid(0, 0) = 0 [pid 11912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11912] write(3, "1000", 4) = 4 [pid 11912] close(3) = 0 [pid 11912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11912] write(1, "executing program\n", 18executing program ) = 18 [pid 11912] memfd_create("syzkaller", 0) = 3 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./67/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./67") = 0 [pid 5851] mkdir("./68", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11913 attached , child_tidptr=0x55558aa90650) = 11913 [pid 11913] set_robust_list(0x55558aa90660, 24) = 0 [pid 11913] chdir("./68") = 0 executing program [pid 11913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11913] setpgid(0, 0) = 0 [pid 11913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11913] write(3, "1000", 4) = 4 [pid 11913] close(3) = 0 [pid 11913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11913] write(1, "executing program\n", 18) = 18 [pid 11913] memfd_create("syzkaller", 0) = 3 [pid 11913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./71/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./71") = 0 [pid 5848] mkdir("./72", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11914 attached [pid 11914] set_robust_list(0x55558aa90660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 11914 [pid 11914] <... set_robust_list resumed>) = 0 [pid 11914] chdir("./72") = 0 [pid 11914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11914] setpgid(0, 0) = 0 [pid 11911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11914] write(3, "1000", 4) = 4 [pid 11914] close(3) = 0 [pid 11914] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 11914] write(1, "executing program\n", 18) = 18 [pid 11914] memfd_create("syzkaller", 0) = 3 [pid 11914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 11912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11894] <... write resumed>) = 16777216 [pid 11894] munmap(0x7f362be00000, 138412032) = 0 [pid 11894] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11894] close(3) = 0 [pid 11894] close(4) = 0 [pid 11894] mkdir("./file0", 0777) = 0 [ 273.082518][T11894] loop2: detected capacity change from 0 to 32768 [ 273.119223][T11894] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11894) [pid 11894] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 273.196160][T11894] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 273.235587][T11894] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 273.268605][T11894] BTRFS info (device loop2): using free-space-tree [pid 11913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11911] <... write resumed>) = 16777216 [pid 11911] munmap(0x7f362be00000, 138412032) = 0 [pid 11911] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11911] close(3) = 0 [pid 11911] close(4) = 0 [pid 11912] <... write resumed>) = 16777216 [pid 11911] mkdir("./file0", 0777 [pid 11912] munmap(0x7f362be00000, 138412032 [pid 11911] <... mkdir resumed>) = 0 [ 273.440513][T11911] loop4: detected capacity change from 0 to 32768 [pid 11911] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11894] <... mount resumed>) = 0 [pid 11894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11894] chdir("./file0") = 0 [pid 11894] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11894] ioctl(4, LOOP_CLR_FD) = 0 [pid 11894] close(4) = 0 [pid 11894] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11894] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11894] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11894] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11894] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11894] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11894] exit_group(0) = ? [pid 11894] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11894, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./69/binderfs") = 0 [ 273.490088][T11911] BTRFS: device /dev/loop4 (7:4) using temp-fsid 75e17bd2-8dad-480b-aebd-f6ccb86852a5 [ 273.512384][T11911] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (11911) [pid 5850] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11912] <... munmap resumed>) = 0 [pid 11912] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 273.561008][T11911] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 273.584762][T11912] loop1: detected capacity change from 0 to 32768 [ 273.599616][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11912] close(3) = 0 [pid 11912] close(4) = 0 [pid 11912] mkdir("./file0", 0777) = 0 [ 273.629247][T11911] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 273.645056][T11911] BTRFS info (device loop4): using free-space-tree [ 273.645104][T11912] BTRFS: device /dev/loop1 (7:1) using temp-fsid 0d0612de-a8f8-4ddd-b244-0a94fc0870e5 [pid 11912] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 11913] <... write resumed>) = 16777216 [ 273.688933][T11912] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11912) [pid 11913] munmap(0x7f362be00000, 138412032) = 0 [ 273.749904][T11912] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 273.772176][T11912] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 11913] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11913] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11913] <... ioctl resumed>) = 0 [pid 11913] close(3 [pid 5850] getdents64(4, [pid 11913] <... close resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11913] close(4 [pid 5850] getdents64(4, [pid 11913] <... close resumed>) = 0 [pid 5850] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4 [pid 11913] mkdir("./file0", 0777 [pid 5850] <... close resumed>) = 0 [ 273.810196][T11912] BTRFS info (device loop1): using free-space-tree [ 273.822453][T11913] loop3: detected capacity change from 0 to 32768 [pid 11913] <... mkdir resumed>) = 0 [pid 5850] rmdir("./69/file0" [pid 11913] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... rmdir resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./69") = 0 [pid 5850] mkdir("./70", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = 0 [pid 5850] close(3) = 0 [ 273.851360][T11913] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (11913) [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11955 attached , child_tidptr=0x55558aa90650) = 11955 [pid 11955] set_robust_list(0x55558aa90660, 24) = 0 [pid 11955] chdir("./70") = 0 [pid 11955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11955] setpgid(0, 0) = 0 [pid 11955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11955] write(3, "1000", 4 [pid 11911] <... mount resumed>) = 0 [pid 11955] <... write resumed>) = 4 [pid 11955] close(3 [pid 11911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11955] <... close resumed>) = 0 [ 273.943563][T11913] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 11911] <... openat resumed>) = 3 [pid 11955] symlink("/dev/binderfs", "./binderfs" [pid 11911] chdir("./file0") = 0 [pid 11955] <... symlink resumed>) = 0 [pid 11911] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11955] write(1, "executing program\n", 18 [pid 11911] <... openat resumed>) = 4 executing program [pid 11911] ioctl(4, LOOP_CLR_FD [pid 11955] <... write resumed>) = 18 [pid 11911] <... ioctl resumed>) = 0 [pid 11911] close(4) = 0 [pid 11955] memfd_create("syzkaller", 0 [pid 11911] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11955] <... memfd_create resumed>) = 3 [pid 11911] <... openat resumed>) = 4 [pid 11955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11911] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11955] <... mmap resumed>) = 0x7f362be00000 [pid 11914] <... write resumed>) = 16777216 [pid 11911] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 11912] <... mount resumed>) = 0 [pid 11911] <... write resumed>) = 280 [pid 11912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11911] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11912] <... openat resumed>) = 3 [pid 11911] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11912] chdir("./file0" [pid 11911] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11912] <... chdir resumed>) = 0 [pid 11911] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11912] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11911] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11914] munmap(0x7f362be00000, 138412032 [pid 11912] <... openat resumed>) = 4 [pid 11912] ioctl(4, LOOP_CLR_FD [pid 11911] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11912] <... ioctl resumed>) = 0 [ 274.025622][T11913] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 11911] exit_group(0 [pid 11912] close(4 [pid 11911] <... exit_group resumed>) = ? [pid 11912] <... close resumed>) = 0 [pid 11911] +++ exited with 0 +++ [pid 11912] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11911, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=30 /* 0.30 s */} --- [pid 11912] <... openat resumed>) = 4 [pid 11912] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5852] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11912] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11912] <... write resumed>) = 280 [pid 5852] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11912] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... openat resumed>) = 3 [pid 11912] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(3, "", [pid 11912] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11912] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] getdents64(3, [pid 11912] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 11912] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11912] exit_group(0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11912] <... exit_group resumed>) = ? [pid 5852] newfstatat(AT_FDCWD, "./69/binderfs", [pid 11912] +++ exited with 0 +++ [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./69/binderfs") = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11912, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 5852] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11914] <... munmap resumed>) = 0 [pid 5849] unlink("./70/binderfs") = 0 [pid 5849] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 274.091459][T11913] BTRFS info (device loop3): using free-space-tree [pid 11914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11914] close(3) = 0 [pid 11914] close(4) = 0 [pid 11914] mkdir("./file0", 0777) = 0 [ 274.136456][T11914] loop0: detected capacity change from 0 to 32768 [ 274.209299][ T5852] BTRFS info (device loop4): last unmount of filesystem 75e17bd2-8dad-480b-aebd-f6ccb86852a5 [ 274.220381][ T5849] BTRFS info (device loop1): last unmount of filesystem 0d0612de-a8f8-4ddd-b244-0a94fc0870e5 [ 274.231652][T11914] BTRFS: device /dev/loop0 (7:0) using temp-fsid ab138a78-0544-4f76-a3bf-6b58817e8857 [ 274.242424][T11914] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (11914) [ 274.294380][T11914] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 274.306317][T11914] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 274.317802][T11914] BTRFS info (device loop0): using free-space-tree [pid 11914] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 11913] <... mount resumed>) = 0 [pid 11913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] <... umount2 resumed>) = 0 [pid 11913] <... openat resumed>) = 3 [pid 11913] chdir("./file0") = 0 [pid 11913] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5849] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11913] ioctl(4, LOOP_CLR_FD [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11913] <... ioctl resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./70/file0", [pid 11913] close(4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11913] <... close resumed>) = 0 [pid 11913] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5849] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11914] <... mount resumed>) = 0 [pid 11913] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11913] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11913] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] <... openat resumed>) = 4 [pid 11913] <... write resumed>) = 280 [pid 11914] chdir("./file0" [pid 5849] newfstatat(4, "", [pid 11913] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11914] <... chdir resumed>) = 0 [pid 11913] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11914] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11913] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5849] getdents64(4, [pid 11913] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11914] <... openat resumed>) = 4 [pid 11913] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 11913] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(4, [pid 11913] exit_group(0 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 11913] <... exit_group resumed>) = ? [pid 5849] close(4) = 0 [pid 5849] rmdir("./70/file0") = 0 [pid 11913] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11913, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=23 /* 0.23 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 11914] ioctl(4, LOOP_CLR_FD) = 0 [pid 11914] close(4 [pid 5851] <... restart_syscall resumed>) = 0 [pid 11914] <... close resumed>) = 0 [pid 11914] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11914] <... openat resumed>) = 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] getdents64(3, [pid 5851] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] newfstatat(3, "", [pid 11914] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] close(3 [pid 11914] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... close resumed>) = 0 [pid 5851] getdents64(3, [pid 5849] rmdir("./70" [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] <... rmdir resumed>) = 0 [pid 5851] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] mkdir("./71", 0777 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... mkdir resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5851] unlink("./68/binderfs" [pid 11914] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... unlink resumed>) = 0 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11914] <... write resumed>) = 280 [pid 5849] close(3) = 0 [pid 11914] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11914] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11914] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) ./strace-static-x86_64: Process 11998 attached [pid 11914] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 11998 [pid 11914] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 11914] exit_group(0) = ? [pid 11998] set_robust_list(0x55558aa90660, 24 [pid 11914] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11914, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=27 /* 0.27 s */} --- [pid 5848] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./72/binderfs") = 0 [pid 5848] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 11998] <... set_robust_list resumed>) = 0 [pid 11998] chdir("./71") = 0 [pid 11998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11998] setpgid(0, 0) = 0 [pid 11998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11998] write(3, "1000", 4) = 4 [pid 11998] close(3) = 0 [pid 11998] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 11998] write(1, "executing program\n", 18) = 18 [pid 11998] memfd_create("syzkaller", 0) = 3 [pid 11998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 274.702027][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 274.731391][ T5848] BTRFS info (device loop0): last unmount of filesystem ab138a78-0544-4f76-a3bf-6b58817e8857 [pid 5852] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./69/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./69") = 0 [pid 5852] mkdir("./70", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12000 attached [pid 12000] set_robust_list(0x55558aa90660, 24) = 0 [pid 12000] chdir("./70") = 0 [pid 12000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 12000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./72/file0", [pid 12000] <... prctl resumed>) = 0 [pid 12000] setpgid(0, 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11955] <... write resumed>) = 16777216 [pid 5848] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./72/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./72") = 0 [pid 5848] mkdir("./73", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12000] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 12001 attached [pid 12001] set_robust_list(0x55558aa90660, 24) = 0 [pid 12001] chdir("./73") = 0 [pid 12000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12000] <... openat resumed>) = 3 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 12001 [pid 11955] munmap(0x7f362be00000, 138412032 [pid 12001] <... prctl resumed>) = 0 [pid 12000] write(3, "1000", 4 [pid 12001] setpgid(0, 0 [pid 12000] <... write resumed>) = 4 [pid 12001] <... setpgid resumed>) = 0 [pid 12000] close(3 [pid 12001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12000] <... close resumed>) = 0 [pid 12001] <... openat resumed>) = 3 [pid 