./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2483211029 <...> Warning: Permanently added '10.128.0.98' (ED25519) to the list of known hosts. execve("./syz-executor2483211029", ["./syz-executor2483211029"], 0x7fff9ec2dde0 /* 10 vars */) = 0 brk(NULL) = 0x55555703f000 brk(0x55555703fd40) = 0x55555703fd40 arch_prctl(ARCH_SET_FS, 0x55555703f3c0) = 0 set_tid_address(0x55555703f690) = 5015 set_robust_list(0x55555703f6a0, 24) = 0 rseq(0x55555703fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2483211029", 4096) = 28 getrandom("\x9c\xdd\x15\x7e\x7d\xc8\x29\xda", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555703fd40 brk(0x555557060d40) = 0x555557060d40 brk(0x555557061000) = 0x555557061000 mprotect(0x7f32aa3f9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5015 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5015", 4) = 4 close(3) = 0 mkdir("./syzkaller.yFt3lu", 0700) = 0 chmod("./syzkaller.yFt3lu", 0777) = 0 chdir("./syzkaller.yFt3lu") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5016 ./strace-static-x86_64: Process 5016 attached [pid 5016] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5016] chdir("./0") = 0 [pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5016] setpgid(0, 0) = 0 [pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5016] write(3, "1000", 4) = 4 [pid 5016] close(3) = 0 [pid 5016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5016] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5016] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5016] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5018 attached => {parent_tid=[5018]}, 88) = 5018 [pid 5018] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5016] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5018] <... rseq resumed>) = 0 [pid 5018] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5018] memfd_create("syzkaller", 0) = 3 [pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [ 69.734326][ T5018] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5018 'syz-executor248' [pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5018] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5018] close(3) = 0 [pid 5018] mkdir("./file0", 0777) = 0 [ 69.930599][ T5018] loop0: detected capacity change from 0 to 32768 [ 69.943453][ T5018] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5018) [ 69.964420][ T5018] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 69.973862][ T5018] BTRFS info (device loop0): force clearing of disk cache [ 69.981280][ T5018] BTRFS info (device loop0): setting nodatasum [ 69.988531][ T5018] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 69.998253][ T5018] BTRFS info (device loop0): use lzo compression, level 0 [ 70.006132][ T5018] BTRFS info (device loop0): max_inline at 0 [ 70.012175][ T5018] BTRFS info (device loop0): enabling disk space caching [ 70.019560][ T5018] BTRFS info (device loop0): disk space caching is enabled [ 70.046484][ T5018] BTRFS info (device loop0): enabling ssd optimizations [ 70.053592][ T5018] BTRFS info (device loop0): auto enabling async discard [ 70.062945][ T5018] BTRFS info (device loop0): rebuilding free space tree [pid 5018] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5018] chdir("./file0") = 0 [pid 5018] ioctl(4, LOOP_CLR_FD) = 0 [pid 5018] close(4) = 0 [pid 5018] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... futex resumed>) = 1 [pid 5018] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5018] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... futex resumed>) = 1 [ 70.089073][ T5018] BTRFS info (device loop0): disabling free space tree [ 70.096536][ T5018] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 70.106627][ T5018] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5018] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5016] exit_group(0) = ? [pid 5018] <... write resumed>) = ? [pid 5018] +++ exited with 0 +++ [pid 5016] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5016, si_uid=0, si_status=0, si_utime=0, si_stime=52 /* 0.52 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5039] chdir("./1") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... clone resumed>, child_tidptr=0x55555703f690) = 5039 [pid 5039] <... futex resumed>) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5039] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5040 attached [pid 5040] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5039] <... clone3 resumed> => {parent_tid=[5040]}, 88) = 5040 [pid 5040] <... rseq resumed>) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] set_robust_list(0x7f32aa32f9a0, 24 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] <... set_robust_list resumed>) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] memfd_create("syzkaller", 0) = 3 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5040] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file0", 0777) = 0 [ 70.872003][ T5040] loop0: detected capacity change from 0 to 32768 [ 70.882359][ T5040] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5040) [ 70.900795][ T5040] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 70.910206][ T5040] BTRFS info (device loop0): force clearing of disk cache [ 70.917469][ T5040] BTRFS info (device loop0): setting nodatasum [ 70.923934][ T5040] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 70.933530][ T5040] BTRFS info (device loop0): use lzo compression, level 0 [ 70.940721][ T5040] BTRFS info (device loop0): max_inline at 0 [ 70.946785][ T5040] BTRFS info (device loop0): enabling disk space caching [ 70.954046][ T5040] BTRFS info (device loop0): disk space caching is enabled [ 70.972842][ T5040] BTRFS info (device loop0): enabling ssd optimizations [ 70.979965][ T5040] BTRFS info (device loop0): auto enabling async discard [ 70.988007][ T5040] BTRFS info (device loop0): rebuilding free space tree [ 70.999627][ T5040] BTRFS info (device loop0): disabling free space tree [ 71.006998][ T5040] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5040] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5040] chdir("./file0") = 0 [pid 5040] ioctl(4, LOOP_CLR_FD) = 0 [pid 5040] close(4) = 0 [pid 5040] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5040] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.016715][ T5040] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5040] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5039] exit_group(0) = ? [pid 5040] <... write resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5059 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5059] chdir("./2") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5059] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5060]}, 88) = 5060 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5060] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5060] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file0", 0777) = 0 [ 71.639255][ T5060] loop0: detected capacity change from 0 to 32768 [ 71.650901][ T5060] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5060) [ 71.668568][ T5060] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.677938][ T5060] BTRFS info (device loop0): force clearing of disk cache [ 71.685425][ T5060] BTRFS info (device loop0): setting nodatasum [ 71.691629][ T5060] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 71.700998][ T5060] BTRFS info (device loop0): use lzo compression, level 0 [ 71.708524][ T5060] BTRFS info (device loop0): max_inline at 0 [ 71.714661][ T5060] BTRFS info (device loop0): enabling disk space caching [ 71.721723][ T5060] BTRFS info (device loop0): disk space caching is enabled [ 71.741651][ T5060] BTRFS info (device loop0): enabling ssd optimizations [ 71.748836][ T5060] BTRFS info (device loop0): auto enabling async discard [ 71.756802][ T5060] BTRFS info (device loop0): rebuilding free space tree [pid 5060] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file0") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5060] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.782033][ T5060] BTRFS info (device loop0): disabling free space tree [ 71.789886][ T5060] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.800314][ T5060] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5060] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5059] exit_group(0) = ? [pid 5060] <... write resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5081] chdir("./3") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5081] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5082 attached => {parent_tid=[5082]}, 88) = 5082 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] <... rseq resumed>) = 0 [pid 5082] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5082] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file0", 0777) = 0 [ 72.496525][ T5082] loop0: detected capacity change from 0 to 32768 [ 72.508009][ T5082] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5082) [ 72.524524][ T5082] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 72.533857][ T5082] BTRFS info (device loop0): force clearing of disk cache [ 72.541006][ T5082] BTRFS info (device loop0): setting nodatasum [ 72.547269][ T5082] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 72.556558][ T5082] BTRFS info (device loop0): use lzo compression, level 0 [ 72.563851][ T5082] BTRFS info (device loop0): max_inline at 0 [ 72.569877][ T5082] BTRFS info (device loop0): enabling disk space caching [ 72.577042][ T5082] BTRFS info (device loop0): disk space caching is enabled [ 72.597308][ T5082] BTRFS info (device loop0): enabling ssd optimizations [ 72.604588][ T5082] BTRFS info (device loop0): auto enabling async discard [ 72.613304][ T5082] BTRFS info (device loop0): rebuilding free space tree [ 72.626196][ T5082] BTRFS info (device loop0): disabling free space tree [ 72.633228][ T5082] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5082] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file0") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5081] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 4 [pid 5082] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5081] <... futex resumed>) = 0 [ 72.642894][ T5082] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5081] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5081] exit_group(0) = ? [pid 5082] <... write resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5100] chdir("./4") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5100] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5101 attached => {parent_tid=[5101]}, 88) = 5101 [pid 5101] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] <... rseq resumed>) = 0 [pid 5100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] set_robust_list(0x7f32aa32f9a0, 24 [pid 5100] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5100] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5101] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [ 73.274848][ T5101] loop0: detected capacity change from 0 to 32768 [ 73.285515][ T5101] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5101) [ 73.303852][ T5101] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.313321][ T5101] BTRFS info (device loop0): force clearing of disk cache [ 73.320488][ T5101] BTRFS info (device loop0): setting nodatasum [ 73.327007][ T5101] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 73.336415][ T5101] BTRFS info (device loop0): use lzo compression, level 0 [ 73.343679][ T5101] BTRFS info (device loop0): max_inline at 0 [ 73.349716][ T5101] BTRFS info (device loop0): enabling disk space caching [ 73.356841][ T5101] BTRFS info (device loop0): disk space caching is enabled [ 73.377526][ T5101] BTRFS info (device loop0): enabling ssd optimizations [ 73.384870][ T5101] BTRFS info (device loop0): auto enabling async discard [ 73.393231][ T5101] BTRFS info (device loop0): rebuilding free space tree [ 73.404937][ T5101] BTRFS info (device loop0): disabling free space tree [ 73.411891][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5101] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file0") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5101] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.421640][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5101] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5100] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5100] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5100] exit_group(0) = ? [pid 5101] <... write resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5118 ./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5118] chdir("./5") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5118] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5119]}, 88) = 5119 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5119 attached [pid 5119] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5119] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] memfd_create("syzkaller", 0) = 3 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5119] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5119] close(3) = 0 [pid 5119] mkdir("./file0", 0777) = 0 [ 74.050586][ T5119] loop0: detected capacity change from 0 to 32768 [ 74.061435][ T5119] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5119) [ 74.077451][ T5119] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.087326][ T5119] BTRFS info (device loop0): force clearing of disk cache [ 74.094931][ T5119] BTRFS info (device loop0): setting nodatasum [ 74.101135][ T5119] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 74.110791][ T5119] BTRFS info (device loop0): use lzo compression, level 0 [ 74.118156][ T5119] BTRFS info (device loop0): max_inline at 0 [ 74.124577][ T5119] BTRFS info (device loop0): enabling disk space caching [ 74.131647][ T5119] BTRFS info (device loop0): disk space caching is enabled [ 74.151889][ T5119] BTRFS info (device loop0): enabling ssd optimizations [ 74.159304][ T5119] BTRFS info (device loop0): auto enabling async discard [ 74.167706][ T5119] BTRFS info (device loop0): rebuilding free space tree [ 74.180707][ T5119] BTRFS info (device loop0): disabling free space tree [ 74.188620][ T5119] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5119] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5119] chdir("./file0") = 0 [pid 5119] ioctl(4, LOOP_CLR_FD) = 0 [pid 5119] close(4) = 0 [pid 5119] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... futex resumed>) = 0 [pid 5119] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5119] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... futex resumed>) = 1 [ 74.198383][ T5119] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5119] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5118] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5118] exit_group(0) = ? [pid 5119] <... write resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5136 ./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5136] chdir("./6") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5136] setpgid(0, 0) = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5136] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5137]}, 88) = 5137 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5137 attached [pid 5137] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5137] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5137] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] mkdir("./file0", 0777) = 0 [ 74.842493][ T5137] loop0: detected capacity change from 0 to 32768 [ 74.856413][ T5137] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5137) [ 74.873654][ T5137] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.883167][ T5137] BTRFS info (device loop0): force clearing of disk cache [ 74.890332][ T5137] BTRFS info (device loop0): setting nodatasum [ 74.896641][ T5137] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 74.905894][ T5137] BTRFS info (device loop0): use lzo compression, level 0 [ 74.913149][ T5137] BTRFS info (device loop0): max_inline at 0 [ 74.919185][ T5137] BTRFS info (device loop0): enabling disk space caching [ 74.926358][ T5137] BTRFS info (device loop0): disk space caching is enabled [ 74.947598][ T5137] BTRFS info (device loop0): enabling ssd optimizations [ 74.954797][ T5137] BTRFS info (device loop0): auto enabling async discard [ 74.963694][ T5137] BTRFS info (device loop0): rebuilding free space tree [ 74.976014][ T5137] BTRFS info (device loop0): disabling free space tree [ 74.983269][ T5137] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5137] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file0") = 0 [pid 5137] ioctl(4, LOOP_CLR_FD) = 0 [pid 5137] close(4) = 0 [pid 5137] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5137] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [ 74.993575][ T5137] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5137] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5136] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5136] exit_group(0) = ? [pid 5137] <... write resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5154 ./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5154] chdir("./7") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5154] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5155 attached => {parent_tid=[5155]}, 88) = 5155 [pid 5155] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5155] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5155] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] memfd_create("syzkaller", 0 [pid 5154] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] <... memfd_create resumed>) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5155] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./file0", 0777) = 0 [ 75.664626][ T5155] loop0: detected capacity change from 0 to 32768 [ 75.674590][ T5155] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5155) [ 75.691340][ T5155] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 75.701154][ T5155] BTRFS info (device loop0): force clearing of disk cache [ 75.708768][ T5155] BTRFS info (device loop0): setting nodatasum [ 75.715283][ T5155] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 75.725019][ T5155] BTRFS info (device loop0): use lzo compression, level 0 [ 75.732560][ T5155] BTRFS info (device loop0): max_inline at 0 [ 75.739097][ T5155] BTRFS info (device loop0): enabling disk space caching [ 75.746758][ T5155] BTRFS info (device loop0): disk space caching is enabled [ 75.767764][ T5155] BTRFS info (device loop0): enabling ssd optimizations [ 75.774913][ T5155] BTRFS info (device loop0): auto enabling async discard [ 75.782778][ T5155] BTRFS info (device loop0): rebuilding free space tree [ 75.794886][ T5155] BTRFS info (device loop0): disabling free space tree [ 75.801802][ T5155] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5155] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file0") = 0 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] <... futex resumed>) = 0 [pid 5155] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5154] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... openat resumed>) = 4 [pid 5155] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 75.811585][ T5155] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5154] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5154] exit_group(0) = ? [pid 5155] <... write resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5173] chdir("./8") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5173] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5174]}, 88) = 5174 ./strace-static-x86_64: Process 5174 attached [pid 5174] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5174] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5174] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5173] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5174] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] mkdir("./file0", 0777) = 0 [ 76.456220][ T5174] loop0: detected capacity change from 0 to 32768 [ 76.467630][ T5174] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5174) [ 76.485544][ T5174] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 76.494910][ T5174] BTRFS info (device loop0): force clearing of disk cache [ 76.502052][ T5174] BTRFS info (device loop0): setting nodatasum [ 76.508341][ T5174] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 76.517653][ T5174] BTRFS info (device loop0): use lzo compression, level 0 [ 76.524895][ T5174] BTRFS info (device loop0): max_inline at 0 [ 76.530925][ T5174] BTRFS info (device loop0): enabling disk space caching [ 76.538061][ T5174] BTRFS info (device loop0): disk space caching is enabled [ 76.556549][ T5174] BTRFS info (device loop0): enabling ssd optimizations [ 76.563724][ T5174] BTRFS info (device loop0): auto enabling async discard [ 76.572311][ T5174] BTRFS info (device loop0): rebuilding free space tree [ 76.584526][ T5174] BTRFS info (device loop0): disabling free space tree [ 76.591627][ T5174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5174] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file0") = 0 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5174] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5173] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... openat resumed>) = 4 [pid 5174] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.601391][ T5174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5174] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5173] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5173] exit_group(0) = ? [pid 5174] <... write resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5191] chdir("./9") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5191] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5191] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5192]}, 88) = 5192 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5191] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5192 attached [pid 5192] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5192] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5192] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file0", 0777) = 0 [ 77.248288][ T5192] loop0: detected capacity change from 0 to 32768 [ 77.260173][ T5192] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5192) [ 77.279317][ T5192] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 77.289388][ T5192] BTRFS info (device loop0): force clearing of disk cache [ 77.297069][ T5192] BTRFS info (device loop0): setting nodatasum [ 77.303870][ T5192] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 77.313326][ T5192] BTRFS info (device loop0): use lzo compression, level 0 [ 77.320786][ T5192] BTRFS info (device loop0): max_inline at 0 [ 77.326878][ T5192] BTRFS info (device loop0): enabling disk space caching [ 77.334275][ T5192] BTRFS info (device loop0): disk space caching is enabled [ 77.364856][ T5192] BTRFS info (device loop0): enabling ssd optimizations [ 77.371960][ T5192] BTRFS info (device loop0): auto enabling async discard [ 77.382201][ T5192] BTRFS info (device loop0): rebuilding free space tree [ 77.395044][ T5192] BTRFS info (device loop0): disabling free space tree [ 77.402315][ T5192] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5192] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file0") = 0 [pid 5192] ioctl(4, LOOP_CLR_FD) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5192] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [ 77.412454][ T5192] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5192] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5191] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5191] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5191] exit_group(0 [pid 5192] <... write resumed>) = ? [pid 5191] <... exit_group resumed>) = ? [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5209] chdir("./10") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5209] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5210]}, 88) = 5210 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5209] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5210 attached [pid 5210] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5210] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5210] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [ 78.032995][ T5210] loop0: detected capacity change from 0 to 32768 [ 78.044227][ T5210] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5210) [ 78.060258][ T5210] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.069652][ T5210] BTRFS info (device loop0): force clearing of disk cache [ 78.076849][ T5210] BTRFS info (device loop0): setting nodatasum [ 78.083020][ T5210] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 78.092434][ T5210] BTRFS info (device loop0): use lzo compression, level 0 [ 78.099730][ T5210] BTRFS info (device loop0): max_inline at 0 [ 78.105864][ T5210] BTRFS info (device loop0): enabling disk space caching [ 78.112901][ T5210] BTRFS info (device loop0): disk space caching is enabled [ 78.132319][ T5210] BTRFS info (device loop0): enabling ssd optimizations [ 78.139577][ T5210] BTRFS info (device loop0): auto enabling async discard [ 78.147412][ T5210] BTRFS info (device loop0): rebuilding free space tree [ 78.159324][ T5210] BTRFS info (device loop0): disabling free space tree [ 78.166339][ T5210] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5210] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file0") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5209] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... openat resumed>) = 4 [pid 5210] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.176096][ T5210] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5210] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5209] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5209] exit_group(0) = ? [pid 5210] <... write resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5227 ./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5227] chdir("./11") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5227] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5228]}, 88) = 5228 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5228 attached [pid 5228] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5228] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5228] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file0", 0777) = 0 [ 78.855158][ T5228] loop0: detected capacity change from 0 to 32768 [ 78.867192][ T5228] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5228) [ 78.883692][ T5228] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.893182][ T5228] BTRFS info (device loop0): force clearing of disk cache [ 78.900353][ T5228] BTRFS info (device loop0): setting nodatasum [ 78.906619][ T5228] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 78.915955][ T5228] BTRFS info (device loop0): use lzo compression, level 0 [ 78.923192][ T5228] BTRFS info (device loop0): max_inline at 0 [ 78.929239][ T5228] BTRFS info (device loop0): enabling disk space caching [ 78.936355][ T5228] BTRFS info (device loop0): disk space caching is enabled [ 78.957640][ T5228] BTRFS info (device loop0): enabling ssd optimizations [ 78.964750][ T5228] BTRFS info (device loop0): auto enabling async discard [ 78.972670][ T5228] BTRFS info (device loop0): rebuilding free space tree [ 78.984995][ T5228] BTRFS info (device loop0): disabling free space tree [ 78.991946][ T5228] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5228] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file0") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [pid 5228] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5227] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... openat resumed>) = 4 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [ 79.001730][ T5228] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5228] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5227] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5227] exit_group(0) = ? [pid 5228] <... write resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5245 ./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5245] chdir("./12") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5245] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5246 attached => {parent_tid=[5246]}, 88) = 5246 [pid 5246] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5246] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 0 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5246] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file0", 0777) = 0 [ 79.685187][ T5246] loop0: detected capacity change from 0 to 32768 [ 79.697790][ T5246] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5246) [ 79.715607][ T5246] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 79.725084][ T5246] BTRFS info (device loop0): force clearing of disk cache [ 79.732226][ T5246] BTRFS info (device loop0): setting nodatasum [ 79.738896][ T5246] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 79.748276][ T5246] BTRFS info (device loop0): use lzo compression, level 0 [ 79.756031][ T5246] BTRFS info (device loop0): max_inline at 0 [ 79.762057][ T5246] BTRFS info (device loop0): enabling disk space caching [ 79.769211][ T5246] BTRFS info (device loop0): disk space caching is enabled [ 79.788778][ T5246] BTRFS info (device loop0): enabling ssd optimizations [ 79.795867][ T5246] BTRFS info (device loop0): auto enabling async discard [ 79.803836][ T5246] BTRFS info (device loop0): rebuilding free space tree [ 79.815530][ T5246] BTRFS info (device loop0): disabling free space tree [ 79.822451][ T5246] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5246] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file0") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5245] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... openat resumed>) = 4 [pid 5246] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 1 [pid 5245] <... futex resumed>) = 0 [ 79.832229][ T5246] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5245] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5245] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5245] exit_group(0 [pid 5246] <... write resumed>) = ? [pid 5245] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5263] chdir("./13") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5263] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5264]}, 88) = 5264 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5264] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5264] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file0", 0777) = 0 [ 80.470344][ T5264] loop0: detected capacity change from 0 to 32768 [ 80.479756][ T5264] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5264) [ 80.498810][ T5264] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 80.508317][ T5264] BTRFS info (device loop0): force clearing of disk cache [ 80.515533][ T5264] BTRFS info (device loop0): setting nodatasum [ 80.521706][ T5264] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 80.531012][ T5264] BTRFS info (device loop0): use lzo compression, level 0 [ 80.538497][ T5264] BTRFS info (device loop0): max_inline at 0 [ 80.544593][ T5264] BTRFS info (device loop0): enabling disk space caching [ 80.551667][ T5264] BTRFS info (device loop0): disk space caching is enabled [ 80.573252][ T5264] BTRFS info (device loop0): enabling ssd optimizations [ 80.580342][ T5264] BTRFS info (device loop0): auto enabling async discard [ 80.588706][ T5264] BTRFS info (device loop0): rebuilding free space tree [ 80.602908][ T5264] BTRFS info (device loop0): disabling free space tree [ 80.610065][ T5264] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5264] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file0") = 0 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [pid 5264] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... openat resumed>) = 4 [pid 5264] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.619810][ T5264] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5264] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5263] exit_group(0) = ? [pid 5264] <... write resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5281] chdir("./14") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5281] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5281] <... clone3 resumed> => {parent_tid=[5282]}, 88) = 5282 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] <... rseq resumed>) = 0 [pid 5282] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5282] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file0", 0777) = 0 [ 81.289247][ T5282] loop0: detected capacity change from 0 to 32768 [ 81.300783][ T5282] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5282) [ 81.318590][ T5282] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.328196][ T5282] BTRFS info (device loop0): force clearing of disk cache [ 81.335872][ T5282] BTRFS info (device loop0): setting nodatasum [ 81.342186][ T5282] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 81.351515][ T5282] BTRFS info (device loop0): use lzo compression, level 0 [ 81.358827][ T5282] BTRFS info (device loop0): max_inline at 0 [ 81.365104][ T5282] BTRFS info (device loop0): enabling disk space caching [ 81.372284][ T5282] BTRFS info (device loop0): disk space caching is enabled [ 81.392550][ T5282] BTRFS info (device loop0): enabling ssd optimizations [ 81.399816][ T5282] BTRFS info (device loop0): auto enabling async discard [ 81.407903][ T5282] BTRFS info (device loop0): rebuilding free space tree [ 81.419780][ T5282] BTRFS info (device loop0): disabling free space tree [ 81.426840][ T5282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5282] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file0") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5282] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5281] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... openat resumed>) = 4 [pid 5282] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5281] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.436568][ T5282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5281] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5281] exit_group(0) = ? [pid 5282] <... write resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5299 ./strace-static-x86_64: Process 5299 attached [pid 5299] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5299] chdir("./15") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5299] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5300]}, 88) = 5300 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5299] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5300 