./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1962417993 <...> Warning: Permanently added '10.128.1.140' (ECDSA) to the list of known hosts. execve("./syz-executor1962417993", ["./syz-executor1962417993"], 0x7ffda6660730 /* 10 vars */) = 0 brk(NULL) = 0x5555571f7000 brk(0x5555571f7c40) = 0x5555571f7c40 arch_prctl(ARCH_SET_FS, 0x5555571f7300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555571f75d0) = 5071 set_robust_list(0x5555571f75e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fac9ca10530, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fac9ca10c00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fac9ca105d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fac9ca10c00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1962417993", 4096) = 28 brk(0x555557218c40) = 0x555557218c40 brk(0x555557219000) = 0x555557219000 mprotect(0x7fac9cad7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5071 mkdir("./syzkaller.PU2mtE", 0700) = 0 chmod("./syzkaller.PU2mtE", 0777) = 0 chdir("./syzkaller.PU2mtE") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5072] chdir("./0") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5072] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5073 [pid 5072] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 syzkaller login: [ 68.232518][ T5073] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5073 'syz-executor196' [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5073] munmap(0x7fac945df000, 16777216) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./bus", 0777) = 0 [ 68.475197][ T5073] loop0: detected capacity change from 0 to 32768 [ 68.488898][ T5073] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5073) [ 68.511251][ T5073] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.520499][ T5073] BTRFS info (device loop0): doing ref verification [ 68.527789][ T5073] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.538821][ T5073] BTRFS info (device loop0): force zlib compression, level 3 [ 68.546486][ T5073] BTRFS info (device loop0): allowing degraded mounts [ 68.553338][ T5073] BTRFS info (device loop0): using free space tree [pid 5073] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./bus") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5073] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5072] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5091 [pid 5072] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5073] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5091] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5091] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] exit_group(0) = ? [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 68.578096][ T5073] BTRFS info (device loop0): auto enabling async discard umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5101] chdir("./1") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5101] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5101] <... clone resumed>, parent_tid=[5102], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5102 [pid 5101] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5102] munmap(0x7fac945df000, 16777216) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./bus", 0777) = 0 [ 69.077612][ T5102] loop0: detected capacity change from 0 to 32768 [ 69.090169][ T5102] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5102) [ 69.110054][ T5102] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.119280][ T5102] BTRFS info (device loop0): doing ref verification [ 69.126245][ T5102] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 69.137631][ T5102] BTRFS info (device loop0): force zlib compression, level 3 [ 69.145071][ T5102] BTRFS info (device loop0): allowing degraded mounts [ 69.152135][ T5102] BTRFS info (device loop0): using free space tree [pid 5102] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5102] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./bus") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... openat resumed>) = 4 [pid 5102] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5102] <... futex resumed>) = 0 [pid 5101] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE [pid 5102] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... mprotect resumed>) = 0 [pid 5101] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5119 attached , parent_tid=[5119], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5119 [pid 5119] set_robust_list(0x7fac955de9e0, 24 [pid 5101] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... set_robust_list resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5119] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5101] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5119] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] exit_group(0 [pid 5119] ???( [pid 5102] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5119] <... ??? resumed>) = ? [pid 5102] +++ exited with 0 +++ [ 69.173807][ T5102] BTRFS info (device loop0): auto enabling async discard [pid 5119] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5121] chdir("./2") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5121] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5122], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5122 [pid 5121] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5122] munmap(0x7fac945df000, 16777216) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./bus", 0777) = 0 [ 69.634708][ T5122] loop0: detected capacity change from 0 to 32768 [ 69.647657][ T5122] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5122) [ 69.667017][ T5122] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.675862][ T5122] BTRFS info (device loop0): doing ref verification [ 69.682597][ T5122] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 69.693432][ T5122] BTRFS info (device loop0): force zlib compression, level 3 [ 69.700948][ T5122] BTRFS info (device loop0): allowing degraded mounts [ 69.708309][ T5122] BTRFS info (device loop0): using free space tree [pid 5122] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5122] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./bus") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5121] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... openat resumed>) = 4 [pid 