12000] symlink("/dev/binderfs", "./binderfs" [pid 12001] write(3, "1000", 4) = 4 [pid 12001] close(3 [pid 12000] <... symlink resumed>) = 0 [pid 12001] <... close resumed>) = 0 [pid 12001] symlink("/dev/binderfs", "./binderfs"executing program executing program ) = 0 [pid 12000] write(1, "executing program\n", 18 [pid 12001] write(1, "executing program\n", 18) = 18 [pid 12001] memfd_create("syzkaller", 0 [pid 12000] <... write resumed>) = 18 [pid 12001] <... memfd_create resumed>) = 3 [pid 12000] memfd_create("syzkaller", 0 [pid 12001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12000] <... memfd_create resumed>) = 3 [pid 12000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11955] <... munmap resumed>) = 0 [pid 12000] <... mmap resumed>) = 0x7f362be00000 [pid 11955] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11955] close(3) = 0 [pid 11955] close(4) = 0 [pid 11955] mkdir("./file0", 0777) = 0 [ 274.996609][T11955] loop2: detected capacity change from 0 to 32768 [ 275.033861][T11955] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (11955) [pid 11955] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [ 275.103610][T11955] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] close(4) = 0 [pid 5851] rmdir("./68/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./68") = 0 [pid 5851] mkdir("./69", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 275.145885][T11955] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 275.184057][T11955] BTRFS info (device loop2): using free-space-tree [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 11998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12004 ./strace-static-x86_64: Process 12004 attached [pid 12004] set_robust_list(0x55558aa90660, 24) = 0 [pid 12004] chdir("./69") = 0 [pid 12004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12004] setpgid(0, 0) = 0 [pid 12004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12004] write(3, "1000", 4) = 4 [pid 12004] close(3) = 0 [pid 12004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12004] write(1, "executing program\n", 18executing program ) = 18 [pid 12004] memfd_create("syzkaller", 0) = 3 [pid 12004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11955] <... mount resumed>) = 0 [pid 11955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11955] chdir("./file0") = 0 [pid 12001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11955] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11955] ioctl(4, LOOP_CLR_FD) = 0 [pid 11955] close(4) = 0 [pid 11955] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11955] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 11955] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 11955] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11955] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 11955] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 11955] exit_group(0) = ? [pid 11955] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11955, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./70/binderfs") = 0 [ 275.579896][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5850] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11998] <... write resumed>) = 16777216 [pid 12000] <... write resumed>) = 16777216 [pid 11998] munmap(0x7f362be00000, 138412032 [pid 12000] munmap(0x7f362be00000, 138412032 [pid 11998] <... munmap resumed>) = 0 [pid 12000] <... munmap resumed>) = 0 [pid 11998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 12000] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11998] <... openat resumed>) = 4 [pid 12000] <... openat resumed>) = 4 [pid 11998] ioctl(4, LOOP_SET_FD, 3 [pid 12000] ioctl(4, LOOP_SET_FD, 3 [pid 11998] <... ioctl resumed>) = 0 [pid 12001] <... write resumed>) = 16777216 [pid 12000] <... ioctl resumed>) = 0 [pid 12000] close(3 [pid 11998] close(3 [pid 12000] <... close resumed>) = 0 [pid 11998] <... close resumed>) = 0 [pid 12000] close(4 [pid 11998] close(4 [pid 12000] <... close resumed>) = 0 [ 275.848113][T11998] loop1: detected capacity change from 0 to 32768 [ 275.856117][T12000] loop4: detected capacity change from 0 to 32768 [ 275.885340][T12000] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (12000) [pid 11998] <... close resumed>) = 0 [pid 12000] mkdir("./file0", 0777) = 0 [pid 11998] mkdir("./file0", 0777 [pid 12000] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 11998] <... mkdir resumed>) = 0 [pid 12001] munmap(0x7f362be00000, 138412032 [pid 11998] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12001] <... munmap resumed>) = 0 [pid 5850] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./70/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./70") = 0 [pid 5850] mkdir("./71", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12019 attached [pid 12001] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 12019 [pid 12001] <... openat resumed>) = 4 [pid 12001] ioctl(4, LOOP_SET_FD, 3 [pid 12019] set_robust_list(0x55558aa90660, 24) = 0 [pid 12019] chdir("./71") = 0 [ 275.915349][T11998] BTRFS: device /dev/loop1 (7:1) using temp-fsid 6848c82f-a5a0-41f1-b5d2-2835c624e58a [ 275.933624][T12000] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 275.944472][T11998] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (11998) [pid 12019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12019] setpgid(0, 0) = 0 [pid 12019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12019] write(3, "1000", 4) = 4 [pid 12019] close(3) = 0 [pid 12019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12001] <... ioctl resumed>) = 0 [pid 12001] close(3executing program [pid 12019] write(1, "executing program\n", 18) = 18 [pid 12001] <... close resumed>) = 0 [pid 12019] memfd_create("syzkaller", 0 [pid 12001] close(4 [pid 12019] <... memfd_create resumed>) = 3 [pid 12001] <... close resumed>) = 0 [pid 12019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12001] mkdir("./file0", 0777 [pid 12019] <... mmap resumed>) = 0x7f362be00000 [pid 12001] <... mkdir resumed>) = 0 [ 275.964458][T12001] loop0: detected capacity change from 0 to 32768 [ 275.971796][T12000] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 276.009522][T12000] BTRFS info (device loop4): using free-space-tree [ 276.024045][T12001] BTRFS: device /dev/loop0 (7:0) using temp-fsid 1c3a20cf-d185-4abb-b13a-b0dbd5447ff1 [ 276.028450][T11998] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 276.058227][T12001] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12001) [ 276.066737][T11998] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 276.082540][T11998] BTRFS info (device loop1): using free-space-tree [ 276.104216][T12001] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 276.125714][T12001] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 276.137815][T12001] BTRFS info (device loop0): using free-space-tree [pid 12001] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 12004] <... write resumed>) = 16777216 [pid 12004] munmap(0x7f362be00000, 138412032) = 0 [pid 12004] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12004] close(3) = 0 [pid 12004] close(4 [pid 12001] <... mount resumed>) = 0 [pid 12001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12004] <... close resumed>) = 0 [pid 12001] <... openat resumed>) = 3 [pid 12004] mkdir("./file0", 0777 [pid 12001] chdir("./file0") = 0 [pid 12000] <... mount resumed>) = 0 [pid 12001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12004] <... mkdir resumed>) = 0 [pid 12001] ioctl(4, LOOP_CLR_FD [pid 12000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12001] <... ioctl resumed>) = 0 [pid 12001] close(4) = 0 [ 276.362731][T12004] loop3: detected capacity change from 0 to 32768 [pid 12001] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 12004] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 12001] <... openat resumed>) = 4 [pid 12000] <... openat resumed>) = 3 [pid 12001] ioctl(-1, SIOCGIFINDEX, NULL [pid 12000] chdir("./file0" [pid 12001] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12001] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12001] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12001] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12001] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12001] exit_group(0) = ? [pid 12001] +++ exited with 0 +++ [pid 12000] <... chdir resumed>) = 0 [pid 11998] <... mount resumed>) = 0 [pid 12000] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12001, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 11998] <... openat resumed>) = 3 [pid 12000] ioctl(4, LOOP_CLR_FD) = 0 [pid 11998] chdir("./file0" [pid 12000] close(4 [pid 5848] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12000] <... close resumed>) = 0 [pid 11998] <... chdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./73/binderfs") = 0 [pid 5848] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12000] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12000] <... openat resumed>) = 4 [pid 11998] ioctl(4, LOOP_CLR_FD [pid 12000] ioctl(-1, SIOCGIFINDEX, NULL [pid 11998] <... ioctl resumed>) = 0 [pid 11998] close(4 [pid 12000] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11998] <... close resumed>) = 0 [ 276.415374][T12004] BTRFS: device /dev/loop3 (7:3) using temp-fsid c3855851-64ca-4210-b425-9edf3894d216 [ 276.445412][T12004] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (12004) [pid 12000] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 12019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12000] <... write resumed>) = 280 [pid 11998] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 12000] bpf(BPF_MAP_CREATE, NULL, 0 [pid 11998] <... openat resumed>) = 4 [pid 11998] ioctl(-1, SIOCGIFINDEX, NULL [pid 12000] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 12000] bpf(BPF_PROG_LOAD, NULL, 0 [pid 11998] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12000] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 11998] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 12000] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 11998] <... write resumed>) = 280 [pid 12000] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 12000] exit_group(0 [pid 11998] bpf(BPF_MAP_CREATE, NULL, 0 [pid 12000] <... exit_group resumed>) = ? [pid 11998] <... bpf resumed>) = -1 EINVAL (Invalid argument) [ 276.491507][T12004] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12000] +++ exited with 0 +++ [pid 11998] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12000, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 11998] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] restart_syscall(<... resuming interrupted clone ...> [pid 11998] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] <... restart_syscall resumed>) = 0 [pid 11998] exit_group(0) = ? [pid 11998] +++ exited with 0 +++ [pid 5852] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11998, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=30 /* 0.30 s */} --- [ 276.542151][T12004] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 276.557917][ T5848] BTRFS info (device loop0): last unmount of filesystem 1c3a20cf-d185-4abb-b13a-b0dbd5447ff1 [pid 5852] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] newfstatat(AT_FDCWD, "./70/binderfs", [pid 5849] <... openat resumed>) = 3 [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] newfstatat(3, "", [pid 5852] unlink("./70/binderfs" [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] <... unlink resumed>) = 0 [pid 5849] getdents64(3, [pid 5852] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./71/binderfs") = 0 [ 276.589761][T12004] BTRFS info (device loop3): using free-space-tree [ 276.638325][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 276.681470][ T5849] BTRFS info (device loop1): last unmount of filesystem 6848c82f-a5a0-41f1-b5d2-2835c624e58a [pid 5849] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12004] <... mount resumed>) = 0 [pid 12004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12004] chdir("./file0") = 0 [pid 12004] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5849] <... umount2 resumed>) = 0 [pid 12004] ioctl(4, LOOP_CLR_FD) = 0 [pid 12004] close(4) = 0 [pid 12004] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./71/file0", [pid 12004] <... openat resumed>) = 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, [pid 12004] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./71/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./71") = 0 [pid 12004] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] mkdir("./72", 0777 [pid 12004] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5849] <... mkdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 12004] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12004] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 12004] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12004] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 12085 ./strace-static-x86_64: Process 12085 attached [pid 12004] exit_group(0) = ? [pid 12085] set_robust_list(0x55558aa90660, 24) = 0 [pid 12085] chdir("./72") = 0 [pid 12085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12085] setpgid(0, 0) = 0 [pid 12085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12004] +++ exited with 0 +++ [pid 12085] <... openat resumed>) = 3 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12004, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 12085] write(3, "1000", 4) = 4 [pid 12085] close(3) = 0 [pid 12085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] <... restart_syscall resumed>) = 0 [pid 5851] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12085] write(1, "executing program\n", 18 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 executing program [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12085] <... write resumed>) = 18 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12085] memfd_create("syzkaller", 0 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./69/binderfs" [pid 12085] <... memfd_create resumed>) = 3 [pid 5851] <... unlink resumed>) = 0 [pid 12085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12085] <... mmap resumed>) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./73/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./73") = 0 [pid 5848] mkdir("./74", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 12019] <... write resumed>) = 16777216 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12019] munmap(0x7f362be00000, 138412032 [ 276.981084][ T5851] BTRFS info (device loop3): last unmount of filesystem c3855851-64ca-4210-b425-9edf3894d216 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12086 attached [pid 12086] set_robust_list(0x55558aa90660, 24) = 0 [pid 12086] chdir("./74" [pid 12019] <... munmap resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 12086 [pid 12086] <... chdir resumed>) = 0 [pid 12086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12086] setpgid(0, 0) = 0 [pid 12086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12086] write(3, "1000", 4) = 4 [pid 12019] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12086] close(3 [pid 12019] <... openat resumed>) = 4 [pid 12086] <... close resumed>) = 0 [pid 12019] ioctl(4, LOOP_SET_FD, 3 [pid 12086] symlink("/dev/binderfs", "./binderfs" [pid 12019] <... ioctl resumed>) = 0 [pid 12086] <... symlink resumed>) = 0 [pid 12086] write(1, "executing program\n", 18executing program ) = 18 [pid 12086] memfd_create("syzkaller", 0) = 3 [pid 12086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12019] close(3 [pid 5852] <... umount2 resumed>) = 0 [pid 12019] <... close resumed>) = 0 [pid 5852] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12019] close(4 [pid 5852] newfstatat(AT_FDCWD, "./70/file0", [pid 12019] <... close resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12019] mkdir("./file0", 0777) = 0 [pid 5852] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 277.072478][T12019] loop2: detected capacity change from 0 to 32768 [pid 12019] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [ 277.134404][T12019] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (12019) [pid 5852] close(4) = 0 [pid 5852] rmdir("./70/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./70") = 0 [pid 5852] mkdir("./71", 0777) = 0 [ 277.193564][T12019] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 277.227516][T12019] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12090 attached [ 277.253647][T12019] BTRFS info (device loop2): using free-space-tree , child_tidptr=0x55558aa90650) = 12090 [pid 12090] set_robust_list(0x55558aa90660, 24) = 0 [pid 12090] chdir("./71") = 0 [pid 12090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12090] setpgid(0, 0) = 0 [pid 12090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12090] write(3, "1000", 4) = 4 [pid 12090] close(3) = 0 [pid 12090] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 12090] write(1, "executing program\n", 18) = 18 [pid 12090] memfd_create("syzkaller", 0) = 3 [pid 12090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12019] <... mount