attached [pid 5300] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5300] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5300] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] mkdir("./file0", 0777) = 0 [ 82.303260][ T5300] loop0: detected capacity change from 0 to 32768 [ 82.315922][ T5300] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5300) [ 82.349460][ T5300] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.359394][ T5300] BTRFS info (device loop0): force clearing of disk cache [ 82.367489][ T5300] BTRFS info (device loop0): setting nodatasum [ 82.375411][ T5300] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 82.385365][ T5300] BTRFS info (device loop0): use lzo compression, level 0 [ 82.392579][ T5300] BTRFS info (device loop0): max_inline at 0 [ 82.398824][ T5300] BTRFS info (device loop0): enabling disk space caching [ 82.405969][ T5300] BTRFS info (device loop0): disk space caching is enabled [ 82.427021][ T5300] BTRFS info (device loop0): enabling ssd optimizations [ 82.434136][ T5300] BTRFS info (device loop0): auto enabling async discard [ 82.442185][ T5300] BTRFS info (device loop0): rebuilding free space tree [pid 5300] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file0") = 0 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5300] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [ 82.454290][ T5300] BTRFS info (device loop0): disabling free space tree [ 82.461288][ T5300] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 82.471071][ T5300] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5300] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5299] exit_group(0) = ? [pid 5300] <... write resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5317] chdir("./16") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5317] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5318 attached => {parent_tid=[5318]}, 88) = 5318 [pid 5318] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] <... rseq resumed>) = 0 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] set_robust_list(0x7f32aa32f9a0, 24 [pid 5317] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... set_robust_list resumed>) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5318] memfd_create("syzkaller", 0 [pid 5317] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5318] <... memfd_create resumed>) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5318] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./file0", 0777) = 0 [ 83.123523][ T5318] loop0: detected capacity change from 0 to 32768 [ 83.132901][ T5318] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5318) [ 83.150909][ T5318] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.160348][ T5318] BTRFS info (device loop0): force clearing of disk cache [ 83.167632][ T5318] BTRFS info (device loop0): setting nodatasum [ 83.173879][ T5318] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 83.183263][ T5318] BTRFS info (device loop0): use lzo compression, level 0 [ 83.190458][ T5318] BTRFS info (device loop0): max_inline at 0 [ 83.196540][ T5318] BTRFS info (device loop0): enabling disk space caching [ 83.203671][ T5318] BTRFS info (device loop0): disk space caching is enabled [ 83.223305][ T5318] BTRFS info (device loop0): enabling ssd optimizations [ 83.230295][ T5318] BTRFS info (device loop0): auto enabling async discard [ 83.238283][ T5318] BTRFS info (device loop0): rebuilding free space tree [ 83.250088][ T5318] BTRFS info (device loop0): disabling free space tree [ 83.257097][ T5318] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5318] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file0") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5318] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5317] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.266846][ T5318] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5317] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5317] exit_group(0) = ? [pid 5318] <... write resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5335 ./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5335] chdir("./17") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5335] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5336]}, 88) = 5336 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5336 attached [pid 5336] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5336] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5336] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./file0", 0777) = 0 [ 83.922284][ T5336] loop0: detected capacity change from 0 to 32768 [ 83.931983][ T5336] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5336) [ 83.947763][ T5336] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.957587][ T5336] BTRFS info (device loop0): force clearing of disk cache [ 83.965062][ T5336] BTRFS info (device loop0): setting nodatasum [ 83.971289][ T5336] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 83.981149][ T5336] BTRFS info (device loop0): use lzo compression, level 0 [ 83.988496][ T5336] BTRFS info (device loop0): max_inline at 0 [ 83.994941][ T5336] BTRFS info (device loop0): enabling disk space caching [ 84.002010][ T5336] BTRFS info (device loop0): disk space caching is enabled [ 84.022594][ T5336] BTRFS info (device loop0): enabling ssd optimizations [ 84.029665][ T5336] BTRFS info (device loop0): auto enabling async discard [ 84.037648][ T5336] BTRFS info (device loop0): rebuilding free space tree [ 84.049167][ T5336] BTRFS info (device loop0): disabling free space tree [ 84.056223][ T5336] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5336] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./file0") = 0 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5336] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 84.066027][ T5336] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5336] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5335] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5335] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5335] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5335] exit_group(0) = ? [pid 5336] <... write resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5353] chdir("./18") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5353] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5354 attached => {parent_tid=[5354]}, 88) = 5354 [pid 5354] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5354] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5354] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5353] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5354] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file0", 0777) = 0 [ 84.720254][ T5354] loop0: detected capacity change from 0 to 32768 [ 84.731825][ T5354] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5354) [ 84.747185][ T5354] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.756754][ T5354] BTRFS info (device loop0): force clearing of disk cache [ 84.764286][ T5354] BTRFS info (device loop0): setting nodatasum [ 84.770471][ T5354] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 84.780121][ T5354] BTRFS info (device loop0): use lzo compression, level 0 [ 84.787377][ T5354] BTRFS info (device loop0): max_inline at 0 [ 84.793701][ T5354] BTRFS info (device loop0): enabling disk space caching [ 84.800756][ T5354] BTRFS info (device loop0): disk space caching is enabled [ 84.820625][ T5354] BTRFS info (device loop0): enabling ssd optimizations [ 84.827818][ T5354] BTRFS info (device loop0): auto enabling async discard [ 84.835925][ T5354] BTRFS info (device loop0): rebuilding free space tree [ 84.848096][ T5354] BTRFS info (device loop0): disabling free space tree [ 84.855186][ T5354] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5354] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file0") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5353] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... openat resumed>) = 4 [pid 5354] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5353] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 84.865050][ T5354] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5353] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5353] exit_group(0) = ? [pid 5354] <... write resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x55555703f690) = 5371 [pid 5371] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5371] chdir("./19") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5371] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5372 attached => {parent_tid=[5372]}, 88) = 5372 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5372] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5372] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file0", 0777) = 0 [ 85.561078][ T5372] loop0: detected capacity change from 0 to 32768 [ 85.571875][ T5372] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5372) [ 85.589542][ T5372] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 85.599100][ T5372] BTRFS info (device loop0): force clearing of disk cache [ 85.606652][ T5372] BTRFS info (device loop0): setting nodatasum [ 85.613134][ T5372] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 85.622370][ T5372] BTRFS info (device loop0): use lzo compression, level 0 [ 85.629688][ T5372] BTRFS info (device loop0): max_inline at 0 [ 85.635757][ T5372] BTRFS info (device loop0): enabling disk space caching [ 85.642788][ T5372] BTRFS info (device loop0): disk space caching is enabled [ 85.671869][ T5372] BTRFS info (device loop0): enabling ssd optimizations [ 85.679023][ T5372] BTRFS info (device loop0): auto enabling async discard [ 85.687279][ T5372] BTRFS info (device loop0): rebuilding free space tree [ 85.699418][ T5372] BTRFS info (device loop0): disabling free space tree [ 85.706512][ T5372] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5372] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file0") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5372] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5371] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... openat resumed>) = 4 [pid 5372] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5372] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 85.716555][ T5372] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5371] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5371] exit_group(0) = ? [pid 5372] <... write resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5389] chdir("./20") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5389] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5390]}, 88) = 5390 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5390 attached [pid 5390] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5390] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5390] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [ 86.413612][ T5390] loop0: detected capacity change from 0 to 32768 [ 86.422933][ T5390] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5390) [ 86.441239][ T5390] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.450649][ T5390] BTRFS info (device loop0): force clearing of disk cache [ 86.457889][ T5390] BTRFS info (device loop0): setting nodatasum [ 86.464132][ T5390] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 86.473408][ T5390] BTRFS info (device loop0): use lzo compression, level 0 [ 86.480600][ T5390] BTRFS info (device loop0): max_inline at 0 [ 86.486665][ T5390] BTRFS info (device loop0): enabling disk space