5122] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5122] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5121] <... mmap resumed>) = 0x7fac955be000 [pid 5122] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... mprotect resumed>) = 0 [pid 5121] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5139] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... clone resumed>, parent_tid=[5139], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5139 [pid 5121] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5139] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5121] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5139] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5139] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] exit_group(0 [pid 5139] <... futex resumed>) = ? [pid 5122] <... futex resumed>) = ? [pid 5121] <... exit_group resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 69.729393][ T5122] BTRFS info (device loop0): auto enabling async discard fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5141] chdir("./3") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5141] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5142 attached , parent_tid=[5142], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5142 [pid 5142] set_robust_list(0x7fac9c9ff9e0, 24 [pid 5141] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... set_robust_list resumed>) = 0 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5142] munmap(0x7fac945df000, 16777216) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] mkdir("./bus", 0777) = 0 [ 70.186897][ T5142] loop0: detected capacity change from 0 to 32768 [ 70.199830][ T5142] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5142) [ 70.215088][ T5142] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.224260][ T5142] BTRFS info (device loop0): doing ref verification [pid 5142] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5142] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./bus") = 0 [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5142] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5141] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5159], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5159 [pid 5141] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5142] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5159] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5159] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] exit_group(0) = ? [pid 5142] <... futex resumed>) = ? [pid 5142] +++ exited with 0 +++ [ 70.231047][ T5142] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 70.242398][ T5142] BTRFS info (device loop0): force zlib compression, level 3 [ 70.250165][ T5142] BTRFS info (device loop0): allowing degraded mounts [ 70.257149][ T5142] BTRFS info (device loop0): using free space tree [ 70.277690][ T5142] BTRFS info (device loop0): auto enabling async discard [pid 5159] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x5555571f75d0) = 5161 [pid 5161] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5161] chdir("./4") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5161] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5162 attached [pid 5162] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5162] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... clone resumed>, parent_tid=[5162], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5162 [pid 5161] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5161] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5162] munmap(0x7fac945df000, 16777216) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./bus", 0777) = 0 [ 70.742346][ T5162] loop0: detected capacity change from 0 to 32768 [ 70.753466][ T5162] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5162) [ 70.771111][ T5162] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.779979][ T5162] BTRFS info (device loop0): doing ref verification [pid 5162] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./bus") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... futex resumed>) = 0 [pid 5162] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5162] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5161] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5162] <... futex resumed>) = 1 [pid 5161] <... clone resumed>, parent_tid=[5179], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5179 [pid 5162] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5161] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5161] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5179 attached [pid 5162] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] set_robust_list(0x7fac955de9e0, 24 [pid 5162] <... futex resumed>) = 0 [pid 5179] <... set_robust_list resumed>) = 0 [pid 5162] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5179] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5179] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] exit_group(0 [pid 5179] <... futex resumed>) = ? [ 70.786713][ T5162] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 70.797546][ T5162] BTRFS info (device loop0): force zlib compression, level 3 [ 70.804955][ T5162] BTRFS info (device loop0): allowing degraded mounts [ 70.811826][ T5162] BTRFS info (device loop0): using free space tree [ 70.832742][ T5162] BTRFS info (device loop0): auto enabling async discard [pid 5162] <... futex resumed>) = ? [pid 5161] <... exit_group resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5181 ./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5181] chdir("./5") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5181] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x7fac9c9ff9e0, 24 [pid 5181] <... clone resumed>, parent_tid=[5182], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5182 [pid 5181] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5182] <... set_robust_list resumed>) = 0 [pid 5182] memfd_create("syzkaller", 0) = 3 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5182] munmap(0x7fac945df000, 16777216) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5182] close(3) = 0 [pid 5182] mkdir("./bus", 0777) = 0 [ 71.278950][ T5182] loop0: detected capacity change from 0 to 32768 [ 71.289488][ T5182] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5182) [ 71.308277][ T5182] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.317111][ T5182] BTRFS info (device loop0): doing ref verification [pid 5182] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5182] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5182] chdir("./bus") = 0 [pid 5182] ioctl(4, LOOP_CLR_FD) = 0 [pid 5182] close(4) = 0 [pid 5182] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5182] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5182] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5181] <... mmap resumed>) = 0x7fac955be000 [pid 5181] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5181] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5199 attached [pid 5182] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... clone resumed>, parent_tid=[5199], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5199 [pid 5182] <... futex resumed>) = 0 [pid 5181] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] <... futex resumed>) = 0 [pid 5199] set_robust_list(0x7fac955de9e0, 24 [ 71.323737][ T5182] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 71.334580][ T5182] BTRFS info (device loop0): force zlib compression, level 3 [ 71.342028][ T5182] BTRFS info (device loop0): allowing degraded mounts [ 71.348908][ T5182] BTRFS info (device loop0): using free space tree [ 71.370561][ T5182] BTRFS info (device loop0): auto enabling async discard [pid 5181] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... set_robust_list resumed>) = 0 [pid 5199] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5199] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] exit_group(0 [pid 5182] <... futex resumed>) = ? [pid 5181] <... exit_group resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5201] chdir("./6") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5201] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5202] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... clone resumed>, parent_tid=[5202], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5202 [pid 5201] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5202] memfd_create("syzkaller", 0 [pid 5201] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] <... memfd_create resumed>) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5202] munmap(0x7fac945df000, 16777216) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./bus", 0777) = 0 [ 71.835596][ T5202] loop0: detected capacity change from 0 to 32768 [ 71.848297][ T5202] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5202) [ 71.867067][ T5202] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.875883][ T5202] BTRFS info (device loop0): doing ref verification [ 71.882893][ T5202] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 71.894003][ T5202] BTRFS info (device loop0): force zlib compression, level 3 [ 71.901821][ T5202] BTRFS info (device loop0): allowing degraded mounts [ 71.908937][ T5202] BTRFS info (device loop0): using free space tree [pid 5202] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./bus") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5202] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5201] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... openat resumed>) = 4 [pid 5202] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5202] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5201] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5202] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5201] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x7fac955de9e0, 24 [pid 5201] <... clone resumed>, parent_tid=[5219], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5219 [pid 5219] <... set_robust_list resumed>) = 0 [pid 5201] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5219] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] exit_group(0 [pid 5219] <... futex resumed>) = ? [pid 5202] <... futex resumed>) = ? [pid 5201] <... exit_group resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 71.931475][ T5202] BTRFS info (device loop0): auto enabling async discard umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5229] chdir("./7") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5229] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5230], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5230 [pid 5229] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5230] munmap(0x7fac945df000, 16777216) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./bus", 0777) = 0 [ 72.386186][ T5230] loop0: detected capacity change from 0 to 32768 [ 72.398306][ T5230] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5230) [ 72.413775][ T5230] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.423288][ T5230] BTRFS info (device loop0): doing ref verification [pid 5230] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5230] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./bus") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5229] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5230] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5230] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5229] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... mmap resumed>) = 0x7fac955be000 [ 72.429991][ T5230] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.441150][ T5230] BTRFS info (device loop0): force zlib compression, level 3 [ 72.448681][ T5230] BTRFS info (device loop0): allowing degraded mounts [ 72.455480][ T5230] BTRFS info (device loop0): using free space tree [ 72.476861][ T5230] BTRFS info (device loop0): auto enabling async discard [pid 5229] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5247], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5247 [pid 5229] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5247] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5247] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5247] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5247] <... futex resumed>) = ? [pid 5230] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5249 ./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5249] chdir("./8") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5249] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5250 [pid 5249] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5250] munmap(0x7fac945df000, 16777216) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] mkdir("./bus", 