resumed>) = 0 [pid 12019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12019] chdir("./file0") = 0 [pid 12019] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12019] ioctl(4, LOOP_CLR_FD) = 0 [pid 12019] close(4) = 0 [pid 12019] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12019] ioctl(-1, SIOCGIFINDEX, NULL [pid 12085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12019] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12019] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12019] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12019] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12019] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12019] exit_group(0) = ? [pid 12019] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12019, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=25 /* 0.25 s */} --- [pid 5851] <... umount2 resumed>) = 0 [pid 5850] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 5850] <... openat resumed>) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./71/binderfs") = 0 [pid 5850] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./69/file0") = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./69") = 0 [pid 5851] mkdir("./70", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12104 ./strace-static-x86_64: Process 12104 attached [pid 12104] set_robust_list(0x55558aa90660, 24) = 0 [pid 12104] chdir("./70") = 0 [pid 12104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12104] setpgid(0, 0) = 0 [ 277.620721][ T5850] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216executing program [pid 12104] <... openat resumed>) = 3 [pid 12104] write(3, "1000", 4) = 4 [pid 12104] close(3) = 0 [pid 12104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12104] write(1, "executing program\n", 18) = 18 [pid 12104] memfd_create("syzkaller", 0) = 3 [pid 12104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12086] <... write resumed>) = 16777216 [pid 12086] munmap(0x7f362be00000, 138412032) = 0 [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12086] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12086] <... openat resumed>) = 4 [pid 12086] ioctl(4, LOOP_SET_FD, 3 [pid 5850] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12085] <... write resumed>) = 16777216 [pid 5850] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12085] munmap(0x7f362be00000, 138412032 [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12086] <... ioctl resumed>) = 0 [pid 12086] close(3 [pid 5850] <... openat resumed>) = 4 [pid 12086] <... close resumed>) = 0 [pid 5850] newfstatat(4, "", [pid 12086] close(4) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12086] mkdir("./file0", 0777) = 0 [pid 12086] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./71/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3 [pid 12085] <... munmap resumed>) = 0 [pid 5850] <... close resumed>) = 0 [ 277.926370][T12086] loop0: detected capacity change from 0 to 32768 [ 277.956715][T12086] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12086) [pid 5850] rmdir("./71" [pid 12085] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] <... rmdir resumed>) = 0 [pid 12085] <... openat resumed>) = 4 [pid 5850] mkdir("./72", 0777 [pid 12085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] <... mkdir resumed>) = 0 [pid 12085] close(3 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 12085] <... close resumed>) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12085] close(4./strace-static-x86_64: Process 12105 attached ) = 0 [pid 12085] mkdir("./file0", 0777 [pid 12105] set_robust_list(0x55558aa90660, 24) = 0 [pid 12085] <... mkdir resumed>) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 12105 [ 278.014908][T12085] loop1: detected capacity change from 0 to 32768 [ 278.016035][T12086] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12105] chdir("./72") = 0 [pid 12085] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 12105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12105] setpgid(0, 0 [pid 12104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12105] <... setpgid resumed>) = 0 [pid 12105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12105] write(3, "1000", 4) = 4 [ 278.071737][T12085] BTRFS: device /dev/loop1 (7:1) using temp-fsid 7f2190fc-4b32-46af-8cfb-beed6760aa0f [ 278.086434][T12086] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 278.108593][T12085] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (12085) [pid 12105] close(3) = 0 [pid 12105] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12105] write(1, "executing program\n", 18) = 18 [pid 12105] memfd_create("syzkaller", 0) = 3 [pid 12105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12090] <... write resumed>) = 16777216 [pid 12090] munmap(0x7f362be00000, 138412032) = 0 [ 278.136073][T12086] BTRFS info (device loop0): using free-space-tree [ 278.171733][T12085] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12090] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12090] close(3) = 0 [pid 12090] close(4) = 0 [ 278.229813][T12085] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 278.261427][T12090] loop4: detected capacity change from 0 to 32768 [ 278.268638][T12085] BTRFS info (device loop1): using free-space-tree [pid 12090] mkdir("./file0", 0777) = 0 [pid 12090] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 12086] <... mount resumed>) = 0 [pid 12086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12086] chdir("./file0") = 0 [pid 12086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12086] ioctl(4, LOOP_CLR_FD) = 0 [pid 12086] close(4) = 0 [ 278.312619][T12090] BTRFS: device /dev/loop4 (7:4) using temp-fsid d2df9d2d-3e1e-4c81-8010-e1cb96beea26 [pid 12086] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12086] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12086] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12086] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12086] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12086] exit_group(0) = ? [pid 12086] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12086, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- [ 278.350079][T12090] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (12090) [pid 5848] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./74/binderfs") = 0 [ 278.440914][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 278.470764][T12090] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12085] <... mount resumed>) = 0 [pid 12085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12085] chdir("./file0") = 0 [pid 12085] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12085] ioctl(4, LOOP_CLR_FD) = 0 [ 278.515355][T12090] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 12085] close(4) = 0 [pid 12085] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12085] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12085] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12085] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12085] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12085] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12085] exit_group(0) = ? [pid 12085] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12085, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 278.571536][T12090] BTRFS info (device loop4): using free-space-tree [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./72/binderfs") = 0 [pid 5849] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12104] <... write resumed>) = 16777216 [pid 12104] munmap(0x7f362be00000, 138412032 [ 278.690534][ T5849] BTRFS info (device loop1): last unmount of filesystem 7f2190fc-4b32-46af-8cfb-beed6760aa0f [pid 12105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5848] <... umount2 resumed>) = 0 [pid 12104] <... munmap resumed>) = 0 [pid 5848] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12104] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] newfstatat(AT_FDCWD, "./74/file0", [pid 12104] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12104] ioctl(4, LOOP_SET_FD, 3 [pid 5848] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./74/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12090] <... mount resumed>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5848] close(3 [pid 12090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] <... close resumed>) = 0 [pid 12090] <... openat resumed>) = 3 [pid 5849] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] rmdir("./74") = 0 [pid 12090] chdir("./file0") = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12090] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] newfstatat(AT_FDCWD, "./72/file0", [pid 12090] <... openat resumed>) = 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] mkdir("./75", 0777 [pid 12090] ioctl(4, LOOP_CLR_FD [pid 5849] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... mkdir resumed>) = 0 [pid 12090] <... ioctl resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12090] close(4 [pid 5849] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... openat resumed>) = 3 [pid 12090] <... close resumed>) = 0 [pid 5849] <... openat resumed>) = 4 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 12090] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] newfstatat(4, "", [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12090] <... openat resumed>) = 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] close(3 [pid 5849] getdents64(4, [pid 5848] <... close resumed>) = 0 [pid 12090] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 12090] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] getdents64(4, [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12155 attached [pid 12090] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 12090] <... write resumed>) = 280 [pid 5849] close(4 [pid 12155] set_robust_list(0x55558aa90660, 24 [pid 12090] bpf(BPF_MAP_CREATE, NULL, 0 [pid 12155] <... set_robust_list resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 12155] chdir("./75" [pid 12104] <... ioctl resumed>) = 0 [pid 12090] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] rmdir("./72/file0" [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 12155 [pid 12155] <... chdir resumed>) = 0 [pid 12104] close(3 [pid 12090] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5849] <... rmdir resumed>) = 0 [pid 12155] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12104] <... close resumed>) = 0 [pid 12090] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5849] getdents64(3, [pid 12155] <... prctl resumed>) = 0 [pid 12104] close(4 [pid 12090] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12155] setpgid(0, 0 [pid 12104] <... close resumed>) = 0 [pid 12090] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5849] close(3 [pid 12104] mkdir("./file0", 0777 [pid 12090] exit_group(0 [pid 5849] <... close resumed>) = 0 [ 278.756914][T12104] loop3: detected capacity change from 0 to 32768 [pid 12155] <... setpgid resumed>) = 0 [pid 12104] <... mkdir resumed>) = 0 [pid 12090] <... exit_group resumed>) = ? [pid 5849] rmdir("./72" [pid 12155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] <... rmdir resumed>) = 0 [pid 12155] write(3, "1000", 4 [pid 5849] mkdir("./73", 0777 [pid 12155] <... write resumed>) = 4 [pid 5849] <... mkdir resumed>) = 0 [pid 12155] close(3 [pid 12104] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 12090] +++ exited with 0 +++ [pid 12155] <... close resumed>) = 0 [pid 12155] symlink("/dev/binderfs", "./binderfs" [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12090, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=20 /* 0.20 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 12155] <... symlink resumed>) = 0 [pid 5852] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5852] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] newfstatat(3, "", [pid 5849] close(3 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... close resumed>) = 0 [pid 5852] getdents64(3, [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 12156 attached [pid 12155] write(1, "executing program\n", 18 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 12156] set_robust_list(0x55558aa90660, 24 [pid 12155] <... write resumed>) = 18 [pid 5852] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 12156 [pid 12156] <... set_robust_list resumed>) = 0 [pid 12155] memfd_create("syzkaller", 0 [pid 5852] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./71/binderfs" [pid 12156] chdir("./73" [pid 12155] <... memfd_create resumed>) = 3 [pid 5852] <... unlink resumed>) = 0 [pid 5852] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12156] <... chdir resumed>) = 0 [pid 12155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12156] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12155] <... mmap resumed>) = 0x7f362be00000 [pid 12156] <... prctl resumed>) = 0 [pid 12156] setpgid(0, 0) = 0 [ 278.830704][T12104] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (12104) [pid 12156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 278.884798][T12104] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 278.908200][ T5852] BTRFS info (device loop4): last unmount of filesystem d2df9d2d-3e1e-4c81-8010-e1cb96beea26 [pid 12156] write(3, "1000", 4) = 4 [pid 12156] close(3) = 0 [pid 12156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12156] write(1, "executing program\n", 18executing program ) = 18 [pid 12156] memfd_create("syzkaller", 0) = 3 [pid 12156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 278.932202][T12104] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 278.965504][T12104] BTRFS info (device loop3): using free-space-tree [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./71/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./71") = 0 [pid 5852] mkdir("./72", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = 0 [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12172 ./strace-static-x86_64: Process 12172 attached [pid 12172] set_robust_list(0x55558aa90660, 24 [pid 12155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12172] <... set_robust_list resumed>) = 0 [pid 12172] chdir("./72") = 0 [pid 12172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12104] <... mount resumed>) = 0 [pid 12104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12172] setpgid(0, 0) = 0 [pid 12105] <... write resumed>) = 16777216 [pid 12172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12104] chdir("./file0" [pid 12172] write(3, "1000", 4 [pid 12104] <... chdir resumed>) = 0 [pid 12172] <... write resumed>) = 4 [pid 12104] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12172] close(3) = 0 [pid 12172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12104] <... openat resumed>) = 4 [pid 12104] ioctl(4, LOOP_CLR_FD) = 0 executing program [pid 12172] write(1, "executing program\n", 18 [pid 12104] close(4 [pid 12172] <... write resumed>) = 18 [pid 12105] munmap(0x7f362be00000, 138412032 [pid 12172] memfd_create("syzkaller", 0 [pid 12104] <... close resumed>) = 0 [pid 12104] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 12172] <... memfd_create resumed>) = 3 [pid 12104] <... openat resumed>) = 4 [pid 12172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12104] ioctl(-1, SIOCGIFINDEX, NULL [pid 12105] <... munmap resumed>) = 0 [pid 12104] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12104] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 12105] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12104] <... write resumed>) = 280 [pid 12105] ioctl(4, LOOP_SET_FD, 3 [pid 12104] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12104] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12104] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12104] exit_group(0) = ? [pid 12104] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12104, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=24 /* 0.24 s */} --- [pid 12105] <... ioctl resumed>) = 0 [pid 12105] close(3) = 0 [pid 12105] close(4) = 0 [pid 5851] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12105] mkdir("./file0", 0777 [pid 5851] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12105] <... mkdir resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 279.291171][T12105] loop2: detected capacity change from 0 to 32768 [pid 5851] getdents64(3, [pid 12105] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./70/binderfs") = 0 [ 279.384923][T12105] BTRFS: device /dev/loop2 (7:2) using temp-fsid 3b53ec15-9428-4dec-8687-88f47367d137 [ 279.433011][T12105] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (12105) [ 279.490368][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 279.563162][T12105] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 279.594478][T12105] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 5851] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12155] <... write resumed>) = 16777216 [pid 12156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12155] munmap(0x7f362be00000, 138412032) = 0 [ 279.649329][T12105] BTRFS info (device loop2): using free-space-tree [pid 12155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12155] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... umount2 resumed>) = 0 [pid 5851] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12155] <... ioctl resumed>) = 0 [pid 5851] getdents64(4, [pid 12155] close(3 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 12155] <... close resumed>) = 0 [ 279.735741][T12155] loop0: detected capacity change from 0 to 32768 [pid 5851] getdents64(4, [pid 12155] close(4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 12155] <... close resumed>) = 0 [pid 12155] mkdir("./file0", 0777) = 0 [pid 5851] rmdir("./70/file0" [pid 12105] <... mount resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, [pid 12105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12105] chdir("./file0" [pid 5851] close(3 [pid 12105] <... chdir resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 12155] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 12105] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] rmdir("./70" [pid 12105] <... openat resumed>) = 4 [pid 5851] <... rmdir resumed>) = 0 [pid 12105] ioctl(4, LOOP_CLR_FD [pid 5851] mkdir("./71", 0777 [pid 12105] <... ioctl resumed>) = 0 [pid 5851] <... mkdir resumed>) = 0 [pid 12105] close(4) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12105] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] <... openat resumed>) = 3 [pid 12105] <... openat resumed>) = 4 [pid 12105] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12105] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5851] ioctl(3, LOOP_CLR_FD [pid 12105] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12105] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5851] close(3 [pid 12105] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5851] <... close resumed>) = 0 [pid 12105] exit_group(0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12105] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 12191 attached [pid 12105] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12105, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 12191] set_robust_list(0x55558aa90660, 24 [pid 12172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 279.822140][T12155] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12155) [pid 5850] restart_syscall(<... resuming interrupted clone ...