./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3146595609 <...> Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts. execve("./syz-executor3146595609", ["./syz-executor3146595609"], 0x7fff28f77b20 /* 10 vars */) = 0 brk(NULL) = 0x555556a41000 brk(0x555556a41d00) = 0x555556a41d00 arch_prctl(ARCH_SET_FS, 0x555556a41380) = 0 set_tid_address(0x555556a41650) = 5028 set_robust_list(0x555556a41660, 24) = 0 rseq(0x555556a41ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3146595609", 4096) = 28 getrandom("\x66\x59\x19\xda\x17\x7e\x55\x46", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556a41d00 brk(0x555556a62d00) = 0x555556a62d00 brk(0x555556a63000) = 0x555556a63000 mprotect(0x7f019436e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.PkBd1p", 0700) = 0 chmod("./syzkaller.PkBd1p", 0777) = 0 chdir("./syzkaller.PkBd1p") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5029 attached , child_tidptr=0x555556a41650) = 5029 [pid 5029] set_robust_list(0x555556a41660, 24) = 0 [pid 5029] chdir("./0") = 0 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] setpgid(0, 0) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5029] write(3, "1000", 4) = 4 [pid 5029] close(3) = 0 [pid 5029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5029] memfd_create("syzkaller", 0) = 3 [pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 syzkaller login: [ 50.212744][ T5029] syz-executor314[5029]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5029] munmap(0x7f018beb6000, 16777216) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5029] close(3) = 0 [pid 5029] mkdir("./bus", 0777) = 0 [ 50.338813][ T5029] loop0: detected capacity change from 0 to 32768 [ 50.348245][ T5029] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5029) [ 50.364773][ T5029] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 50.373568][ T5029] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 50.384766][ T5029] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 50.395593][ T5029] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 50.406460][ T5029] BTRFS info (device loop0): trying to use backup root at mount time [ 50.414753][ T5029] BTRFS info (device loop0): use zlib compression, level 3 [ 50.421978][ T5029] BTRFS info (device loop0): enabling ssd optimizations [ 50.429202][ T5029] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5029] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5029] chdir("./bus") = 0 [pid 5029] ioctl(4, LOOP_CLR_FD) = 0 [pid 5029] close(4) = 0 [pid 5029] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5029] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5029] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5029] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5029] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5029] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5029] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5029] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5029] open("./bus", O_RDONLY) = 6 [pid 5029] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5029] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5029] creat("./bus", 000) = 7 [pid 5029] exit_group(0) = ? [ 50.437028][ T5029] BTRFS info (device loop0): using free space tree [ 50.453571][ T5029] BTRFS info (device loop0): auto enabling async discard [pid 5029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 50.478670][ T28] audit: type=1804 audit(1693868448.680:2): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/0/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 50.502313][ T28] audit: type=1804 audit(1693868448.680:3): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/0/bus/bus" dev="loop0" ino=263 res=1 errno=0 newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a41650) = 5048 ./strace-static-x86_64: Process 5048 attached [pid 5048] set_robust_list(0x555556a41660, 24) = 0 [pid 5048] chdir("./1") = 0 [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5048] setpgid(0, 0) = 0 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5048] write(3, "1000", 4) = 4 [pid 5048] close(3) = 0 [pid 5048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5048] memfd_create("syzkaller", 0) = 3 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 50.596228][ T5048] syz-executor314[5048]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5048] munmap(0x7f018beb6000, 16777216) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./bus", 0777) = 0 [ 50.793665][ T5048] loop0: detected capacity change from 0 to 32768 [ 50.802936][ T5048] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5048) [ 50.819503][ T5048] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 50.828312][ T5048] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 50.839293][ T5048] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 50.850129][ T5048] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 50.860861][ T5048] BTRFS info (device loop0): trying to use backup root at mount time [ 50.869161][ T5048] BTRFS info (device loop0): use zlib compression, level 3 [ 50.876398][ T5048] BTRFS info (device loop0): enabling ssd optimizations [ 50.883407][ T5048] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5048] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./bus") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5048] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5048] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5048] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5048] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5048] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5048] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5048] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5048] open("./bus", O_RDONLY) = 6 [ 50.891054][ T5048] BTRFS info (device loop0): using free space tree [ 50.908472][ T5048] BTRFS info (device loop0): auto enabling async discard [pid 5048] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5048] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5048] creat("./bus", 000) = 7 [pid 5048] exit_group(0) = ? [pid 5048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=20 /* 0.20 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 50.932173][ T28] audit: type=1804 audit(1693868449.130:4): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/1/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 50.956154][ T28] audit: type=1804 audit(1693868449.160:5): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/1/bus/bus" dev="loop0" ino=263 res=1 errno=0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached , child_tidptr=0x555556a41650) = 5065 [pid 5065] set_robust_list(0x555556a41660, 24) = 0 [pid 5065] chdir("./2") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 51.041761][ T5065] syz-executor314[5065]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5065] munmap(0x7f018beb6000, 16777216) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./bus", 0777) = 0 [ 51.234711][ T5065] loop0: detected