0777) = 0 [ 72.954636][ T5250] loop0: detected capacity change from 0 to 32768 [ 72.965828][ T5250] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5250) [ 72.983712][ T5250] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.992530][ T5250] BTRFS info (device loop0): doing ref verification [pid 5250] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5250] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./bus") = 0 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [pid 5250] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5250] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5250] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5249] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5267], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5267 [pid 5250] <... ioctl resumed>) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 5267 attached [pid 5249] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] set_robust_list(0x7fac955de9e0, 24 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... set_robust_list resumed>) = 0 [pid 5267] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [ 72.999549][ T5250] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 73.010435][ T5250] BTRFS info (device loop0): force zlib compression, level 3 [ 73.017962][ T5250] BTRFS info (device loop0): allowing degraded mounts [ 73.024751][ T5250] BTRFS info (device loop0): using free space tree [ 73.045154][ T5250] BTRFS info (device loop0): auto enabling async discard [pid 5267] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5267] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5250] <... futex resumed>) = ? [pid 5249] <... exit_group resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5267] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5269 ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5269] chdir("./9") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5269] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5270], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5270 [pid 5269] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5270] munmap(0x7fac945df000, 16777216) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./bus", 0777) = 0 [ 73.515408][ T5270] loop0: detected capacity change from 0 to 32768 [ 73.526424][ T5270] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5270) [ 73.545264][ T5270] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.554578][ T5270] BTRFS info (device loop0): doing ref verification [pid 5270] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5270] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./bus") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5270] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5269] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5269] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5287], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5287 [pid 5269] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5270] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5287 attached [pid 5270] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] set_robust_list(0x7fac955de9e0, 24) = 0 [ 73.561313][ T5270] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 73.572171][ T5270] BTRFS info (device loop0): force zlib compression, level 3 [ 73.579709][ T5270] BTRFS info (device loop0): allowing degraded mounts [ 73.586668][ T5270] BTRFS info (device loop0): using free space tree [ 73.606146][ T5270] BTRFS info (device loop0): auto enabling async discard [pid 5287] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5287] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] exit_group(0) = ? [pid 5270] <... futex resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached , child_tidptr=0x5555571f75d0) = 5289 [pid 5289] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5289] chdir("./10") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5289] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5290], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5290 [pid 5289] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x7fac9c9ff9e0, 24 [pid 5289] <... futex resumed>) = 0 [pid 5290] <... set_robust_list resumed>) = 0 [pid 5289] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5290] munmap(0x7fac945df000, 16777216) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./bus", 0777) = 0 [ 74.072507][ T5290] loop0: detected capacity change from 0 to 32768 [ 74.084211][ T5290] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5290) [ 74.103850][ T5290] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.113063][ T5290] BTRFS info (device loop0): doing ref verification [pid 5290] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5290] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./bus") = 0 [pid 5290] ioctl(4, LOOP_CLR_FD) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5289] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... openat resumed>) = 4 [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5290] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5289] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5289] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5307], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5307 [pid 5289] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5307 attached [pid 5307] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5307] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5307] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] exit_group(0 [pid 5290] <... futex resumed>) = ? [pid 5289] <... exit_group resumed>) = ? [pid 5290] +++ exited with 0 +++ [pid 5307] <... futex resumed>) = ? [ 74.120386][ T5290] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 74.131508][ T5290] BTRFS info (device loop0): force zlib compression, level 3 [ 74.139350][ T5290] BTRFS info (device loop0): allowing degraded mounts [ 74.146148][ T5290] BTRFS info (device loop0): using free space tree [ 74.165239][ T5290] BTRFS info (device loop0): auto enabling async discard [pid 5307] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached , child_tidptr=0x5555571f75d0) = 5309 [pid 5309] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5309] chdir("./11") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5309] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5310], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5310 [pid 5309] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5310 attached [pid 5310] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5310] munmap(0x7fac945df000, 16777216) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] mkdir("./bus", 0777) = 0 [ 74.628180][ T5310] loop0: detected capacity change from 0 to 32768 [ 74.652223][ T5310] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5310) [ 74.668362][ T5310] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.677209][ T5310] BTRFS info (device loop0): doing ref verification [ 74.683872][ T5310] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 74.694747][ T5310] BTRFS info (device loop0): force zlib compression, level 3 [ 74.702596][ T5310] BTRFS info (device loop0): allowing degraded mounts [ 74.709483][ T5310] BTRFS info (device loop0): using free space tree [pid 5310] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5310] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] chdir("./bus") = 0 [pid 5310] ioctl(4, LOOP_CLR_FD) = 0 [pid 5310] close(4) = 0 [pid 5310] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5310] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5309] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5327], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5327 [pid 5309] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5310] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5327 attached [pid 5327] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5327] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5327] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] exit_group(0 [pid 5310] <... futex resumed>) = ? [pid 5309] <... exit_group resumed>) = ? [pid 5310] +++ exited with 0 +++ [pid 5327] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 74.730911][ T5310] BTRFS info (device loop0): auto enabling async discard umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5330 ./strace-static-x86_64: Process 5330 attached [pid 5330] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5330] chdir("./12") = 0 [pid 5330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5330] setpgid(0, 0) = 0 [pid 5330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5330] write(3, "1000", 4) = 4 [pid 5330] close(3) = 0 [pid 5330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5330] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5330] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5330] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5331], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5331 [pid 5330] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5331] memfd_create("syzkaller", 0) = 3 [pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5331] munmap(0x7fac945df000, 16777216) = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5331] close(3) = 0 [pid 5331] mkdir("./bus", 0777) = 0 [ 75.196501][ T5331] loop0: detected capacity change from 0 to 32768 [ 75.208466][ T5331] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5331) [ 75.229774][ T5331] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.238984][ T5331] BTRFS info (device loop0): doing ref verification [ 75.245975][ T5331] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.256990][ T5331] BTRFS info (device loop0): force zlib compression, level 3 [ 75.264429][ T5331] BTRFS info (device loop0): allowing degraded mounts [ 75.271380][ T5331] BTRFS info (device loop0): using free space tree [pid 5331] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5331] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5331] chdir("./bus") = 0 [pid 5331] ioctl(4, LOOP_CLR_FD) = 0 [pid 5331] close(4) = 0 [pid 5331] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... futex resumed>) = 1 [pid 5331] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5331] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5330] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5330] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5348], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5348 [pid 5330] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... futex resumed>) = 1 [pid 5331] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5331] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5348] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5348] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5330] exit_group(0) = ? [pid 5331] <... futex resumed>) = ? [pid 5331] +++ exited with 0 +++ [pid 5348] <... futex resumed>) = ? [pid 5348] +++ exited with 0 +++ [pid 5330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5330, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 75.292056][ T5331] BTRFS info (device loop0): auto enabling async discard unlink("./12/binderfs") = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5351 ./strace-static-x86_64: Process 5351 attached [pid 5351] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5351] chdir("./13") = 0 [pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5351] setpgid(0, 0) = 0 [pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5351] write(3, "1000", 4) = 4 [pid 5351] close(3) = 0 [pid 5351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5351] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5351] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5352], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5352 [pid 5351] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5352 attached [pid 5352] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5352] memfd_create("syzkaller", 0) = 3 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5352] munmap(0x7fac945df000, 16777216) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5352] close(3) = 0 [pid 5352] mkdir("./bus", 0777) = 0 [ 75.722795][ T5352] loop0: detected capacity change from 0 to 32768 [ 75.734765][ T5352] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5352) [ 75.753521][ T5352] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.762970][ T5352] BTRFS info (device loop0): doing ref verification [pid 5352] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5352] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5352] chdir("./bus") = 0 [pid 5352] ioctl(4, LOOP_CLR_FD) = 0 [pid 5352] close(4) = 0 [pid 