> [pid 12191] <... set_robust_list resumed>) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 12191 [pid 12191] chdir("./71" [pid 5850] <... restart_syscall resumed>) = 0 [pid 12191] <... chdir resumed>) = 0 [pid 12191] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12191] <... prctl resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./72/binderfs" [pid 12191] setpgid(0, 0 [pid 5850] <... unlink resumed>) = 0 [pid 12191] <... setpgid resumed>) = 0 [pid 5850] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 279.907843][T12155] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 279.939267][T12155] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 12191] write(3, "1000", 4) = 4 [pid 12191] close(3) = 0 [pid 12191] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12191] write(1, "executing program\n", 18) = 18 [pid 12191] memfd_create("syzkaller", 0) = 3 [pid 12191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 279.960350][T12155] BTRFS info (device loop0): using free-space-tree [ 279.971787][ T5850] BTRFS info (device loop2): last unmount of filesystem 3b53ec15-9428-4dec-8687-88f47367d137 [pid 12156] <... write resumed>) = 16777216 [pid 12155] <... mount resumed>) = 0 [pid 12155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12155] chdir("./file0") = 0 [pid 12155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12155] ioctl(4, LOOP_CLR_FD) = 0 [pid 12155] close(4) = 0 [pid 12155] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12156] munmap(0x7f362be00000, 138412032 [pid 12155] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12155] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12155] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12155] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12155] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12155] exit_group(0) = ? [pid 12155] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12155, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 12156] <... munmap resumed>) = 0 [pid 12156] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12156] <... openat resumed>) = 4 [pid 5848] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./75/binderfs") = 0 [pid 5848] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12156] close(3) = 0 [pid 12156] close(4) = 0 [pid 12172] <... write resumed>) = 16777216 [pid 12156] mkdir("./file0", 0777) = 0 [pid 12156] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [ 280.235152][T12156] loop1: detected capacity change from 0 to 32768 [ 280.266695][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12172] munmap(0x7f362be00000, 138412032) = 0 [pid 12172] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 280.291853][T12156] BTRFS: device /dev/loop1 (7:1) using temp-fsid 29984f03-f67f-4428-beb7-c03fcb98ff42 [ 280.328013][T12156] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (12156) [pid 12172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12172] close(3) = 0 [pid 12172] close(4) = 0 [ 280.344199][T12172] loop4: detected capacity change from 0 to 32768 [ 280.364356][T12156] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 280.381248][T12156] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 12172] mkdir("./file0", 0777) = 0 [ 280.419785][T12156] BTRFS info (device loop1): using free-space-tree [ 280.430914][T12172] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (12172) [pid 12172] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./72/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 12191] <... write resumed>) = 16777216 [pid 5850] rmdir("./72" [pid 12191] munmap(0x7f362be00000, 138412032 [pid 5850] <... rmdir resumed>) = 0 [pid 12191] <... munmap resumed>) = 0 [ 280.518838][T12172] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 280.550851][T12172] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] mkdir("./73", 0777) = 0 [pid 12191] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12191] ioctl(4, LOOP_SET_FD, 3 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12191] <... ioctl resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 12191] close(3 [ 280.597071][T12172] BTRFS info (device loop4): using free-space-tree [ 280.607280][T12191] loop3: detected capacity change from 0 to 32768 [pid 5850] ioctl(3, LOOP_CLR_FD [pid 12191] <... close resumed>) = 0 [pid 5850] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] close(3 [pid 12191] close(4) = 0 [pid 12191] mkdir("./file0", 0777) = 0 [pid 5850] <... close resumed>) = 0 [pid 12191] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12227 ./strace-static-x86_64: Process 12227 attached [pid 12227] set_robust_list(0x55558aa90660, 24) = 0 [pid 12227] chdir("./73") = 0 [pid 12227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12227] setpgid(0, 0) = 0 [pid 12227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12227] write(3, "1000", 4) = 4 [pid 12227] close(3) = 0 [pid 12227] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12227] write(1, "executing program\n", 18) = 18 [pid 12227] memfd_create("syzkaller", 0 [pid 5848] <... umount2 resumed>) = 0 [pid 12227] <... memfd_create resumed>) = 3 [pid 5848] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./75/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 12156] <... mount resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./75" [pid 12156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] <... rmdir resumed>) = 0 [pid 12156] <... openat resumed>) = 3 [ 280.672839][T12191] BTRFS: device /dev/loop3 (7:3) using temp-fsid 65e4faae-766d-451a-915a-e08084e47ec0 [ 280.705601][T12191] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (12191) [pid 5848] mkdir("./76", 0777 [pid 12156] chdir("./file0" [pid 5848] <... mkdir resumed>) = 0 [pid 12156] <... chdir resumed>) = 0 [pid 12156] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] <... openat resumed>) = 3 [pid 12156] close(4) = 0 [pid 12156] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 12156] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12156] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] close(3 [pid 12156] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12156] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5848] <... close resumed>) = 0 [pid 12172] <... mount resumed>) = 0 [pid 12156] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 12156] bpf(BPF_PROG_LOAD, NULL, 0 [pid 12172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12156] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 12172] <... openat resumed>) = 3 [pid 12156] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12156] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 12156] exit_group(0) = ? ./strace-static-x86_64: Process 12242 attached [pid 12156] +++ exited with 0 +++ [pid 12172] chdir("./file0" [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 12242 [pid 12242] set_robust_list(0x55558aa90660, 24 [pid 12172] <... chdir resumed>) = 0 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12156, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=31 /* 0.31 s */} --- [pid 12242] <... set_robust_list resumed>) = 0 [ 280.745804][T12191] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 280.765312][T12191] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 12242] chdir("./76" [pid 12172] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 12242] <... chdir resumed>) = 0 [pid 12172] <... openat resumed>) = 4 [pid 5849] <... restart_syscall resumed>) = 0 [pid 12242] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12172] ioctl(4, LOOP_CLR_FD [pid 12242] <... prctl resumed>) = 0 [pid 12172] <... ioctl resumed>) = 0 [pid 12172] close(4 [pid 12242] setpgid(0, 0 [pid 12172] <... close resumed>) = 0 [pid 12242] <... setpgid resumed>) = 0 [pid 12172] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 12242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12242] <... openat resumed>) = 3 [pid 12172] <... openat resumed>) = 4 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12242] write(3, "1000", 4 [pid 5849] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12242] <... write resumed>) = 4 [pid 12172] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] <... openat resumed>) = 3 [pid 12242] close(3 [pid 5849] newfstatat(3, "", [pid 12242] <... close resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12242] symlink("/dev/binderfs", "./binderfs" [pid 5849] getdents64(3, [pid 12242] <... symlink resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 executing program [pid 12242] write(1, "executing program\n", 18 [pid 5849] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12242] <... write resumed>) = 18 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12242] memfd_create("syzkaller", 0 [pid 5849] newfstatat(AT_FDCWD, "./73/binderfs", [pid 12242] <... memfd_create resumed>) = 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12172] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5849] unlink("./73/binderfs" [pid 12172] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 12242] <... mmap resumed>) = 0x7f362be00000 [pid 12172] <... write resumed>) = 280 [pid 5849] <... unlink resumed>) = 0 [pid 12172] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5849] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12172] <... bpf resumed>) = -1 EINVAL (Invalid argument) [ 280.821707][T12191] BTRFS info (device loop3): using free-space-tree [pid 12172] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12172] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12172] exit_group(0) = ? [pid 12172] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12172, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=32 /* 0.32 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [ 280.884333][ T5849] BTRFS info (device loop1): last unmount of filesystem 29984f03-f67f-4428-beb7-c03fcb98ff42 [pid 5852] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./72/binderfs") = 0 [pid 5852] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12191] <... mount resumed>) = 0 [ 281.051079][ T5852] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12191] chdir("./file0") = 0 [pid 12191] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12191] ioctl(4, LOOP_CLR_FD) = 0 [pid 12191] close(4) = 0 [pid 12191] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12191] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12191] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12191] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12191] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12191] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12191] exit_group(0) = ? [pid 12191] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12191, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5851] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./71/binderfs") = 0 [pid 5851] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [ 281.270583][ T5851] BTRFS info (device loop3): last unmount of filesystem 65e4faae-766d-451a-915a-e08084e47ec0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./73/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./73") = 0 [pid 5849] mkdir("./74", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12258 attached [pid 12258] set_robust_list(0x55558aa90660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 12258 [pid 12258] <... set_robust_list resumed>) = 0 [pid 12258] chdir("./74") = 0 [pid 12258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12258] setpgid(0, 0) = 0 [pid 12258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12258] write(3, "1000", 4) = 4 [pid 12258] close(3) = 0 [pid 12258] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12258] write(1, "executing program\n", 18) = 18 [pid 12258] memfd_create("syzkaller", 0) = 3 [pid 12258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 [pid 5852] rmdir("./72/file0") = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [pid 5852] rmdir("./72") = 0 [pid 5852] mkdir("./73", 0777) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12259 attached , child_tidptr=0x55558aa90650) = 12259 [pid 12259] set_robust_list(0x55558aa90660, 24) = 0 [pid 12259] chdir("./73") = 0 [pid 12242] <... write resumed>) = 16777216 [pid 12259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12259] setpgid(0, 0 [pid 12242] munmap(0x7f362be00000, 138412032) = 0 [pid 12259] <... setpgid resumed>) = 0 [pid 12259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12259] <... openat resumed>) = 3 [pid 12242] ioctl(4, LOOP_SET_FD, 3 [pid 12259] write(3, "1000", 4) = 4 [pid 12259] close(3) = 0 [pid 12259] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12259] write(1, "executing program\n", 18) = 18 [pid 12259] memfd_create("syzkaller", 0 [pid 12242] <... ioctl resumed>) = 0 [pid 12259] <... memfd_create resumed>) = 3 [pid 12242] close(3 [pid 12259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12242] <... close resumed>) = 0 [pid 12259] <... mmap resumed>) = 0x7f362be00000 [pid 12242] close(4) = 0 [pid 12242] mkdir("./file0", 0777) = 0 [ 281.547283][T12242] loop0: detected capacity change from 0 to 32768 [ 281.574555][T12242] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12242) [pid 12242] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... umount2 resumed>) = 0 [pid 12227] <... write resumed>) = 16777216 [pid 5851] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./71/file0") = 0 [pid 12227] munmap(0x7f362be00000, 138412032 [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./71") = 0 [pid 5851] mkdir("./72", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12260 ./strace-static-x86_64: Process 12260 attached [pid 12260] set_robust_list(0x55558aa90660, 24) = 0 [pid 12260] chdir("./72") = 0 [pid 12260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12260] setpgid(0, 0) = 0 [pid 12260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12260] write(3, "1000", 4) = 4 [pid 12227] <... munmap resumed>) = 0 [pid 12260] close(3) = 0 executing program [pid 12260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12260] write(1, "executing program\n", 18) = 18 [pid 12260] memfd_create("syzkaller", 0) = 3 [pid 12260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12227] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 281.627795][T12242] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 281.663633][T12242] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 281.685393][T12227] loop2: detected capacity change from 0 to 32768 [ 281.699367][T12242] BTRFS info (device loop0): using free-space-tree [pid 12227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12227] close(3) = 0 [pid 12227] close(4) = 0 [pid 12227] mkdir("./file0", 0777) = 0 [pid 12227] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 