capacity change from 0 to 32768 [ 51.244827][ T5065] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5065) [ 51.261354][ T5065] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 51.270429][ T5065] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 51.281490][ T5065] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 51.292622][ T5065] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 51.303368][ T5065] BTRFS info (device loop0): trying to use backup root at mount time [ 51.311426][ T5065] BTRFS info (device loop0): use zlib compression, level 3 [ 51.319439][ T5065] BTRFS info (device loop0): enabling ssd optimizations [ 51.326513][ T5065] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5065] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./bus") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5065] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5065] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5065] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5065] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5065] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5065] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5065] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5065] open("./bus", O_RDONLY) = 6 [ 51.334215][ T5065] BTRFS info (device loop0): using free space tree [ 51.351652][ T5065] BTRFS info (device loop0): auto enabling async discard [pid 5065] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5065] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5065] creat("./bus", 000) = 7 [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 51.379848][ T28] audit: type=1804 audit(1693868449.580:6): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/2/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 51.403820][ T28] audit: type=1804 audit(1693868449.610:7): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/2/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a41650) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x555556a41660, 24) = 0 [pid 5082] chdir("./3") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 51.551379][ T5082] syz-executor314[5082]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5082] munmap(0x7f018beb6000, 16777216) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./bus", 0777) = 0 [ 51.682814][ T5082] loop0: detected capacity change from 0 to 32768 [ 51.691730][ T5082] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5082) [ 51.707162][ T5082] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 51.716140][ T5082] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 51.727168][ T5082] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 51.738238][ T5082] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 51.748994][ T5082] BTRFS info (device loop0): trying to use backup root at mount time [ 51.757320][ T5082] BTRFS info (device loop0): use zlib compression, level 3 [ 51.764557][ T5082] BTRFS info (device loop0): enabling ssd optimizations [ 51.771485][ T5082] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5082] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./bus") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5082] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5082] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5082] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5082] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5082] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5082] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5082] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5082] open("./bus", O_RDONLY) = 6 [pid 5082] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5082] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5082] creat("./bus", 000) = 7 [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 51.779202][ T5082] BTRFS info (device loop0): using free space tree [ 51.794776][ T5082] BTRFS info (device loop0): auto enabling async discard [ 51.811399][ T28] audit: type=1804 audit(1693868450.010:8): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/3/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x555556a41650) = 5099 [pid 5099] set_robust_list(0x555556a41660, 24) = 0 [ 51.833752][ T28] audit: type=1804 audit(1693868450.010:9): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/3/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5099] chdir("./4") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 51.898221][ T5099] syz-executor314[5099]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5099] munmap(0x7f018beb6000, 16777216) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./bus", 0777) = 0 [ 52.109196][ T5099] loop0: detected capacity change from 0 to 32768 [ 52.117886][ T5099] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5099) [ 52.132618][ T5099] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.141645][ T5099] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 52.152668][ T5099] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 52.163801][ T5099] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 52.174770][ T5099] BTRFS info (device loop0): trying to use backup root at mount time [ 52.182856][ T5099] BTRFS info (device loop0): use zlib compression, level 3 [ 52.190235][ T5099] BTRFS info (device loop0): enabling ssd optimizations [ 52.197395][ T5099] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5099] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./bus") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5099] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5099] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5099] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5099] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5099] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5099] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5099] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5099] open("./bus", O_RDONLY) = 6 [pid 5099] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5099] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5099] creat("./bus", 000) = 7 [pid 5099] exit_group(0) = ? [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 52.205097][ T5099] BTRFS info (device loop0): using free space tree [ 52.221756][ T5099] BTRFS info (device loop0): auto enabling async discard umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached , child_tidptr=0x555556a41650) = 5116 [pid 5116] set_robust_list(0x555556a41660, 24) = 0 [pid 5116] chdir("./5") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [ 52.245781][ T28] audit: type=1804 audit(1693868450.450:10): pid=5099 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/4/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 52.268424][ T28] audit: type=1804 audit(1693868450.450:11): pid=5099 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/4/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 52.342639][ T5116] syz-executor314[5116]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5116] munmap(0x7f018beb6000, 