caching [ 86.493766][ T5390] BTRFS info (device loop0): disk space caching is enabled [ 86.513300][ T5390] BTRFS info (device loop0): enabling ssd optimizations [ 86.520778][ T5390] BTRFS info (device loop0): auto enabling async discard [ 86.528818][ T5390] BTRFS info (device loop0): rebuilding free space tree [ 86.540420][ T5390] BTRFS info (device loop0): disabling free space tree [ 86.547443][ T5390] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5389] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... openat resumed>) = 4 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [ 86.557948][ T5390] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5390] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5389] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5389] exit_group(0) = ? [pid 5390] <... write resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5407 ./strace-static-x86_64: Process 5407 attached [pid 5407] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5407] chdir("./21") = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5407] write(3, "1000", 4) = 4 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5407] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5407] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5408]}, 88) = 5408 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5407] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5408] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5408] memfd_create("syzkaller", 0) = 3 [pid 5408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [ 86.965781][ T920] cfg80211: failed to load regulatory.db [pid 5408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5408] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5408] close(3) = 0 [pid 5408] mkdir("./file0", 0777) = 0 [ 87.224642][ T5408] loop0: detected capacity change from 0 to 32768 [ 87.235871][ T5408] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5408) [ 87.252532][ T5408] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.261956][ T5408] BTRFS info (device loop0): force clearing of disk cache [ 87.269190][ T5408] BTRFS info (device loop0): setting nodatasum [ 87.275544][ T5408] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 87.285107][ T5408] BTRFS info (device loop0): use lzo compression, level 0 [ 87.292279][ T5408] BTRFS info (device loop0): max_inline at 0 [ 87.298326][ T5408] BTRFS info (device loop0): enabling disk space caching [ 87.305443][ T5408] BTRFS info (device loop0): disk space caching is enabled [ 87.326703][ T5408] BTRFS info (device loop0): enabling ssd optimizations [ 87.333885][ T5408] BTRFS info (device loop0): auto enabling async discard [ 87.341826][ T5408] BTRFS info (device loop0): rebuilding free space tree [ 87.354917][ T5408] BTRFS info (device loop0): disabling free space tree [ 87.362136][ T5408] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5408] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5408] chdir("./file0") = 0 [pid 5408] ioctl(4, LOOP_CLR_FD) = 0 [pid 5408] close(4) = 0 [pid 5408] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 1 [pid 5408] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5408] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 1 [ 87.372005][ T5408] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5408] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5407] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5407] exit_group(0) = ? [pid 5408] <... write resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5407, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5425 ./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5425] chdir("./22") = 0 [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5425] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5425] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5426 attached [pid 5426] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5425] <... clone3 resumed> => {parent_tid=[5426]}, 88) = 5426 [pid 5426] <... rseq resumed>) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5426] set_robust_list(0x7f32aa32f9a0, 24 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5426] <... set_robust_list resumed>) = 0 [pid 5425] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] <... futex resumed>) = 0 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5426] memfd_create("syzkaller", 0) = 3 [pid 5426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5426] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5426] close(3) = 0 [pid 5426] mkdir("./file0", 0777) = 0 [ 88.002158][ T5426] loop0: detected capacity change from 0 to 32768 [ 88.013699][ T5426] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5426) [ 88.029952][ T5426] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.039442][ T5426] BTRFS info (device loop0): force clearing of disk cache [ 88.046677][ T5426] BTRFS info (device loop0): setting nodatasum [ 88.052863][ T5426] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 88.062160][ T5426] BTRFS info (device loop0): use lzo compression, level 0 [ 88.069452][ T5426] BTRFS info (device loop0): max_inline at 0 [ 88.075539][ T5426] BTRFS info (device loop0): enabling disk space caching [ 88.082585][ T5426] BTRFS info (device loop0): disk space caching is enabled [ 88.100759][ T5426] BTRFS info (device loop0): enabling ssd optimizations [ 88.108060][ T5426] BTRFS info (device loop0): auto enabling async discard [ 88.116409][ T5426] BTRFS info (device loop0): rebuilding free space tree [ 88.128682][ T5426] BTRFS info (device loop0): disabling free space tree [ 88.135733][ T5426] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5426] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5426] chdir("./file0") = 0 [pid 5426] ioctl(4, LOOP_CLR_FD) = 0 [pid 5426] close(4) = 0 [pid 5426] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... futex resumed>) = 0 [pid 5426] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5426] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [ 88.145593][ T5426] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5426] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5426] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5425] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5425] exit_group(0) = ? [pid 5426] <... write resumed>) = ? [pid 5426] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5443 ./strace-static-x86_64: Process 5443 attached [pid 5443] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5443] chdir("./23") = 0 [pid 5443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5443] setpgid(0, 0) = 0 [pid 5443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5443] write(3, "1000", 4) = 4 [pid 5443] close(3) = 0 [pid 5443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5443] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5443] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5444]}, 88) = 5444 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5443] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5444 attached [pid 5444] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5444] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5444] memfd_create("syzkaller", 0) = 3 [pid 5444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5444] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] close(3) = 0 [pid 5444] mkdir("./file0", 0777) = 0 [ 88.828043][ T5444] loop0: detected capacity change from 0 to 32768 [ 88.840038][ T5444] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5444) [ 88.856929][ T5444] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.866273][ T5444] BTRFS info (device loop0): force clearing of disk cache [ 88.873542][ T5444] BTRFS info (device loop0): setting nodatasum [ 88.879755][ T5444] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 88.889110][ T5444] BTRFS info (device loop0): use lzo compression, level 0 [ 88.896426][ T5444] BTRFS info (device loop0): max_inline at 0 [ 88.902494][ T5444] BTRFS info (device loop0): enabling disk space caching [ 88.909760][ T5444] BTRFS info (device loop0): disk space caching is enabled [ 88.930897][ T5444] BTRFS info (device loop0): enabling ssd optimizations [ 88.937998][ T5444] BTRFS info (device loop0): auto enabling async discard [ 88.946131][ T5444] BTRFS info (device loop0): rebuilding free space tree [ 88.958164][ T5444] BTRFS info (device loop0): disabling free space tree [ 88.965231][ T5444] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5444] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5444] chdir("./file0") = 0 [pid 5444] ioctl(4, LOOP_CLR_FD) = 0 [pid 5444] close(4) = 0 [pid 5444] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5444] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5443] <... futex resumed>) = 0 [ 88.975001][ T5444] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5443] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5443] exit_group(0) = ? [pid 5444] <... write resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5443, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5461 ./strace-static-x86_64: Process 5461 attached [pid 5461] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5461] chdir("./24") = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5461] setpgid(0, 0) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] write(3, "1000", 4) = 4 [pid 5461] close(3) = 0 [pid 5461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5461] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5461] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5462]}, 88) = 5462 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5461] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5462 attached [pid 5462] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5462] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] memfd_create("syzkaller", 0) = 3 [pid 5462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5462] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5462] close(3) = 0 [pid 5462] mkdir("./file0", 0777) = 0 [ 89.610573][ T5462] loop0: detected capacity change from 0 to 32768 [ 89.621658][ T5462] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5462) [ 89.640006][ T5462] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.649814][ T5462] BTRFS info (device loop0): force clearing of disk cache [ 89.657293][ T5462] BTRFS info (device loop0): setting nodatasum [ 89.663900][ T5462] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 89.673662][ T5462] BTRFS info (device loop0): use lzo compression, level 0 [ 89.680861][ T5462] BTRFS info (device loop0): max_inline at 0 [ 89.687205][ T5462] BTRFS info (device loop0): enabling disk space caching [ 89.694501][ T5462] BTRFS info (device loop0): disk space caching is enabled [ 89.714902][ T5462] BTRFS info (device loop0): enabling ssd optimizations [ 89.722011][ T5462] BTRFS info (device loop0): auto enabling async discard [ 89.730046][ T5462] BTRFS info (device loop0): rebuilding free space tree [ 89.741819][ T5462] BTRFS info (device loop0): disabling free space tree [ 89.749136][ T5462] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5462] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5462] chdir("./file0") = 0 [pid 5462] ioctl(4, LOOP_CLR_FD) = 0 [pid 5462] close(4) = 0 [pid 5462] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5461] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... openat resumed>) = 4 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [ 89.758910][ T5462] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5462] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5461] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5461] exit_group(0) = ? [pid 