281.729421][T12227] BTRFS: device /dev/loop2 (7:2) using temp-fsid 6cc8a03d-ce72-43ad-b27e-145bfde35b94 [ 281.776415][T12227] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (12227) [ 281.869391][T12227] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 281.880418][T12227] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 281.890179][T12227] BTRFS info (device loop2): using free-space-tree [pid 12258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12242] <... mount resumed>) = 0 [pid 12242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12242] chdir("./file0") = 0 [pid 12242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12242] ioctl(4, LOOP_CLR_FD) = 0 [pid 12242] close(4) = 0 [pid 12242] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12242] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12242] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12242] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12242] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12242] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12242] exit_group(0) = ? [pid 12242] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12242, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./76/binderfs") = 0 [pid 5848] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 282.010751][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12227] <... mount resumed>) = 0 [pid 12227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12227] chdir("./file0") = 0 [pid 12227] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12227] ioctl(4, LOOP_CLR_FD) = 0 [pid 12227] close(4) = 0 [pid 12227] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12227] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12227] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12227] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12227] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12227] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12227] exit_group(0) = ? [pid 12227] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12227, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./73/binderfs") = 0 [ 282.250254][ T5850] BTRFS info (device loop2): last unmount of filesystem 6cc8a03d-ce72-43ad-b27e-145bfde35b94 [pid 5850] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12258] <... write resumed>) = 16777216 [pid 12258] munmap(0x7f362be00000, 138412032) = 0 [pid 12258] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12258] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... umount2 resumed>) = 0 [pid 12258] <... ioctl resumed>) = 0 [pid 12258] close(3) = 0 [pid 12258] close(4) = 0 [pid 12258] mkdir("./file0", 0777) = 0 [pid 12258] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 12259] <... write resumed>) = 16777216 [pid 12260] <... write resumed>) = 16777216 [pid 12259] munmap(0x7f362be00000, 138412032 [pid 5848] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 12260] munmap(0x7f362be00000, 138412032 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./76/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./76") = 0 [pid 5848] mkdir("./77", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12293 ./strace-static-x86_64: Process 12293 attached [ 282.380456][T12258] loop1: detected capacity change from 0 to 32768 [ 282.415856][T12258] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (12258) [pid 12259] <... munmap resumed>) = 0 [pid 12293] set_robust_list(0x55558aa90660, 24) = 0 [pid 12293] chdir("./77") = 0 [pid 12293] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12259] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12293] <... prctl resumed>) = 0 [pid 12293] setpgid(0, 0) = 0 [pid 12259] <... openat resumed>) = 4 [pid 12293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12260] <... munmap resumed>) = 0 [pid 12259] ioctl(4, LOOP_SET_FD, 3 [pid 12293] <... openat resumed>) = 3 [ 282.474969][T12258] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 282.498979][T12259] loop4: detected capacity change from 0 to 32768 [ 282.499392][T12258] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 12293] write(3, "1000", 4 [pid 12260] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12259] <... ioctl resumed>) = 0 [pid 12293] <... write resumed>) = 4 [pid 12260] <... openat resumed>) = 4 [pid 12293] close(3 [pid 12260] ioctl(4, LOOP_SET_FD, 3 [pid 12293] <... close resumed>) = 0 [pid 12260] <... ioctl resumed>) = 0 [pid 12293] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12293] write(1, "executing program\n", 18 [pid 12260] close(3 [pid 12259] close(3 [pid 12293] <... write resumed>) = 18 [pid 12259] <... close resumed>) = 0 [pid 12293] memfd_create("syzkaller", 0 [pid 12260] <... close resumed>) = 0 [pid 12259] close(4 [pid 12293] <... memfd_create resumed>) = 3 [pid 12260] close(4 [pid 12259] <... close resumed>) = 0 [pid 12260] <... close resumed>) = 0 [ 282.520288][T12260] loop3: detected capacity change from 0 to 32768 [pid 12259] mkdir("./file0", 0777 [pid 12293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12260] mkdir("./file0", 0777 [pid 12259] <... mkdir resumed>) = 0 [pid 12293] <... mmap resumed>) = 0x7f362be00000 [pid 12259] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 12260] <... mkdir resumed>) = 0 [pid 12260] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./73/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./73") = 0 [pid 5850] mkdir("./74", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12298 attached , child_tidptr=0x55558aa90650) = 12298 [pid 12298] set_robust_list(0x55558aa90660, 24) = 0 [pid 12298] chdir("./74") = 0 [pid 12298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12298] setpgid(0, 0) = 0 [pid 12298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12298] write(3, "1000", 4) = 4 [pid 12298] close(3) = 0 [pid 12298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12298] write(1, "executing program\n", 18executing program ) = 18 [ 282.552023][T12259] BTRFS: device /dev/loop4 (7:4) using temp-fsid 15c7cbee-bdbf-4378-bacc-e100a5840237 [ 282.569689][T12258] BTRFS info (device loop1): using free-space-tree [ 282.580183][T12259] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (12259) [pid 12298] memfd_create("syzkaller", 0) = 3 [pid 12298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 282.656485][T12260] BTRFS: device /dev/loop3 (7:3) using temp-fsid 28961366-4a76-4867-ab77-b939db57d252 [ 282.672054][T12259] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 282.702865][T12260] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (12260) [ 282.729801][T12259] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 282.749567][T12259] BTRFS info (device loop4): using free-space-tree [ 282.768509][T12260] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12258] <... mount resumed>) = 0 [pid 12258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12258] chdir("./file0") = 0 [pid 12258] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12258] ioctl(4, LOOP_CLR_FD) = 0 [pid 12258] close(4) = 0 [pid 12258] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 282.815986][T12260] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 12258] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12258] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12258] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12258] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12258] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12258] exit_group(0) = ? [pid 12258] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12258, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=26 /* 0.26 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./74/binderfs") = 0 [ 282.886758][T12260] BTRFS info (device loop3): using free-space-tree [pid 5849] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12259] <... mount resumed>) = 0 [pid 12259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12259] chdir("./file0") = 0 [ 282.980247][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12259] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12259] ioctl(4, LOOP_CLR_FD) = 0 [pid 12259] close(4) = 0 [pid 12259] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12259] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12259] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12259] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12259] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12259] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12259] exit_group(0) = ? [pid 12259] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12259, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=21 /* 0.21 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 12260] <... mount resumed>) = 0 [pid 5852] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = 0 [pid 12260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5849] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12260] <... openat resumed>) = 3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12260] chdir("./file0" [pid 5849] newfstatat(AT_FDCWD, "./74/file0", [pid 12260] <... chdir resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12260] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12260] <... openat resumed>) = 4 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12260] ioctl(4, LOOP_CLR_FD [pid 5849] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12260] <... ioctl resumed>) = 0 [pid 5849] <... openat resumed>) = 4 [pid 12260] close(4 [pid 5849] newfstatat(4, "", [pid 12260] <... close resumed>) = 0 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12260] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5849] getdents64(4, [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./73/binderfs" [pid 12298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12260] <... openat resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./74/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12260] ioctl(-1, SIOCGIFINDEX, NULL [pid 5849] close(3) = 0 [pid 12260] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12260] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5849] rmdir("./74" [pid 12260] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] <... unlink resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 12260] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 12260] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12260] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12260] exit_group(0 [pid 5852] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12260] <... exit_group resumed>) = ? [pid 12260] +++ exited with 0 +++ [pid 5849] mkdir("./75", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12260, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5849] <... openat resumed>) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] close(3 [pid 5851] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... close resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] getdents64(3, ./strace-static-x86_64: Process 12343 attached 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 12343 [pid 12343] set_robust_list(0x55558aa90660, 24 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12343] <... set_robust_list resumed>) = 0 [pid 5851] newfstatat(AT_FDCWD, "./72/binderfs", [pid 12343] chdir("./75" [pid 5851] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12343] <... chdir resumed>) = 0 [pid 5851] unlink("./72/binderfs" [pid 12343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12343] setpgid(0, 0 [pid 5851] <... unlink resumed>) = 0 [pid 5851] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12343] <... setpgid resumed>) = 0 [pid 12343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12343] write(3, "1000", 4) = 4 [pid 12343] close(3) = 0 [pid 12343] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 12343] write(1, "executing program\n", 18) = 18 [pid 12343] memfd_create("syzkaller", 0) = 3 [pid 12343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 283.233817][ T5852] BTRFS info (device loop4): last unmount of filesystem 15c7cbee-bdbf-4378-bacc-e100a5840237 [ 283.283322][ T5851] BTRFS info (device loop3): last unmount of filesystem 28961366-4a76-4867-ab77-b939db57d252 [pid 12293] <... write resumed>) = 16777216 [pid 12293] munmap(0x7f362be00000, 138412032) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 12293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12293] ioctl(4, LOOP_SET_FD, 3 [pid 5851] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, [pid 12293] <... ioctl resumed>) = 0 [pid 12293] close(3 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [ 283.472749][T12293] loop0: detected capacity change from 0 to 32768 [pid 5851] getdents64(4, [pid 12293] <... close resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 12293] close(4 [pid 5851] close(4 [pid 12293] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 12293] mkdir("./file0", 0777 [pid 5851] rmdir("./72/file0" [pid 12293] <... mkdir resumed>) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5851] getdents64(3, [pid 12293] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./72") = 0 [ 283.520730][T12293] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12293) [pid 5851] mkdir("./73", 0777) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5851] ioctl(3, LOOP_CLR_FD) = 0 [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12345 ./strace-static-x86_64: Process 12345 attached [pid 12345] set_robust_list(0x55558aa90660, 24) = 0 [pid 12345] chdir("./73") = 0 [pid 12345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 283.614369][T12293] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12345] setpgid(0, 0) = 0 [pid 12345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 283.659368][T12293] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 12345] write(3, "1000", 4 [pid 5852] <... umount2 resumed>) = 0 [pid 12345] <... write resumed>) = 4 [pid 12298] <... write resumed>) = 16777216 [pid 12345] close(3) = 0 [pid 12345] symlink("/dev/binderfs", "./binderfs" [pid 5852] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./73/file0", [pid 12345] <... symlink resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 12345] write(1, "executing program\n", 18 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5852] close(4) = 0 executing program [pid 12345] <... write resumed>) = 18 [pid 5852] rmdir("./73/file0" [pid 12345] memfd_create("syzkaller", 0 [pid 5852] <... rmdir resumed>) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12298] munmap(0x7f362be00000, 138412032 [pid 5852] close(3 [pid 12345] <... memfd_create resumed>) = 3 [pid 5852] <... close resumed>) = 0 [pid 5852] rmdir("./73") = 0 [pid 5852] mkdir("./74", 0777) = 0 [pid 12345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12345] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... openat resumed>) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12350 attached [pid 12350] set_robust_list(0x55558aa90660, 24 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 12350 [pid 12350] <... set_robust_list resumed>) = 0 [pid 12350] chdir("./74") = 0 [pid 12350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12350] setpgid(0, 0) = 0 [ 283.705510][T12293] BTRFS info (device loop0): using free-space-tree [pid 12350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12298] <... munmap resumed>) = 0 [pid 12350] write(3, "1000", 4) = 4 [pid 12350] close(3) = 0 [pid 12350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12298] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 12350] write(1, "executing program\n", 18) = 18 [pid 12298] <... openat resumed>) = 4 [pid 12350] memfd_create("syzkaller", 0 [pid 12298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12350] <... memfd_create resumed>) = 3 [pid 12350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12298] close(3) = 0 [pid 12298] close(4) = 0 [pid 12298] mkdir("./file0", 0777) = 0 [ 283.791672][T12298] loop2: detected capacity change from 0 to 32768 [pid 12298] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 283.874387][T12298] BTRFS: device /dev/loop2 (7:2) using temp-fsid d6b8b2f1-a801-4582-aa6c-cfaa8f47665d [ 283.939158][T12298] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (12298) [pid 12345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 12345] munmap(0x7f362be00000, 138412032) = 0 [pid 12293] <... mount resumed>) = 0 [pid 12293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12293] chdir("./file0") = 0 [pid 12345] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12293] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12345] <... openat resumed>) = 4 [pid 12293] <... openat resumed>) = 4 [pid 12345] ioctl(4, LOOP_SET_FD, 3 [pid 12293] ioctl(4, LOOP_CLR_FD) = 0 [ 284.059518][T12298] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 284.078740][T12298] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 284.083930][T12345] loop3: detected capacity change from 0 to 32768 [pid 12293] close(4) = 0 [pid 