5352] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... futex resumed>) = 1 [pid 5352] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5352] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5351] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5369], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5369 [pid 5351] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... futex resumed>) = 1 [pid 5352] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5352] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5369] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5369] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5351] exit_group(0) = ? [ 75.770051][ T5352] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.781302][ T5352] BTRFS info (device loop0): force zlib compression, level 3 [ 75.789230][ T5352] BTRFS info (device loop0): allowing degraded mounts [ 75.796019][ T5352] BTRFS info (device loop0): using free space tree [ 75.816001][ T5352] BTRFS info (device loop0): auto enabling async discard [pid 5352] <... futex resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5369] <... futex resumed>) = ? [pid 5369] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5351, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5371 ./strace-static-x86_64: Process 5371 attached [pid 5371] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5371] chdir("./14") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5371] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5372], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5372 [pid 5371] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5372 attached [pid 5372] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5372] munmap(0x7fac945df000, 16777216) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./bus", 0777) = 0 [ 76.286133][ T5372] loop0: detected capacity change from 0 to 32768 [ 76.297054][ T5372] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5372) [ 76.314355][ T5372] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.323201][ T5372] BTRFS info (device loop0): doing ref verification [ 76.329940][ T5372] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 76.340809][ T5372] BTRFS info (device loop0): force zlib compression, level 3 [ 76.348321][ T5372] BTRFS info (device loop0): allowing degraded mounts [ 76.355161][ T5372] BTRFS info (device loop0): using free space tree [pid 5372] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5372] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./bus") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5371] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5371] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5372] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5371] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE [pid 5372] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... mprotect resumed>) = 0 [pid 5372] <... futex resumed>) = 0 [pid 5371] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5372] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... clone resumed>, parent_tid=[5390], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5390 [pid 5371] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5390 attached [pid 5390] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5390] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5390] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] exit_group(0 [pid 5372] <... futex resumed>) = ? [pid 5371] <... exit_group resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5390] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.377138][ T5372] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5391 ./strace-static-x86_64: Process 5391 attached [pid 5391] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5391] chdir("./15") = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5391] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5392], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5392 [pid 5391] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5392 attached [pid 5392] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5392] memfd_create("syzkaller", 0) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5392] munmap(0x7fac945df000, 16777216) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] mkdir("./bus", 0777) = 0 [ 77.035260][ T5392] loop0: detected capacity change from 0 to 32768 [ 77.048555][ T5392] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5392) [ 77.085161][ T5392] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.094318][ T5392] BTRFS info (device loop0): doing ref verification [ 77.101185][ T5392] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.112296][ T5392] BTRFS info (device loop0): force zlib compression, level 3 [ 77.120128][ T5392] BTRFS info (device loop0): allowing degraded mounts [ 77.127165][ T5392] BTRFS info (device loop0): using free space tree [pid 5392] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./bus") = 0 [pid 5392] ioctl(4, LOOP_CLR_FD) = 0 [pid 5392] close(4) = 0 [pid 5392] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5392] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5391] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5409], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5409 [pid 5391] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5392] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5409 attached ) = 0 [pid 5409] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5392] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5409] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5409] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] exit_group(0 [pid 5409] <... futex resumed>) = ? [pid 5392] <... futex resumed>) = ? [pid 5391] <... exit_group resumed>) = ? [pid 5409] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5391, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [ 77.177282][ T5392] BTRFS info (device loop0): auto enabling async discard umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5411 ./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5411] chdir("./16") = 0 [pid 5411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5411] setpgid(0, 0) = 0 [pid 5411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5411] write(3, "1000", 4) = 4 [pid 5411] close(3) = 0 [pid 