5462] <... write resumed>) = ? [pid 5462] +++ exited with 0 +++ [pid 5461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5479 ./strace-static-x86_64: Process 5479 attached [pid 5479] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5479] chdir("./25") = 0 [pid 5479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5479] setpgid(0, 0) = 0 [pid 5479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5479] write(3, "1000", 4) = 4 [pid 5479] close(3) = 0 [pid 5479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5479] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5479] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5480]}, 88) = 5480 [pid 5479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5479] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5480 attached [pid 5480] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5480] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5480] memfd_create("syzkaller", 0) = 3 [pid 5480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5480] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5480] close(3) = 0 [pid 5480] mkdir("./file0", 0777) = 0 [ 90.431338][ T5480] loop0: detected capacity change from 0 to 32768 [ 90.440577][ T5480] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5480) [ 90.457118][ T5480] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 90.466541][ T5480] BTRFS info (device loop0): force clearing of disk cache [ 90.473764][ T5480] BTRFS info (device loop0): setting nodatasum [ 90.479962][ T5480] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 90.489414][ T5480] BTRFS info (device loop0): use lzo compression, level 0 [ 90.496670][ T5480] BTRFS info (device loop0): max_inline at 0 [ 90.502851][ T5480] BTRFS info (device loop0): enabling disk space caching [ 90.510120][ T5480] BTRFS info (device loop0): disk space caching is enabled [ 90.529046][ T5480] BTRFS info (device loop0): enabling ssd optimizations [ 90.536149][ T5480] BTRFS info (device loop0): auto enabling async discard [ 90.544597][ T5480] BTRFS info (device loop0): rebuilding free space tree [ 90.557619][ T5480] BTRFS info (device loop0): disabling free space tree [ 90.564668][ T5480] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5480] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5480] chdir("./file0") = 0 [pid 5480] ioctl(4, LOOP_CLR_FD) = 0 [pid 5480] close(4) = 0 [pid 5480] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5480] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5479] <... futex resumed>) = 0 [pid 5480] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5479] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... openat resumed>) = 4 [pid 5480] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5480] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5479] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5479] <... futex resumed>) = 0 [ 90.574451][ T5480] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5479] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5479] exit_group(0) = ? [pid 5480] <... write resumed>) = ? [pid 5480] +++ exited with 0 +++ [pid 5479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5479, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5497 ./strace-static-x86_64: Process 5497 attached [pid 5497] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5497] chdir("./26") = 0 [pid 5497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5497] setpgid(0, 0) = 0 [pid 5497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5497] write(3, "1000", 4) = 4 [pid 5497] close(3) = 0 [pid 5497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5497] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5497] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5497] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5498]}, 88) = 5498 [pid 5497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5497] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5498 attached [pid 5498] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5498] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5498] memfd_create("syzkaller", 0) = 3 [pid 5498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5498] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5498] close(3) = 0 [pid 5498] mkdir("./file0", 0777) = 0 [ 91.347122][ T5498] loop0: detected capacity change from 0 to 32768 [ 91.358542][ T5498] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5498) [ 91.375394][ T5498] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 91.384753][ T5498] BTRFS info (device loop0): force clearing of disk cache [ 91.392006][ T5498] BTRFS info (device loop0): setting nodatasum [ 91.398623][ T5498] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 91.408137][ T5498] BTRFS info (device loop0): use lzo compression, level 0 [ 91.415371][ T5498] BTRFS info (device loop0): max_inline at 0 [ 91.421371][ T5498] BTRFS info (device loop0): enabling disk space caching [ 91.428855][ T5498] BTRFS info (device loop0): disk space caching is enabled [ 91.449318][ T5498] BTRFS info (device loop0): enabling ssd optimizations [ 91.456389][ T5498] BTRFS info (device loop0): auto enabling async discard [ 91.464395][ T5498] BTRFS info (device loop0): rebuilding free space tree [ 91.477242][ T5498] BTRFS info (device loop0): disabling free space tree [ 91.484288][ T5498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5498] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5498] chdir("./file0") = 0 [pid 5498] ioctl(4, LOOP_CLR_FD) = 0 [pid 5498] close(4) = 0 [pid 5498] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5497] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... futex resumed>) = 1 [pid 5498] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5498] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] <... futex resumed>) = 0 [pid 5498] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5497] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.494020][ T5498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5497] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5497] exit_group(0) = ? [pid 5498] <... write resumed>) = ? [pid 5498] +++ exited with 0 +++ [pid 5497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5497, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=41 /* 0.41 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5515 ./strace-static-x86_64: Process 5515 attached [pid 5515] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5515] chdir("./27") = 0 [pid 5515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5515] setpgid(0, 0) = 0 [pid 5515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5515] write(3, "1000", 4) = 4 [pid 5515] close(3) = 0 [pid 5515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5515] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5515] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5515] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5515] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5516 attached [pid 5516] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5515] <... clone3 resumed> => {parent_tid=[5516]}, 88) = 5516 [pid 5515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5516] <... rseq resumed>) = 0 [pid 5515] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] set_robust_list(0x7f32aa32f9a0, 24 [pid 5515] <... futex resumed>) = 0 [pid 5516] <... set_robust_list resumed>) = 0 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], [pid 5515] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5516] memfd_create("syzkaller", 0) = 3 [pid 5516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5516] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5516] close(3) = 0 [pid 5516] mkdir("./file0", 0777) = 0 [ 92.212137][ T5516] loop0: detected capacity change from 0 to 32768 [ 92.222292][ T5516] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5516) [ 92.240949][ T5516] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.250661][ T5516] BTRFS info (device loop0): force clearing of disk cache [ 92.258209][ T5516] BTRFS info (device loop0): setting nodatasum [ 92.264631][ T5516] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 92.274418][ T5516] BTRFS info (device loop0): use lzo compression, level 0 [ 92.281632][ T5516] BTRFS info (device loop0): max_inline at 0 [ 92.287911][ T5516] BTRFS info (device loop0): enabling disk space caching [ 92.295223][ T5516] BTRFS info (device loop0): disk space caching is enabled [ 92.315559][ T5516] BTRFS info (device loop0): enabling ssd optimizations [ 92.322562][ T5516] BTRFS info (device loop0): auto enabling async discard [ 92.330670][ T5516] BTRFS info (device loop0): rebuilding free space tree [ 92.342667][ T5516] BTRFS info (device loop0): disabling free space tree [ 92.349766][ T5516] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5516] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5516] chdir("./file0") = 0 [pid 5516] ioctl(4, LOOP_CLR_FD) = 0 [pid 5516] close(4) = 0 [pid 5516] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5515] <... futex resumed>) = 0 [pid 5515] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] <... futex resumed>) = 0 [pid 5516] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5516] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] <... futex resumed>) = 0 [pid 5516] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5515] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.359486][ T5516] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5515] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5515] exit_group(0) = ? [pid 5516] <... write resumed>) = ? [pid 5516] +++ exited with 0 +++ [pid 5515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5515, si_uid=0, si_status=0, si_utime=0, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5533 ./strace-static-x86_64: Process 5533 attached [pid 5533] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5533] chdir("./28") = 0 [pid 5533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5533] setpgid(0, 0) = 0 [pid 5533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5533] write(3, "1000", 4) = 4 [pid 5533] close(3) = 0 [pid 5533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5533] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5533] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5534 attached [pid 5534] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5534] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5534] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5533] <... clone3 resumed> => {parent_tid=[5534]}, 88) = 5534 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5533] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5533] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5534] memfd_create("syzkaller", 0) = 3 [pid 5534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5534] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5534] close(3) = 0 [pid 5534] mkdir("./file0", 0777) = 0 [ 93.026877][ T5534] loop0: detected capacity change from 0 to 32768 [ 93.037122][ T5534] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5534) [ 93.054235][ T5534] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.063621][ T5534] BTRFS info (device loop0): force clearing of disk cache [ 93.070814][ T5534] BTRFS info (device loop0): setting nodatasum [ 93.077274][ T5534] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 93.086578][ T5534] BTRFS info (device loop0): use lzo compression, level 0 [ 93.093806][ T5534] BTRFS info (device loop0): max_inline at 0 [ 