12293] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12293] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12293] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12293] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12293] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12293] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12293] exit_group(0) = ? [pid 12293] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12293, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=22 /* 0.22 s */} --- [pid 5848] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12345] <... ioctl resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 12345] close(3 [pid 5848] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12345] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12345] close(4 [pid 5848] newfstatat(AT_FDCWD, "./77/binderfs", [pid 12345] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12345] mkdir("./file0", 0777 [pid 5848] unlink("./77/binderfs" [pid 12345] <... mkdir resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 12345] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [ 284.109279][T12298] BTRFS info (device loop2): using free-space-tree [ 284.158451][T12345] BTRFS: device /dev/loop3 (7:3) using temp-fsid c270d507-65ae-4af3-a425-28cee07f447c [ 284.203286][T12345] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (12345) [ 284.213569][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12298] <... mount resumed>) = 0 [pid 12298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12298] chdir("./file0") = 0 [pid 12298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 284.310881][T12345] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12298] ioctl(4, LOOP_CLR_FD) = 0 [pid 12298] close(4) = 0 [pid 12298] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12298] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12298] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12298] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12298] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12298] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12298] exit_group(0) = ? [pid 12298] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12298, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 5850] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 284.381696][T12345] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 5850] unlink("./74/binderfs") = 0 [pid 5850] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12343] <... write resumed>) = 16777216 [pid 12343] munmap(0x7f362be00000, 138412032) = 0 [pid 12343] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 284.433248][T12345] BTRFS info (device loop3): using free-space-tree [ 284.450732][ T5850] BTRFS info (device loop2): last unmount of filesystem d6b8b2f1-a801-4582-aa6c-cfaa8f47665d [pid 12343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 12343] close(3) = 0 [pid 12343] close(4) = 0 [pid 12343] mkdir("./file0", 0777) = 0 [pid 12343] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 284.512295][T12343] loop1: detected capacity change from 0 to 32768 [pid 5848] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./77/file0") = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./77") = 0 [ 284.566289][T12343] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (12343) [pid 12345] <... mount resumed>) = 0 [pid 5848] mkdir("./78", 0777 [pid 12345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5848] <... mkdir resumed>) = 0 [pid 12345] <... openat resumed>) = 3 [pid 12345] chdir("./file0" [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12350] <... write resumed>) = 16777216 [pid 12345] <... chdir resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 12345] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5848] ioctl(3, LOOP_CLR_FD [pid 12345] <... openat resumed>) = 4 [pid 12345] ioctl(4, LOOP_CLR_FD [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12345] <... ioctl resumed>) = 0 [pid 5848] close(3 [pid 12345] close(4) = 0 [pid 5848] <... close resumed>) = 0 [pid 12345] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12345] <... openat resumed>) = 4 ./strace-static-x86_64: Process 12395 attached [pid 12350] munmap(0x7f362be00000, 138412032 [pid 12345] ioctl(-1, SIOCGIFINDEX, NULL [pid 5848] <... clone resumed>, child_tidptr=0x55558aa90650) = 12395 [pid 12345] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12345] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12345] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12345] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12345] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12345] exit_group(0) = ? [pid 12345] +++ exited with 0 +++ [pid 12395] set_robust_list(0x55558aa90660, 24 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12345, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- [pid 12395] <... set_robust_list resumed>) = 0 [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 12395] chdir("./78") = 0 [pid 12395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12395] setpgid(0, 0) = 0 [pid 12395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] <... restart_syscall resumed>) = 0 [pid 5851] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12395] write(3, "1000", 4 [pid 12350] <... munmap resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12395] <... write resumed>) = 4 [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", [pid 12395] close(3 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12395] <... close resumed>) = 0 [pid 5851] getdents64(3, [pid 12395] symlink("/dev/binderfs", "./binderfs" [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 12395] <... symlink resumed>) = 0 [pid 5851] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./73/binderfs") = 0 [pid 5851] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 12395] write(1, "executing program\n", 18) = 18 [pid 12395] memfd_create("syzkaller", 0) = 3 [pid 12395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12350] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12395] <... mmap resumed>) = 0x7f362be00000 [pid 12350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12350] close(3) = 0 [ 284.696926][T12343] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 284.719550][T12350] loop4: detected capacity change from 0 to 32768 [ 284.726020][ T5851] BTRFS info (device loop3): last unmount of filesystem c270d507-65ae-4af3-a425-28cee07f447c [ 284.729199][T12343] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [pid 12350] close(4) = 0 [pid 12350] mkdir("./file0", 0777) = 0 [ 284.799578][T12350] BTRFS: device /dev/loop4 (7:4) using temp-fsid 0c6ef769-198a-4437-8741-6762029b3542 [ 284.818493][T12343] BTRFS info (device loop1): using free-space-tree [pid 12350] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 5850] <... umount2 resumed>) = 0 [pid 5850] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [ 284.843555][T12350] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (12350) [pid 5850] close(4) = 0 [pid 5850] rmdir("./74/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./74") = 0 [pid 5850] mkdir("./75", 0777) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12412 attached [pid 12412] set_robust_list(0x55558aa90660, 24) = 0 [pid 12412] chdir("./75") = 0 [pid 12412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12412] setpgid(0, 0) = 0 [ 284.919980][T12350] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 284.944828][T12350] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 284.960222][T12350] BTRFS info (device loop4): using free-space-tree [pid 12412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 12412 [pid 12412] write(3, "1000", 4) = 4 [pid 12412] close(3) = 0 [pid 12412] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12412] write(1, "executing program\n", 18) = 18 [pid 12412] memfd_create("syzkaller", 0) = 3 [pid 12412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12343] <... mount resumed>) = 0 [pid 12343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12343] chdir("./file0") = 0 [pid 12343] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12343] ioctl(4, LOOP_CLR_FD) = 0 [pid 12343] close(4) = 0 [pid 12343] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12343] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12343] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12343] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12343] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12343] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12343] exit_group(0) = ? [pid 12343] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12343, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5849] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./75/binderfs") = 0 [pid 5849] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5851] <... umount2 resumed>) = 0 [pid 12350] <... mount resumed>) = 0 [pid 12350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12350] chdir("./file0" [pid 5851] newfstatat(AT_FDCWD, "./73/file0", [pid 12350] <... chdir resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12350] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5851] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12350] <... openat resumed>) = 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12350] ioctl(4, LOOP_CLR_FD [pid 5851] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12350] <... ioctl resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 12350] close(4 [pid 5851] newfstatat(4, "", [pid 12350] <... close resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12350] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5851] getdents64(4, [pid 12350] <... openat resumed>) = 4 [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5851] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5851] close(4) = 0 [pid 5851] rmdir("./73/file0") = 0 [pid 5851] getdents64(3, [pid 12350] ioctl(-1, SIOCGIFINDEX, NULL [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12350] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] close(3 [pid 12350] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 5851] <... close resumed>) = 0 [pid 12350] <... write resumed>) = 280 [pid 5851] rmdir("./73" [pid 12350] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5851] <... rmdir resumed>) = 0 [pid 12350] <... bpf resumed>) = -1 EINVAL (Invalid argument) [ 285.152645][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5851] mkdir("./74", 0777 [pid 12350] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5851] <... mkdir resumed>) = 0 [pid 12350] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12350] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5851] <... openat resumed>) = 3 [pid 12350] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5851] ioctl(3, LOOP_CLR_FD [pid 12350] exit_group(0 [pid 5851] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12350] <... exit_group resumed>) = ? [pid 5851] close(3) = 0 [pid 12350] +++ exited with 0 +++ [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12350, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- ./strace-static-x86_64: Process 12429 attached [pid 12429] set_robust_list(0x55558aa90660, 24) = 0 [pid 5852] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12429] chdir("./74" [pid 5852] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... clone resumed>, child_tidptr=0x55558aa90650) = 12429 [pid 12429] <... chdir resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5852] newfstatat(3, "", [pid 12429] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, [pid 12429] <... prctl resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 12429] setpgid(0, 0 [pid 5852] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12429] <... setpgid resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./74/binderfs", [pid 12429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12429] <... openat resumed>) = 3 [pid 5852] unlink("./74/binderfs") = 0 [pid 12429] write(3, "1000", 4 [pid 5852] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12429] <... write resumed>) = 4 [pid 12429] close(3) = 0 [pid 12429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12429] write(1, "executing program\n", 18executing program ) = 18 [pid 12429] memfd_create("syzkaller", 0) = 3 [pid 12429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 285.323407][ T5852] BTRFS info (device loop4): last unmount of filesystem 0c6ef769-198a-4437-8741-6762029b3542 [pid 12395] <... write resumed>) = 16777216 [pid 12395] munmap(0x7f362be00000, 138412032 [pid 5852] <... umount2 resumed>) = 0 [pid 5852] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./74/file0", [pid 12395] <... munmap resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12395] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12395] <... openat resumed>) = 4 [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12395] ioctl(4, LOOP_SET_FD, 3 [pid 5852] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5852] newfstatat(4, "", [pid 12395] <... ioctl resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12395] close(3 [pid 5852] getdents64(4, [pid 12395] <... close resumed>) = 0 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 12395] close(4 [pid 5852] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 12395] <... close resumed>) = 0 [pid 12395] mkdir("./file0", 0777) = 0 [ 285.471157][T12395] loop0: detected capacity change from 0 to 32768 [pid 12395] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 5852] close(4) = 0 [pid 5852] rmdir("./74/file0") = 0 [pid 5852] getdents64(3, [pid 12412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [ 285.523855][T12395] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12395) [pid 5852] close(3) = 0 [pid 5852] rmdir("./74") = 0 [pid 5852] mkdir("./75", 0777) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./75/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] <... close resumed>) = 0 [pid 5849] rmdir("./75" [pid 5852] <... openat resumed>) = 3 [pid 5849] <... rmdir resumed>) = 0 [pid 5849] mkdir("./76", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5852] ioctl(3, LOOP_CLR_FD [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 12431 attached [pid 5852] close(3 [pid 5849] <... clone resumed>, child_tidptr=0x55558aa90650) = 12431 [pid 12431] set_robust_list(0x55558aa90660, 24) = 0 [pid 12431] chdir("./76") = 0 [pid 12431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12431] setpgid(0, 0) = 0 [pid 12431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] <... close resumed>) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12431] write(3, "1000", 4) = 4 [pid 5852] <... clone resumed>, child_tidptr=0x55558aa90650) = 12432 [pid 12431] close(3) = 0 [ 285.593027][T12395] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 285.626583][T12395] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 12431] symlink("/dev/binderfs", "./binderfs"executing program ./strace-static-x86_64: Process 12432 attached ) = 0 [pid 12431] write(1, "executing program\n", 18) = 18 [pid 12431] memfd_create("syzkaller", 0) = 3 [pid 12432] set_robust_list(0x55558aa90660, 24 [pid 12431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12432] <... set_robust_list resumed>) = 0 [pid 12432] chdir("./75") = 0 [pid 12432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12432] setpgid(0, 0) = 0 [pid 12432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12432] <... openat resumed>) = 3 [pid 12432] write(3, "1000", 4) = 4 [pid 12432] close(3) = 0 [pid 12432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12432] write(1, "executing program\n", 18executing program ) = 18 [ 285.686369][T12395] BTRFS info (device loop0): using free-space-tree [pid 12432] memfd_create("syzkaller", 0) = 3 [pid 12432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12429] <... write resumed>) = 16777216 [pid 12429] munmap(0x7f362be00000, 138412032) = 0 [pid 12429] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12429] close(3) = 0 [pid 12429] close(4) = 0 [pid 12429] mkdir("./file0", 0777) = 0 [ 285.950328][T12429] loop3: detected capacity change from 0 to 32768 [pid 12429] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 12395] <... mount resumed>) = 0 [pid 12395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12395] chdir("./file0") = 0 [pid 12395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12395] ioctl(4, LOOP_CLR_FD [pid 12432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12395] <... ioctl resumed>) = 0 [pid 12395] close(4) = 0 [pid 12395] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 286.004289][T12429] BTRFS: device /dev/loop3 (7:3) using temp-fsid c196c9d5-0548-4888-b6b8-7ba54017b34f [ 286.037340][T12429] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (12429) [pid 12395] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12395] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12395] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12395] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12395] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12395] exit_group(0) = ? [pid 