5411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5411] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5411] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5411] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5412], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5412 [pid 5411] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5412 attached [pid 5412] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5412] memfd_create("syzkaller", 0) = 3 [pid 5412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5412] munmap(0x7fac945df000, 16777216) = 0 [pid 5412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5412] close(3) = 0 [pid 5412] mkdir("./bus", 0777) = 0 [ 77.710650][ T5412] loop0: detected capacity change from 0 to 32768 [ 77.722233][ T5412] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5412) [ 77.741115][ T5412] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.749924][ T5412] BTRFS info (device loop0): doing ref verification [pid 5412] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5412] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5412] chdir("./bus") = 0 [pid 5412] ioctl(4, LOOP_CLR_FD) = 0 [pid 5412] close(4) = 0 [pid 5412] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5411] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5412] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5411] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5411] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5411] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5429], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5429 [ 77.756620][ T5412] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.767729][ T5412] BTRFS info (device loop0): force zlib compression, level 3 [ 77.775151][ T5412] BTRFS info (device loop0): allowing degraded mounts [ 77.782015][ T5412] BTRFS info (device loop0): using free space tree [ 77.802650][ T5412] BTRFS info (device loop0): auto enabling async discard [pid 5411] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5412] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5429 attached ) = 0 [pid 5429] set_robust_list(0x7fac955de9e0, 24) = 0 [pid 5429] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5412] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = 0 [pid 5411] exit_group(0) = ? [pid 5429] <... futex resumed>) = ? [pid 5429] +++ exited with 0 +++ [pid 5412] <... futex resumed>) = ? [pid 5412] +++ exited with 0 +++ [pid 5411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5411, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571f75d0) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5431] chdir("./17") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5431] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5432], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5432 [pid 5431] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5432 attached [pid 5432] set_robust_list(0x7fac9c9ff9e0, 24) = 0 [pid 5432] memfd_create("syzkaller", 0) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5432] munmap(0x7fac945df000, 16777216) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] mkdir("./bus", 0777) = 0 [ 78.262317][ T5432] loop0: detected capacity change from 0 to 32768 [ 78.274881][ T5432] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5432) [ 78.292629][ T5432] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.301633][ T5432] BTRFS info (device loop0): doing ref verification [pid 5432] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5432] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5432] chdir("./bus") = 0 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 1 [pid 5432] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5432] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5431] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5449 attached , parent_tid=[5449], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5449 [pid 5431] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 1 [pid 5449] set_robust_list(0x7fac955de9e0, 24 [pid 5432] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5449] <... set_robust_list resumed>) = 0 [pid 5432] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5432] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [pid 5432] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5449] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5449] futex(0x7fac9cadd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0 [pid 5432] <... futex resumed>) = ? [pid 5449] <... futex resumed>) = ? [pid 5431] <... exit_group resumed>) = ? [pid 5449] +++ exited with 0 +++ [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555571f8620 /* 4 entries */, 32768) = 104 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 78.308517][ T5432] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.319759][ T5432] BTRFS info (device loop0): force zlib compression, level 3 [ 78.327364][ T5432] BTRFS info (device loop0): allowing degraded mounts [ 78.334180][ T5432] BTRFS info (device loop0): using free space tree [ 78.355194][ T5432] BTRFS info (device loop0): auto enabling async discard umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557200660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557200660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x5555571f8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5450 attached , child_tidptr=0x5555571f75d0) = 5450 [pid 5450] set_robust_list(0x5555571f75e0, 24) = 0 [pid 5450] chdir("./18") = 0 [pid 5450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5450] setpgid(0, 0) = 0 [pid 5450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5450] write(3, "1000", 4) = 4 [pid 5450] close(3) = 0 [pid 5450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5450] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac9c9df000 [pid 5450] mprotect(0x7fac9c9e0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] clone(child_stack=0x7fac9c9ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5451 attached , parent_tid=[5451], tls=0x7fac9c9ff700, child_tidptr=0x7fac9c9ff9d0) = 5451 [pid 5451] set_robust_list(0x7fac9c9ff9e0, 24 [pid 5450] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] <... set_robust_list resumed>) = 0 [pid 5450] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5451] memfd_create("syzkaller", 0) = 3 [pid 