93.099846][ T5534] BTRFS info (device loop0): enabling disk space caching [ 93.107082][ T5534] BTRFS info (device loop0): disk space caching is enabled [ 93.128360][ T5534] BTRFS info (device loop0): enabling ssd optimizations [ 93.135641][ T5534] BTRFS info (device loop0): auto enabling async discard [ 93.143923][ T5534] BTRFS info (device loop0): rebuilding free space tree [ 93.156986][ T5534] BTRFS info (device loop0): disabling free space tree [ 93.164019][ T5534] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5534] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5534] chdir("./file0") = 0 [pid 5534] ioctl(4, LOOP_CLR_FD) = 0 [pid 5534] close(4) = 0 [pid 5534] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5533] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... futex resumed>) = 1 [pid 5534] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5534] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5533] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... futex resumed>) = 1 [ 93.173770][ T5534] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5534] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5533] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5533] exit_group(0) = ? [pid 5534] <... write resumed>) = ? [pid 5534] +++ exited with 0 +++ [pid 5533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5533, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5551 ./strace-static-x86_64: Process 5551 attached [pid 5551] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5551] chdir("./29") = 0 [pid 5551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5551] setpgid(0, 0) = 0 [pid 5551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5551] write(3, "1000", 4) = 4 [pid 5551] close(3) = 0 [pid 5551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5551] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5551] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5552 attached => {parent_tid=[5552]}, 88) = 5552 [pid 5552] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5552] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5552] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5551] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5551] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5552] memfd_create("syzkaller", 0) = 3 [pid 5552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5552] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5552] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5552] close(3) = 0 [pid 5552] mkdir("./file0", 0777) = 0 [ 93.799123][ T5552] loop0: detected capacity change from 0 to 32768 [ 93.810488][ T5552] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5552) [ 93.827440][ T5552] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.837225][ T5552] BTRFS info (device loop0): force clearing of disk cache [ 93.845249][ T5552] BTRFS info (device loop0): setting nodatasum [ 93.851799][ T5552] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 93.861824][ T5552] BTRFS info (device loop0): use lzo compression, level 0 [ 93.869432][ T5552] BTRFS info (device loop0): max_inline at 0 [ 93.876058][ T5552] BTRFS info (device loop0): enabling disk space caching [ 93.883235][ T5552] BTRFS info (device loop0): disk space caching is enabled [ 93.902565][ T5552] BTRFS info (device loop0): enabling ssd optimizations [ 93.909639][ T5552] BTRFS info (device loop0): auto enabling async discard [ 93.918001][ T5552] BTRFS info (device loop0): rebuilding free space tree [ 93.930936][ T5552] BTRFS info (device loop0): disabling free space tree [ 93.938046][ T5552] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5552] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5552] chdir("./file0") = 0 [pid 5552] ioctl(4, LOOP_CLR_FD) = 0 [pid 5552] close(4) = 0 [pid 5552] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] <... futex resumed>) = 0 [pid 5552] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5551] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... openat resumed>) = 4 [pid 5551] <... futex resumed>) = 0 [pid 5551] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5551] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] <... futex resumed>) = 1 [ 93.947770][ T5552] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5552] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5551] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5551] exit_group(0) = ? [pid 5552] <... write resumed>) = ? [pid 5552] +++ exited with 0 +++ [pid 5551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5551, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5572 ./strace-static-x86_64: Process 5572 attached [pid 5572] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5572] chdir("./30") = 0 [pid 5572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5572] setpgid(0, 0) = 0 [pid 5572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5572] write(3, "1000", 4) = 4 [pid 5572] close(3) = 0 [pid 5572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5572] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5572] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5573 attached => {parent_tid=[5573]}, 88) = 5573 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5572] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053 [pid 5572] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5573] <... rseq resumed>) = 0 [pid 5573] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5573] memfd_create("syzkaller", 0) = 3 [pid 5573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5573] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5573] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5573] close(3) = 0 [pid 5573] mkdir("./file0", 0777) = 0 [ 94.589481][ T5573] loop0: detected capacity change from 0 to 32768 [ 94.599730][ T5573] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5573) [ 94.616436][ T5573] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.625809][ T5573] BTRFS info (device loop0): force clearing of disk cache [ 94.632975][ T5573] BTRFS info (device loop0): setting nodatasum [ 94.639674][ T5573] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 94.649238][ T5573] BTRFS info (device loop0): use lzo compression, level 0 [ 94.657512][ T5573] BTRFS info (device loop0): max_inline at 0 [ 94.663548][ T5573] BTRFS info (device loop0): enabling disk space caching [ 94.670595][ T5573] BTRFS info (device loop0): disk space caching is enabled [ 94.691077][ T5573] BTRFS info (device loop0): enabling ssd optimizations [ 94.698251][ T5573] BTRFS info (device loop0): auto enabling async discard [ 94.707170][ T5573] BTRFS info (device loop0): rebuilding free space tree [ 94.719196][ T5573] BTRFS info (device loop0): disabling free space tree [ 94.726606][ T5573] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5573] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5573] chdir("./file0") = 0 [pid 5573] ioctl(4, LOOP_CLR_FD) = 0 [pid 5573] close(4) = 0 [pid 5573] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5573] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5572] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5573] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 94.736602][ T5573] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5572] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5572] exit_group(0) = ? [pid 5573] <... write resumed>) = ? [pid 5573] +++ exited with 0 +++ [pid 5572] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5572, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5590 ./strace-static-x86_64: Process 5590 attached [pid 5590] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5590] chdir("./31") = 0 [pid 5590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5590] setpgid(0, 0) = 0 [pid 5590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5590] write(3, "1000", 4) = 4 [pid 5590] close(3) = 0 [pid 5590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5590] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5590] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5591 attached [pid 5591] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5591] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5590] <... clone3 resumed> => {parent_tid=[5591]}, 88) = 5591 [pid 5591] futex(0x7f32aa3ff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5590] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] memfd_create("syzkaller", 0) = 3 [pid 5591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5591] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5591] close(3) = 0 [pid 5591] mkdir("./file0", 0777) = 0 [ 95.415764][ T5591] loop0: detected capacity change from 0 to 32768 [ 95.428309][ T5591] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5591) [ 95.444682][ T5591] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.454226][ T5591] BTRFS info (device loop0): force clearing of disk cache [ 95.461475][ T5591] BTRFS info (device loop0): setting nodatasum [ 95.468255][ T5591] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 95.477841][ T5591] BTRFS info (device loop0): use lzo compression, level 0 [ 95.485133][ T5591] BTRFS info (device loop0): max_inline at 0 [ 95.491154][ T5591] BTRFS info (device loop0): enabling disk space caching [ 95.498815][ T5591] BTRFS info (device loop0): disk space caching is enabled [ 95.518957][ T5591] BTRFS info (device loop0): enabling ssd optimizations [ 95.526171][ T5591] BTRFS info (device loop0): auto enabling async discard [ 95.534244][ T5591] BTRFS info (device loop0): rebuilding free space tree [ 95.546269][ T5591] BTRFS info (device loop0): disabling free space tree [ 95.553319][ T5591] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5591] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5591] chdir("./file0") = 0 [pid 5591] ioctl(4, LOOP_CLR_FD) = 0 [pid 5591] close(4) = 0 [pid 5591] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5590] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... openat resumed>) = 4 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... futex resumed>) = 1 [ 95.562996][ T5591] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5591] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5590] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5590] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5590] exit_group(0 [pid 5591] <... write resumed>) = ? [pid 5590] <... exit_group resumed>) = ? [pid 5591] +++ exited with 0 +++ [pid 5590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5590, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5608 ./strace-static-x86_64: Process 5608 attached [pid 5608] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5608] chdir("./32") = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5608] write(3, "1000", 4) = 4 [pid 5608] close(3) = 0 [pid 5608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5608] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5608] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0}./strace-static-x86_64: Process 5609 attached => {parent_tid=[5609]}, 88) = 5609 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5608] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5609] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5609] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5609] memfd_create("syzkaller", 0) = 3 [pid 5609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5609] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5609] close(3) = 0 [pid 5609] mkdir("./file0", 0777) = 0 [ 96.189697][ T5609] loop0: detected capacity change from 0 to 32768 [ 96.200654][ T5609] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5609) [ 96.216097][ T5609] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.225414][ T5609] BTRFS info (device loop0): force clearing of disk cache [ 96.232540][ T5609] BTRFS info (device loop0): setting nodatasum [ 96.239360][ T5609] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 96.250195][ T5609] BTRFS info (device loop0): use lzo compression, level 0 [ 96.257443][ T5609] BTRFS info (device loop0): max_inline at 0 [ 96.263860][ T5609] BTRFS info (device loop0): enabling disk space caching [ 96.270925][ T5609] BTRFS info (device loop0): disk space caching is enabled [ 96.290113][ T5609] BTRFS info (device loop0): enabling ssd optimizations [ 96.297157][ T5609] BTRFS info (device loop0): auto enabling async discard [ 96.305041][ T5609] BTRFS info (device loop0): rebuilding free space tree [ 96.316748][ T5609] BTRFS info (device loop0): disabling free space tree [ 96.323820][ T5609] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5609] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5609] chdir("./file0") = 0 [pid 5609] ioctl(4, LOOP_CLR_FD) = 0 [pid 5609] close(4) = 0 [pid 5609] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5608] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... openat resumed>) = 4 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... futex resumed>) = 1 [ 96.333553][ T5609] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5609] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5608] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5608] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5608] exit_group(0) = ? [pid 5609] <... write resumed>) = ? [pid 5609] +++ exited with 0 +++ [pid 5608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5608, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557048770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557048770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555557040730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555703f690) = 5626 ./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x55555703f6a0, 24) = 0 [pid 5626] chdir("./33") = 0 [pid 5626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5626] setpgid(0, 0) = 0 [pid 5626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5626] write(3, "1000", 4) = 4 [pid 5626] close(3) = 0 [pid 5626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5626] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] rt_sigaction(SIGRT_1, {sa_handler=0x7f32aa3a0950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f32aa392290}, NULL, 8) = 0 [pid 5626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f32aa30f000 [pid 5626] mprotect(0x7f32aa310000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f32aa32f990, parent_tid=0x7f32aa32f990, exit_signal=0, stack=0x7f32aa30f000, stack_size=0x20300, tls=0x7f32aa32f6c0} => {parent_tid=[5627]}, 88) = 5627 ./strace-static-x86_64: Process 5627 attached [pid 5626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5626] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5627] rseq(0x7f32aa32ffe0, 0x20, 0, 0x53053053) = 0 [pid 5627] set_robust_list(0x7f32aa32f9a0, 24) = 0 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5627] memfd_create("syzkaller", 0) = 3 [pid 5627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32a1f0f000 [pid 5627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5627] munmap(0x7f32a1f0f000, 16777216) = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5627] close(3) = 0 [pid 5627] mkdir("./file0", 0777) = 0 [ 96.983891][ T5627] loop0: detected capacity change from 0 to 32768 [ 96.995970][ T5627] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor248 (5627) [ 97.013269][ T5627] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.022566][ T5627] BTRFS info (device loop0): force clearing of disk cache [ 97.029805][ T5627] BTRFS info (device loop0): setting nodatasum [ 97.036051][ T5627] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 97.045428][ T5627] BTRFS info (device loop0): use lzo compression, level 0 [ 97.052619][ T5627] BTRFS info (device loop0): max_inline at 0 [ 97.059012][ T5627] BTRFS info (device loop0): enabling disk space caching [ 97.066468][ T5627] BTRFS info (device loop0): disk space caching is enabled [ 97.087118][ T5627] BTRFS info (device loop0): enabling ssd optimizations [ 97.094196][ T5627] BTRFS info (device loop0): auto enabling async discard [ 97.102231][ T5627] BTRFS info (device loop0): rebuilding free space tree [ 97.114546][ T5627] BTRFS info (device loop0): disabling free space tree [ 97.121611][ T5627] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5627] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,compress=lzo,max_inline=x,space_cache=v1,") = 0 [pid 5627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5627] chdir("./file0") = 0 [pid 5627] ioctl(4, LOOP_CLR_FD) = 0 [pid 5627] close(4) = 0 [pid 5627] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = 1 [pid 5626] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5626] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... openat resumed>) = 4 [pid 5627] futex(0x7f32aa3ff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5626] futex(0x7f32aa3ff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.131702][ T5627] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5626] futex(0x7f32aa3ff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5626] exit_group(0) = ? [pid 5627] <... write resumed>) = ? [pid 5627] +++ exited with 0 +++ [pid 5626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5626, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557040730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 97.435168][ T5015] assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4360 [ 97.445303][ T5015] ------------[ cut here ]------------ [ 97.450825][ T5015] kernel BUG at fs/btrfs/disk-io.c:4360! [ 97.456894][ T5015] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 97.463581][ T5015] CPU: 0 PID: 5015 Comm: syz-executor248 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0 [ 97.473990][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 97.484044][ T5015] RIP: 0010:close_ctree+0x8ce/0xd00 [ 97.489266][ T5015] Code: f7 e9 62 f9 ff ff e8 11 1f d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 40 32 4a 8b 48 c7 c2 e0 03 4a 8b b9 08 11 00 00 e8 a2 99 ff ff <0f> 0b e8 eb 1e d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 e0 32 4a 8b 48 [ 97.508868][ T5015] RSP: 0018:ffffc9000393fa80 EFLAGS: 00010246 [ 97.514941][ T5015] RAX: 0000000000000051 RBX: ffff8880786ccd48 RCX: a2e8132a497fb200 [ 97.522917][ T5015] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 97.530896][ T5015] RBP: ffffc9000393fc18 R08: ffffffff816f6bcc R09: 1ffff92000727f04 [ 97.539046][ T5015] R10: dffffc0000000000 R11: fffff52000727f05 R12: ffff8880786ccfb0 [ 97.547023][ T5015] R13: ffff8880786cc000 R14: 1ffff1100f0d9a5e R15: 0000000000000000 [ 97.554997][ T5015] FS: 000055555703f3c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 97.563932][ T5015] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 97.570519][ T5015] CR2: 0000555557048738 CR3: 000000002cc24000 CR4: 00000000003506f0 [ 97.578496][ T5015] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 97.586474][ T5015] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 97.594450][ T5015] Call Trace: [ 97.597729][ T5015] [ 97.600675][ T5015] ? __die_body+0x5e/0xa0 [ 97.605022][ T5015] ? die+0x87/0xb0 [ 97.608756][ T5015] ? do_trap+0x11e/0x350 [ 97.613002][ T5015] ? close_ctree+0x8ce/0xd00 [ 97.617604][ T5015] ? close_ctree+0x8ce/0xd00 [ 97.622223][ T5015] ? do_error_trap+0x141/0x1f0 [ 97.627003][ T5015] ? close_ctree+0x8ce/0xd00 [ 97.631616][ T5015] ? do_int3+0x30/0x30 [ 97.635695][ T5015] ? report_bug+0x3e4/0x500 [ 97.640213][ T5015] ? handle_invalid_op+0x2c/0x40 [ 97.645161][ T5015] ? close_ctree+0x8ce/0xd00 [ 97.649764][ T5015] ? exc_invalid_op+0x33/0x50 [ 97.654446][ T5015] ? asm_exc_invalid_op+0x1a/0x20 [ 97.659488][ T5015] ? __wake_up_klogd+0xcc/0x100 [ 97.664363][ T5015] ? close_ctree+0x8ce/0xd00 [ 97.669084][ T5015] ? hook_sb_delete+0xa07/0xb30 [ 97.673949][ T5015] ? init_tree_roots+0x1db0/0x1db0 [ 97.679077][ T5015] ? hook_inode_free_security+0xb0/0xb0 [ 97.684625][ T5015] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 97.690355][ T5015] ? clear_inode+0x150/0x150 [ 97.694954][ T5015] ? fscrypt_destroy_keyring+0x273/0x290 [ 97.700599][ T5015] ? btrfs_fill_super+0x2f0/0x2f0 [ 97.705809][ T5015] generic_shutdown_super+0x134/0x340 [ 97.711193][ T5015] kill_anon_super+0x3b/0x60 [ 97.715789][ T5015] btrfs_kill_super+0x41/0x50 [ 97.720478][ T5015] deactivate_locked_super+0xa4/0x110 [ 97.725867][ T5015] cleanup_mnt+0x426/0x4c0 [ 97.730316][ T5015] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.735538][ T5015] task_work_run+0x24a/0x300 [ 97.740146][ T5015] ? dput+0x3a1/0x420 [ 97.744144][ T5015] ? task_work_cancel+0x2b0/0x2b0 [ 97.749187][ T5015] ? __x64_sys_umount+0x126/0x170 [ 97.754225][ T5015] ptrace_notify+0x2cd/0x380 [ 97.758822][ T5015] ? do_notify_parent+0xf50/0xf50 [ 97.763848][ T5015] ? user_path_at_empty+0x12f/0x180 [ 97.769054][ T5015] ? __x64_sys_umount+0x126/0x170 [ 97.774083][ T5015] ? path_umount+0xf40/0xf40 [ 97.778677][ T5015] ? syscall_enter_from_user_mode+0x32/0x230 [ 97.784670][ T5015] syscall_exit_to_user_mode+0x157/0x280 [ 97.790320][ T5015] do_syscall_64+0x4d/0xc0 [ 97.794741][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 97.800668][ T5015] RIP: 0033:0x7f32aa37baa7 [ 97.805087][ T5015] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 97.824699][ T5015] RSP: 002b:00007fffbf583a38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 97.833116][ T5015] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f32aa37baa7 [ 97.841090][ T5015] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fffbf583af0 [ 97.849072][ T5015] RBP: 00007fffbf583af0 R08: 0000000000000000 R09: 0000000000000000 [ 97.857047][ T5015] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fffbf584bb0 [ 97.865024][ T5015] R13: 0000555557040700 R14: 431bde82d7b634db R15: 00007fffbf584b54 [ 97.873006][ T5015] [ 97.876027][ T5015] Modules linked in: [ 97.880156][ T5015] ---[ end trace 0000000000000000 ]--- [ 97.885779][ T5015] RIP: 0010:close_ctree+0x8ce/0xd00 [ 97.890998][ T5015] Code: f7 e9 62 f9 ff ff e8 11 1f d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 40 32 4a 8b 48 c7 c2 e0 03 4a 8b b9 08 11 00 00 e8 a2 99 ff ff <0f> 0b e8 eb 1e d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 e0 32 4a 8b 48 [ 97.910662][ T5015] RSP: 0018:ffffc9000393fa80 EFLAGS: 00010246 [ 97.916814][ T5015] RAX: 0000000000000051 RBX: ffff8880786ccd48 RCX: a2e8132a497fb200 [ 97.924824][ T5015] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 97.932817][ T5015] RBP: ffffc9000393fc18 R08: ffffffff816f6bcc R09: 1ffff92000727f04 [ 97.940832][ T5015] R10: dffffc0000000000 R11: fffff52000727f05 R12: ffff8880786ccfb0 [ 97.948845][ T5015] R13: ffff8880786cc000 R14: 1ffff1100f0d9a5e R15: 0000000000000000 [ 97.956862][ T5015] FS: 000055555703f3c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 97.965836][ T5015] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 97.972425][ T5015] CR2: 0000000020619000 CR3: 000000002cc24000 CR4: 00000000003506e0 [ 97.980450][ T5015] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 97.988466][ T5015] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 97.996491][ T5015] Kernel panic - not syncing: Fatal exception [ 98.002663][ T5015] Kernel Offset: disabled [ 98.006989][ T5015] Rebooting in 86400 seconds..