12395] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12395, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5848] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./78/binderfs") = 0 [pid 5848] umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12412] <... write resumed>) = 16777216 [ 286.101453][T12429] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 286.139970][T12429] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [pid 12412] munmap(0x7f362be00000, 138412032) = 0 [pid 12412] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 286.174835][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 286.204186][T12429] BTRFS info (device loop3): using free-space-tree [pid 12412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12412] close(3) = 0 [pid 12412] close(4 [pid 12431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12412] <... close resumed>) = 0 [pid 12412] mkdir("./file0", 0777) = 0 [ 286.247724][T12412] loop2: detected capacity change from 0 to 32768 [ 286.291903][T12412] BTRFS: device /dev/loop2 (7:2) using temp-fsid 45885f9a-ad30-49af-a50d-9c7b6ee2edd5 [ 286.302529][T12412] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (12412) [ 286.359038][T12412] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 286.380365][T12412] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 12412] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [pid 12429] <... mount resumed>) = 0 [pid 12429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12429] chdir("./file0") = 0 [pid 12429] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12429] ioctl(4, LOOP_CLR_FD) = 0 [pid 12429] close(4) = 0 [pid 12429] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5848] <... umount2 resumed>) = 0 [pid 12429] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12429] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12429] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 286.460578][T12412] BTRFS info (device loop2): using free-space-tree [pid 12429] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 5848] umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12429] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12429] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12429] exit_group(0 [pid 5848] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12429] <... exit_group resumed>) = ? [pid 12429] +++ exited with 0 +++ [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12429, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=25 /* 0.25 s */} --- [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] restart_syscall(<... resuming interrupted clone ...> [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 5851] <... restart_syscall resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./78/file0" [pid 5851] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, [pid 5851] <... openat resumed>) = 3 [pid 5851] newfstatat(3, "", [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] close(3 [pid 5851] getdents64(3, [pid 5848] <... close resumed>) = 0 [pid 5851] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] rmdir("./78" [pid 5851] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... rmdir resumed>) = 0 [pid 12431] <... write resumed>) = 16777216 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] mkdir("./79", 0777 [pid 5851] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5851] unlink("./74/binderfs") = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12432] <... write resumed>) = 16777216 [pid 12431] munmap(0x7f362be00000, 138412032 [pid 5851] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 12431] <... munmap resumed>) = 0 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12432] munmap(0x7f362be00000, 138412032) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12481 ./strace-static-x86_64: Process 12481 attached [pid 12481] set_robust_list(0x55558aa90660, 24) = 0 [pid 12481] chdir("./79") = 0 [pid 12481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12481] setpgid(0, 0 [pid 12431] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 12481] <... setpgid resumed>) = 0 [pid 12432] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12412] <... mount resumed>) = 0 [pid 12481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12481] <... openat resumed>) = 3 [pid 12432] <... openat resumed>) = 4 [pid 12412] <... openat resumed>) = 3 [pid 12412] chdir("./file0" [pid 12481] write(3, "1000", 4 [pid 12412] <... chdir resumed>) = 0 [pid 12481] <... write resumed>) = 4 [pid 12481] close(3 [pid 12412] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12481] <... close resumed>) = 0 [pid 12432] ioctl(4, LOOP_SET_FD, 3 [pid 12431] <... openat resumed>) = 4 [pid 12431] ioctl(4, LOOP_SET_FD, 3 [pid 12481] symlink("/dev/binderfs", "./binderfs" [pid 12412] <... openat resumed>) = 4 [pid 12481] <... symlink resumed>) = 0 [pid 12412] ioctl(4, LOOP_CLR_FDexecuting program [pid 12481] write(1, "executing program\n", 18 [pid 12412] <... ioctl resumed>) = 0 [pid 12412] close(4 [pid 12481] <... write resumed>) = 18 [pid 12481] memfd_create("syzkaller", 0 [pid 12412] <... close resumed>) = 0 [pid 12431] <... ioctl resumed>) = 0 [pid 12412] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 12481] <... memfd_create resumed>) = 3 [pid 12431] close(3) = 0 [pid 12431] close(4) = 0 [pid 12431] mkdir("./file0", 0777 [pid 12481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12431] <... mkdir resumed>) = 0 [pid 12412] <... openat resumed>) = 4 [ 286.687177][T12431] loop1: detected capacity change from 0 to 32768 [ 286.694712][T12432] loop4: detected capacity change from 0 to 32768 [pid 12481] <... mmap resumed>) = 0x7f362be00000 [pid 12412] ioctl(-1, SIOCGIFINDEX, NULL [pid 12431] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 12432] <... ioctl resumed>) = 0 [pid 12412] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12412] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12412] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12412] bpf(BPF_PROG_LOAD, NULL, 0 [pid 12432] close(3) = 0 [pid 12432] close(4) = 0 [pid 12412] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 12432] mkdir("./file0", 0777) = 0 [pid 12412] bpf(BPF_PROG_TEST_RUN, NULL, 0 [pid 12432] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 12412] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 12412] exit_group(0) = ? [pid 12412] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12412, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [ 286.736404][T12431] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (12431) [pid 5850] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5850] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./75/binderfs") = 0 [ 286.786042][ T5851] BTRFS info (device loop3): last unmount of filesystem c196c9d5-0548-4888-b6b8-7ba54017b34f [ 286.847382][T12431] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 286.850036][T12432] BTRFS: device /dev/loop4 (7:4) using temp-fsid ff9ec4f8-295c-4b36-a3ff-63b68624f537 [ 286.890085][T12431] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 286.899996][T12432] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (12432) [ 286.906031][ T5850] BTRFS info (device loop2): last unmount of filesystem 45885f9a-ad30-49af-a50d-9c7b6ee2edd5 [ 286.941336][T12431] BTRFS info (device loop1): using free-space-tree [ 286.955530][T12432] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 286.983841][T12432] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 286.995215][T12432] BTRFS info (device loop4): using free-space-tree [pid 5850] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12431] <... mount resumed>) = 0 [pid 5851] <... umount2 resumed>) = 0 [pid 12481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5851] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12431] <... openat resumed>) = 3 [pid 12431] chdir("./file0") = 0 [pid 12431] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12431] ioctl(4, LOOP_CLR_FD) = 0 [pid 12431] close(4) = 0 [pid 12431] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5851] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12431] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 5851] newfstatat(AT_FDCWD, "./74/file0", [pid 12431] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12431] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12431] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12431] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12431] exit_group(0) = ? [pid 12431] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12431, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=20 /* 0.20 s */} --- [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5851] newfstatat(4, "", [pid 5849] <... restart_syscall resumed>) = 0 [pid 5851] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] getdents64(4, [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] close(4 [pid 5849] <... openat resumed>) = 3 [pid 5851] <... close resumed>) = 0 [pid 5849] newfstatat(3, "", [pid 5851] rmdir("./74/file0" [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] getdents64(3, [pid 5851] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5851] close(3) = 0 [pid 5851] rmdir("./74" [pid 5849] <... getdents64 resumed>0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] <... rmdir resumed>) = 0 [pid 5849] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] mkdir("./75", 0777 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5851] <... mkdir resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./76/binderfs" [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... unlink resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5849] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5851] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5851] close(3) = 0 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12514 attached , child_tidptr=0x55558aa90650) = 12514 [pid 12514] set_robust_list(0x55558aa90660, 24) = 0 [pid 12514] chdir("./75") = 0 [pid 12514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12514] setpgid(0, 0) = 0 [pid 12514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 12432] <... mount resumed>) = 0 [pid 12514] write(3, "1000", 4) = 4 [pid 12432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12514] close(3) = 0 [pid 12432] <... openat resumed>) = 3 [pid 12514] symlink("/dev/binderfs", "./binderfs" [pid 12432] chdir("./file0" [pid 12514] <... symlink resumed>) = 0 [pid 12432] <... chdir resumed>) = 0 [pid 12514] write(1, "executing program\n", 18) = 18 [pid 12432] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12432] ioctl(4, LOOP_CLR_FD) = 0 [pid 12432] close(4) = 0 [pid 12432] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12514] memfd_create("syzkaller", 0) = 3 [pid 12514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [pid 12432] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12432] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12432] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12432] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12432] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12432] exit_group(0) = ? [pid 12432] +++ exited with 0 +++ [pid 5852] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12432, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- [pid 5852] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5852] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5852] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5852] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5852] unlink("./75/binderfs") = 0 [pid 5852] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12481] <... write resumed>) = 16777216 [pid 12481] munmap(0x7f362be00000, 138412032) = 0 [pid 12481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 287.391316][ T5849] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 287.421955][ T5852] BTRFS info (device loop4): last unmount of filesystem ff9ec4f8-295c-4b36-a3ff-63b68624f537 [pid 12481] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... umount2 resumed>) = 0 [pid 12481] <... ioctl resumed>) = 0 [pid 5850] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5850] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5850] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5850] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5850] close(4) = 0 [pid 5850] rmdir("./75/file0") = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5850] close(3) = 0 [pid 5850] rmdir("./75") = 0 [pid 5850] mkdir("./76", 0777 [pid 12481] close(3 [pid 5850] <... mkdir resumed>) = 0 [pid 12481] <... close resumed>) = 0 [pid 12481] close(4 [pid 5850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5850] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] close(3) = 0 [pid 5850] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12515 attached [pid 12481] <... close resumed>) = 0 [pid 5850] <... clone resumed>, child_tidptr=0x55558aa90650) = 12515 [pid 12481] mkdir("./file0", 0777) = 0 [pid 12515] set_robust_list(0x55558aa90660, 24 [pid 12481] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 12515] <... set_robust_list resumed>) = 0 [ 287.471148][T12481] loop0: detected capacity change from 0 to 32768 [pid 12515] chdir("./76"executing program ) = 0 [pid 12515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12515] setpgid(0, 0) = 0 [pid 12515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12515] write(3, "1000", 4) = 4 [pid 12515] close(3) = 0 [pid 12515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12515] write(1, "executing program\n", 18) = 18 [pid 12515] memfd_create("syzkaller", 0) = 3 [pid 12515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 287.539373][T12481] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12481) [ 287.568863][T12481] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 287.601044][T12481] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 287.634297][T12481] BTRFS info (device loop0): using free-space-tree [pid 5849] <... umount2 resumed>) = 0 [pid 5849] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./76/file0") = 0 [pid 5849] getdents64(3, 0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./76") = 0 [pid 5849] mkdir("./77", 0777) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 12514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5849] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5849] close(3) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12532 attached , child_tidptr=0x55558aa90650) = 12532 [pid 12532] set_robust_list(0x55558aa90660, 24 [pid 12481] <... mount resumed>) = 0 [pid 12515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12532] <... set_robust_list resumed>) = 0 [pid 12481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5852] <... umount2 resumed>) = 0 [pid 12481] <... openat resumed>) = 3 [pid 12532] chdir("./77" [pid 5852] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12532] <... chdir resumed>) = 0 [pid 12481] chdir("./file0" [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12532] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12481] <... chdir resumed>) = 0 [pid 5852] newfstatat(AT_FDCWD, "./75/file0", [pid 12481] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12532] <... prctl resumed>) = 0 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12481] <... openat resumed>) = 4 [pid 5852] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12532] setpgid(0, 0 [pid 12481] ioctl(4, LOOP_CLR_FD [pid 5852] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12532] <... setpgid resumed>) = 0 [pid 12481] <... ioctl resumed>) = 0 [pid 5852] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12481] close(4 [pid 5852] <... openat resumed>) = 4 [pid 12532] <... openat resumed>) = 3 [pid 5852] newfstatat(4, "", [pid 12532] write(3, "1000", 4 [pid 12481] <... close resumed>) = 0 [pid 12532] <... write resumed>) = 4 [pid 12481] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 12532] close(3 [pid 5852] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12481] <... openat resumed>) = 4 executing program [pid 5852] getdents64(4, [pid 12532] <... close resumed>) = 0 [pid 12481] ioctl(-1, SIOCGIFINDEX, NULL [pid 12532] symlink("/dev/binderfs", "./binderfs" [pid 12481] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(4, [pid 12481] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280 [pid 12532] <... symlink resumed>) = 0 [pid 12481] <... write resumed>) = 280 [pid 5852] <... getdents64 resumed>0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 12532] write(1, "executing program\n", 18) = 18 [pid 12481] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] close(4 [pid 12532] memfd_create("syzkaller", 0 [pid 12481] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... close resumed>) = 0 [pid 12481] bpf(BPF_PROG_LOAD, NULL, 0 [pid 5852] rmdir("./75/file0" [pid 12481] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 5852] <... rmdir resumed>) = 0 [pid 12481] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5852] getdents64(3, [pid 12481] exit_group(0 [pid 5852] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12481] <... exit_group