5451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac945df000 [pid 5451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5451] munmap(0x7fac945df000, 16777216) = 0 [pid 5451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5451] close(3) = 0 [pid 5451] mkdir("./bus", 0777) = 0 [ 78.743790][ T5451] loop0: detected capacity change from 0 to 32768 [ 78.758585][ T5451] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5451) [ 78.778228][ T5451] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.787013][ T5451] BTRFS info (device loop0): doing ref verification [ 78.793637][ T5451] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.804484][ T5451] BTRFS info (device loop0): force zlib compression, level 3 [ 78.811972][ T5451] BTRFS info (device loop0): allowing degraded mounts [ 78.818864][ T5451] BTRFS info (device loop0): using free space tree [pid 5451] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5451] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5451] chdir("./bus") = 0 [pid 5451] ioctl(4, LOOP_CLR_FD) = 0 [pid 5451] close(4) = 0 [pid 5451] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = 1 [pid 5450] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7fac9cadd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5451] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7fac9cadd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7fac9cadd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fac955be000 [pid 5450] mprotect(0x7fac955bf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] clone(child_stack=0x7fac955de3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5468], tls=0x7fac955de700, child_tidptr=0x7fac955de9d0) = 5468 [pid 5450] futex(0x7fac9cadd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5468 attached [pid 5468] set_robust_list(0x7fac955de9e0, 24 [pid 5450] futex(0x7fac9cadd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... set_robust_list resumed>) = 0 [pid 5468] ioctl(4, BTRFS_IOC_ADD_DEV, NULL [ 78.841141][ T5451] BTRFS info (device loop0): auto enabling async discard [pid 5451] ioctl(4, BTRFS_IOC_ADD_DEV, NULL) = -1 EFAULT (Bad address) [pid 5451] futex(0x7fac9cadd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.881653][ T5468] assertion failed: fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE || fs_info->exclusive_operation == BTRFS_EXCLOP_DEV_ADD, in fs/btrfs/ioctl.c:457 [ 78.897931][ T5468] ------------[ cut here ]------------ [ 78.903437][ T5468] kernel BUG at fs/btrfs/messages.c:259! [ 78.909175][ T5468] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 78.915359][ T5468] CPU: 1 PID: 5468 Comm: syz-executor196 Not tainted 6.2.0-syzkaller-13163-g04a357b1f6f0 #0 [ 78.925455][ T5468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 78.935709][ T5468] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 78.941224][ T5468] Code: df e8 9c 03 2d f7 e9 50 fb ff ff e8 22 86 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 60 55 4c 8b e8 e8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 53 8d d6 f6 48 [ 78.960860][ T5468] RSP: 0018:ffffc90004cdfea0 EFLAGS: 00010246 [ 78.966987][ T5468] RAX: 0000000000000097 RBX: 00000000fffffff2 RCX: bf18fff7d3f01a00 [ 78.975030][ T5468] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 78.983030][ T5468] RBP: 0000000000000000 R08: ffffffff816fd91c R09: fffff5200099bf8d [ 78.991030][ T5468] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 78.999059][ T5468] R13: 0000000000000003 R14: ffff888075670680 R15: 1ffff1100eace41a [ 79.007066][ T5468] FS: 00007fac955de700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 79.016028][ T5468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.022643][ T5468] CR2: 0000000000000000 CR3: 000000002b02a000 CR4: 00000000003506e0 [ 79.030644][ T5468] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.038896][ T5468] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.046886][ T5468] Call Trace: [ 79.050173][ T5468] [ 79.053100][ T5468] btrfs_ioctl_add_dev+0x347/0x480 [ 79.058226][ T5468] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 79.064655][ T5468] __se_sys_ioctl+0xf1/0x160 [ 79.069270][ T5468] do_syscall_64+0x41/0xc0 [ 79.073714][ T5468] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.079623][ T5468] RIP: 0033:0x7fac9ca535d9 [ 79.084045][ T5468] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.103750][ T5468] RSP: 002b:00007fac955de2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.112187][ T5468] RAX: ffffffffffffffda RBX: 00007fac9cadd7b0 RCX: 00007fac9ca535d9 [ 79.120165][ T5468] RDX: 0000000000000000 RSI: 000000005000940a RDI: 0000000000000004 [pid 5451] futex(0x7fac9cadd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 79.128147][ T5468] RBP: 61635f6563617073 R08: 00007fac955de700 R09: 0000000000000000 [ 79.136121][ T5468] R10: 00007fac955de700 R11: 0000000000000246 R12: 73736572706d6f63 [ 79.144101][ T5468] R13: 61635f65646f6e69 R14: 697265765f666572 R15: 00007fac9cadd7b8 [ 79.152101][ T5468] [ 79.155118][ T5468] Modules linked in: [ 79.159060][ T5468] ---[ end trace 0000000000000000 ]--- [ 79.164534][ T5468] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 79.170051][ T5468] Code: df e8 9c 03 2d f7 e9 50 fb ff ff e8 22 86 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 60 55 4c 8b e8 e8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 53 8d d6 f6 48 [ 79.189710][ T5468] RSP: 0018:ffffc90004cdfea0 EFLAGS: 00010246 [ 79.195801][ T5468] RAX: 0000000000000097 RBX: 00000000fffffff2 RCX: bf18fff7d3f01a00 [ 79.203830][ T5468] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 79.211844][ T5468] RBP: 0000000000000000 R08: ffffffff816fd91c R09: fffff5200099bf8d [ 79.219850][ T5468] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 79.227957][ T5468] R13: 0000000000000003 R14: ffff888075670680 R15: 1ffff1100eace41a [ 79.235943][ T5468] FS: 00007fac955de700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 79.244902][ T5468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.251550][ T5468] CR2: 0000000000000000 CR3: 000000002b02a000 CR4: 00000000003506e0 [ 79.259570][ T5468] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.267582][ T5468] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.275572][ T5468] Kernel panic - not syncing: Fatal exception [ 79.281892][ T5468] Kernel Offset: disabled [ 79.286235][ T5468] Rebooting in 86400 seconds..