resumed>) = ? [pid 5852] close(3 [pid 12532] <... memfd_create resumed>) = 3 [pid 12481] +++ exited with 0 +++ [pid 5852] <... close resumed>) = 0 [pid 12532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] rmdir("./75" [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12481, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 12532] <... mmap resumed>) = 0x7f362be00000 [pid 5852] <... rmdir resumed>) = 0 [pid 5848] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", [pid 5852] mkdir("./76", 0777 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./79/binderfs") = 0 [pid 5848] umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5852] <... mkdir resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5852] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5852] close(3) = 0 [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12533 ./strace-static-x86_64: Process 12533 attached [pid 12533] set_robust_list(0x55558aa90660, 24) = 0 [pid 12533] chdir("./76") = 0 [pid 12533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12533] setpgid(0, 0) = 0 [pid 12533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12533] write(3, "1000", 4) = 4 [pid 12533] close(3) = 0 [pid 12533] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12533] write(1, "executing program\n", 18) = 18 [pid 12533] memfd_create("syzkaller", 0) = 3 [pid 12533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362be00000 [ 288.039863][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 5848] <... umount2 resumed>) = 0 [pid 12514] <... write resumed>) = 16777216 [pid 5848] umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12514] munmap(0x7f362be00000, 138412032 [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55558aa99730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55558aa99730 /* 0 entries */, 32768) = 0 [pid 12514] <... munmap resumed>) = 0 [pid 5848] close(4 [pid 12514] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5848] <... close resumed>) = 0 [pid 12514] ioctl(4, LOOP_SET_FD, 3 [pid 5848] rmdir("./79/file0") = 0 [pid 5848] getdents64(3, [pid 12514] <... ioctl resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55558aa916f0 /* 0 entries */, 32768) = 0 [pid 12533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12514] close(3 [pid 5848] close(3 [pid 12514] <... close resumed>) = 0 [pid 12514] close(4) = 0 [pid 12514] mkdir("./file0", 0777 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./79" [pid 12514] <... mkdir resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [ 288.248385][T12514] loop3: detected capacity change from 0 to 32768 [pid 12514] mount("/dev/loop3", "./file0", "btrfs", 0, "compress=zstd," [pid 5848] mkdir("./80", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558aa90650) = 12534 ./strace-static-x86_64: Process 12534 attached [pid 12534] set_robust_list(0x55558aa90660, 24) = 0 [pid 12534] chdir("./80") = 0 [pid 12534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12534] setpgid(0, 0) = 0 [pid 12534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 288.292910][T12514] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor134 (12514) [pid 12534] write(3, "1000", 4) = 4 [pid 12534] close(3) = 0 [pid 12534] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 12534] write(1, "executing program\n", 18 [pid 12515] <... write resumed>) = 16777216 [pid 12534] <... write resumed>) = 18 [pid 12515] munmap(0x7f362be00000, 138412032 [pid 12534] memfd_create("syzkaller", 0) = 3 [ 288.356257][T12514] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12515] <... munmap resumed>) = 0 [pid 12534] <... mmap resumed>) = 0x7f362be00000 [pid 12515] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12515] close(3) = 0 [pid 12515] close(4) = 0 [pid 12515] mkdir("./file0", 0777) = 0 [ 288.396131][T12514] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 288.421527][T12515] loop2: detected capacity change from 0 to 32768 [ 288.428577][T12514] BTRFS info (device loop3): using free-space-tree [ 288.475588][T12515] BTRFS: device /dev/loop2 (7:2) using temp-fsid b816130c-7e78-44f6-b5ef-6a92b8cce4eb [ 288.489165][T12515] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor134 (12515) [ 288.570802][T12515] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 288.600010][T12515] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [pid 12515] mount("/dev/loop2", "./file0", "btrfs", 0, "compress=zstd," [ 288.667027][T12515] BTRFS info (device loop2): using free-space-tree [pid 12534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12514] <... mount resumed>) = 0 [pid 12514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12514] chdir("./file0") = 0 [pid 12514] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12514] ioctl(4, LOOP_CLR_FD) = 0 [pid 12514] close(4) = 0 [pid 12514] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12514] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12514] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12514] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12514] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12514] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12514] exit_group(0) = ? [pid 12514] +++ exited with 0 +++ [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12514, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=26 /* 0.26 s */} --- [pid 5851] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5851] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5851] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5851] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5851] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5851] unlink("./75/binderfs") = 0 [pid 5851] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12532] <... write resumed>) = 16777216 [pid 12532] munmap(0x7f362be00000, 138412032 [pid 12534] <... write resumed>) = 16777216 [pid 12534] munmap(0x7f362be00000, 138412032 [pid 12533] <... write resumed>) = 16777216 [pid 12533] munmap(0x7f362be00000, 138412032 [pid 12532] <... munmap resumed>) = 0 [pid 12532] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 12534] <... munmap resumed>) = 0 [pid 12534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 288.901287][ T5851] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12532] <... openat resumed>) = 4 [pid 12532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12533] <... munmap resumed>) = 0 [pid 12533] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12534] close(3) = 0 [pid 12534] close(4) = 0 [pid 12534] mkdir("./file0", 0777) = 0 [pid 12534] mount("/dev/loop0", "./file0", "btrfs", 0, "compress=zstd," [pid 12532] close(3) = 0 [pid 12532] close(4) = 0 [pid 12532] mkdir("./file0", 0777) = 0 [ 288.941837][T12534] loop0: detected capacity change from 0 to 32768 [ 288.951288][T12532] loop1: detected capacity change from 0 to 32768 [ 288.974966][ T5851] VFS: Busy inodes after unmount of loop3 (btrfs) [ 288.975167][ T5851] ------------[ cut here ]------------ [pid 12532] mount("/dev/loop1", "./file0", "btrfs", 0, "compress=zstd," [pid 12533] ioctl(4, LOOP_SET_FD, 3 [pid 12515] <... mount resumed>) = 0 [ 288.988222][ T5851] kernel BUG at fs/super.c:652! [ 288.993629][T12534] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor134 (12534) [ 289.001029][T12533] loop4: detected capacity change from 0 to 32768 [ 289.031373][T12534] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 289.045913][ T5851] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 289.048105][T12532] BTRFS: device /dev/loop1 (7:1) using temp-fsid 98036644-6680-489f-8b48-ecaa1a878026 [ 289.052898][ T5851] CPU: 1 UID: 0 PID: 5851 Comm: syz-executor134 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 289.052933][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 289.052948][ T5851] RIP: 0010:generic_shutdown_super+0x2ca/0x2d0 [ 289.089321][ T5851] Code: 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 5c ee ff 48 8b 13 48 c7 c7 60 34 18 8c 4c 89 e6 e8 97 ad ef fe 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 289.108933][ T5851] RSP: 0018:ffffc90003fdfbd0 EFLAGS: 00010246 [ 289.115041][ T5851] RAX: 000000000000002f RBX: ffffffff8ee92a40 RCX: e130cf483e660900 [ 289.123006][ T5851] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 289.130967][ T5851] RBP: 1ffff110060c44f0 R08: ffffffff817eedec R09: 1ffff920007fbf14 [ 289.138930][ T5851] R10: dffffc0000000000 R11: fffff520007fbf15 R12: ffff888030622668 [ 289.146891][ T5851] R13: dffffc0000000000 R14: ffffffff8c4ada98 R15: ffff888030622780 [ 289.154850][ T5851] FS: 000055558aa90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 289.163769][ T5851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 289.170345][ T5851] CR2: 00007ffedd273d38 CR3: 00000000782dc000 CR4: 00000000003526f0 [ 289.178309][ T5851] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 289.186267][ T5851] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 289.194229][ T5851] Call Trace: [ 289.197497][ T5851] [ 289.200420][ T5851] ? __die_body+0x5f/0xb0 [ 289.204769][ T5851] ? die+0x9e/0xc0 [ 289.208478][ T5851] ? do_trap+0x15a/0x3a0 [ 289.212709][ T5851] ? generic_shutdown_super+0x2ca/0x2d0 [ 289.218250][ T5851] ? do_error_trap+0x1dc/0x2c0 [ 289.223006][ T5851] ? generic_shutdown_super+0x2ca/0x2d0 [ 289.228542][ T5851] ? __pfx_do_error_trap+0x10/0x10 [ 289.233641][ T5851] ? handle_invalid_op+0x34/0x40 [ 289.238565][ T5851] ? generic_shutdown_super+0x2ca/0x2d0 [ 289.244101][ T5851] ? exc_invalid_op+0x38/0x50 [ 289.248778][ T5851] ? asm_exc_invalid_op+0x1a/0x20 [ 289.253793][ T5851] ? __wake_up_klogd+0xcc/0x110 [ 289.258641][ T5851] ? generic_shutdown_super+0x2ca/0x2d0 [ 289.264179][ T5851] kill_anon_super+0x3b/0x70 [ 289.268755][ T5851] btrfs_kill_super+0x41/0x50 [ 289.273434][ T5851] deactivate_locked_super+0xc4/0x130 [ 289.278798][ T5851] cleanup_mnt+0x41f/0x4b0 [ 289.283209][ T5851] ? lockdep_hardirqs_on+0x99/0x150 [ 289.288399][ T5851] task_work_run+0x24f/0x310 [ 289.292981][ T5851] ? __pfx_task_work_run+0x10/0x10 [ 289.298082][ T5851] ? path_umount+0x284/0xf70 [ 289.302664][ T5851] ptrace_notify+0x2d2/0x380 [ 289.307255][ T5851] ? __pfx_ptrace_notify+0x10/0x10 [ 289.312356][ T5851] ? kmem_cache_free+0x195/0x410 [ 289.317287][ T5851] ? __x64_sys_umount+0x123/0x170 [ 289.322300][ T5851] syscall_exit_work+0xc7/0x1d0 [ 289.327140][ T5851] syscall_exit_to_user_mode+0x24a/0x340 [ 289.332767][ T5851] do_syscall_64+0x100/0x230 [ 289.337348][ T5851] ? clear_bhb_loop+0x35/0x90 [ 289.342019][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.347911][ T5851] RIP: 0033:0x7f36343cf537 [ 289.352325][ T5851] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 289.371920][ T5851] RSP: 002b:00007fff86e08eb8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 289.380325][ T5851] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f36343cf537 [ 289.388286][ T5851] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff86e08f70 [ 289.396243][ T5851] RBP: 00007fff86e08f70 R08: 0000000000000000 R09: 0000000000000000 [ 289.404203][ T5851] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff86e09fe0 [ 289.412166][ T5851] R13: 000055558aa916c0 R14: 431bde82d7b634db R15: 00007fff86e0a000 [ 289.420132][ T5851] [ 289.423138][ T5851] Modules linked in: [ 289.427416][ T5851] ---[ end trace 0000000000000000 ]--- [ 289.433481][T12534] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [pid 12515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12515] chdir("./file0") = 0 [pid 12515] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12515] ioctl(4, LOOP_CLR_FD) = 0 [pid 12515] close(4) = 0 [pid 12515] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 12515] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12515] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12515] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12515] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12515] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12515] exit_group(0) = ? [pid 12533] <... ioctl resumed>) = 0 [pid 12515] +++ exited with 0 +++ [pid 5850] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12515, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- [pid 12533] close(3 [pid 5850] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5850] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12533] <... close resumed>) = 0 [pid 5850] getdents64(3, 0x55558aa916f0 /* 4 entries */, 32768) = 112 [pid 5850] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5850] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] unlink("./76/binderfs") = 0 [pid 5850] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 12533] close(4) = 0 [pid 12533] mkdir("./file0", 0777) = 0 [ 289.439652][ T5851] RIP: 0010:generic_shutdown_super+0x2ca/0x2d0 [ 289.443073][T12534] BTRFS info (device loop0): using free-space-tree [ 289.451673][ T5851] Code: 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 5c ee ff 48 8b 13 48 c7 c7 60 34 18 8c 4c 89 e6 e8 97 ad ef fe 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 289.478198][T12532] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor134 (12532) [ 289.504877][T12533] BTRFS: device /dev/loop4 (7:4) using temp-fsid 1d366509-e32d-4200-96bb-10a3b0bb62f2 [ 289.515908][T12532] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 289.524956][ T5850] BTRFS info (device loop2): last unmount of filesystem b816130c-7e78-44f6-b5ef-6a92b8cce4eb [ 289.550371][ T5851] RSP: 0018:ffffc90003fdfbd0 EFLAGS: 00010246 [ 289.556508][ T5851] RAX: 000000000000002f RBX: ffffffff8ee92a40 RCX: e130cf483e660900 [ 289.569204][T12533] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor134 (12533) [ 289.584155][T12532] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 289.628456][T12532] BTRFS info (device loop1): using free-space-tree [ 289.636190][ T5851] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 289.661415][ T5851] RBP: 1ffff110060c44f0 R08: ffffffff817eedec R09: 1ffff920007fbf14 [pid 12533] mount("/dev/loop4", "./file0", "btrfs", 0, "compress=zstd," [pid 12534] <... mount resumed>) = 0 [pid 12534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12534] chdir("./file0") = 0 [pid 12534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12534] ioctl(4, LOOP_CLR_FD) = 0 [pid 12534] close(4) = 0 [pid 12534] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 289.669776][T12533] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [pid 12534] ioctl(-1, SIOCGIFINDEX, NULL) = -1 EBADF (Bad file descriptor) [pid 12534] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12534] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12534] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12534] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12532] <... mount resumed>) = 0 [pid 12534] exit_group(0 [pid 12532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12532] chdir("./file0") = 0 [pid 12532] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12534] <... exit_group resumed>) = ? [ 289.731603][ T5851] R10: dffffc0000000000 R11: fffff520007fbf15 R12: ffff888030622668 [ 289.749564][T12533] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [pid 12534] +++ exited with 0 +++ [pid 12532] ioctl(4, LOOP_CLR_FD) = 0 [pid 12532] close(4) = 0 [pid 12532] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 289.780663][ T5851] R13: dffffc0000000000 R14: ffffffff8c4ada98 R15: ffff888030622780 [ 289.788955][ T5851] FS: 000055558aa90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 289.804294][T12533] BTRFS info (device loop4): using free-space-tree [ 289.808907][ T5851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 289.817498][ T5851] CR2: 00007f3634416a28 CR3: 00000000782dc000 CR4: 00000000003526f0 [pid 12532] ioctl(-1, SIOCGIFINDEX, NULL [pid 5850] <... umount2 resumed>) = 0 [pid 12532] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12532] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 12532] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12532] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long) [pid 12532] bpf(BPF_PROG_TEST_RUN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 12532] exit_group(0) = ? [pid 12532] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12532, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 5850] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12534, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5850] newfstatat(AT_FDCWD, "./76/file0", [pid 5848] <... restart_syscall resumed>) = 0 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5850] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... openat resumed>) = 4 [pid 5849] newfstatat(3, "", [pid 5848] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] newfstatat(4, "", [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5850] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, [ 289.826177][ T5851] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 289.835300][ T5851] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 289.843593][ T5851] Kernel panic - not syncing: Fatal exception [ 289.849959][ T5851] Kernel Offset: disabled [ 289.854279][ T5851] Rebooting in 86400 seconds..