16777216) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./bus", 0777) = 0 [ 52.551060][ T5116] loop0: detected capacity change from 0 to 32768 [ 52.560309][ T5116] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5116) [ 52.575017][ T5116] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.583802][ T5116] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 52.594748][ T5116] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 52.610110][ T5116] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 52.621055][ T5116] BTRFS info (device loop0): trying to use backup root at mount time [ 52.629388][ T5116] BTRFS info (device loop0): use zlib compression, level 3 [ 52.636730][ T5116] BTRFS info (device loop0): enabling ssd optimizations [pid 5116] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5116] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./bus") = 0 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5116] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5116] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5116] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5116] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5116] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5116] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5116] open("./bus", O_RDONLY) = 6 [pid 5116] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5116] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5116] creat("./bus", 000) = 7 [pid 5116] exit_group(0) = ? [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=21 /* 0.21 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 52.644114][ T5116] BTRFS info (device loop0): using spread ssd allocation scheme [ 52.653574][ T5116] BTRFS info (device loop0): using free space tree [ 52.670557][ T5116] BTRFS info (device loop0): auto enabling async discard umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x555556a41650) = 5133 [pid 5133] set_robust_list(0x555556a41660, 24) = 0 [pid 5133] chdir("./6") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 52.799762][ T5133] syz-executor314[5133]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5133] munmap(0x7f018beb6000, 16777216) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./bus", 0777) = 0 [ 52.998758][ T5133] loop0: detected capacity change from 0 to 32768 [ 53.007604][ T5133] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5133) [ 53.023492][ T5133] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.032311][ T5133] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 53.043505][ T5133] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 53.054368][ T5133] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.065057][ T5133] BTRFS info (device loop0): trying to use backup root at mount time [ 53.073152][ T5133] BTRFS info (device loop0): use zlib compression, level 3 [ 53.080370][ T5133] BTRFS info (device loop0): enabling ssd optimizations [ 53.087332][ T5133] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5133] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5133] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./bus") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5133] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5133] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5133] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5133] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5133] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5133] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5133] open("./bus", O_RDONLY) = 6 [pid 5133] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5133] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5133] creat("./bus", 000) = 7 [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 53.095103][ T5133] BTRFS info (device loop0): using free space tree [ 53.111399][ T5133] BTRFS info (device loop0): auto enabling async discard umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5150 attached , child_tidptr=0x555556a41650) = 5150 [pid 5150] set_robust_list(0x555556a41660, 24) = 0 [pid 5150] chdir("./7") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 53.204645][ T5150] syz-executor314[5150]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5150] munmap(0x7f018beb6000, 16777216) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./bus", 0777) = 0 [ 53.402075][ T5150] loop0: detected capacity change from 0 to 32768 [ 53.411662][ T5150] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5150) [ 53.427830][ T5150] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.436791][ T5150] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 53.447773][ T5150] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 53.458568][ T5150] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.469468][ T5150] BTRFS info (device loop0): trying to use backup root at mount time [ 53.477791][ T5150] BTRFS info (device loop0): use zlib compression, level 3 [ 53.485200][ T5150] BTRFS info (device loop0): enabling ssd optimizations [ 53.492330][ T5150] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5150] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./bus") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5150] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5150] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5150] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5150] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5150] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5150] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5150] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5150] open("./bus", O_RDONLY) = 6 [pid 5150] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5150] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5150] creat("./bus", 000) = 7 [pid 5150] exit_group(0) = ? [pid 5150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 53.500045][ T5150] BTRFS info (device loop0): using free space tree [ 53.516185][ T5150] BTRFS info (device loop0): auto enabling async discard umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a41650) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x555556a41660, 24) = 0 [pid 5167] chdir("./8") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 53.592041][ T5167] syz-executor314[5167]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5167] munmap(0x7f018beb6000, 16777216) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./bus", 0777) = 0 [ 53.809804][ T5167] loop0: detected capacity change from 0 to 32768 [ 53.819466][ T5167] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5167) [ 53.835342][ T5167] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.844143][ T5167] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 53.855086][ T5167] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 53.865948][ T5167] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.876577][ T5167] BTRFS info (device loop0): trying to use backup root at mount time [ 53.884808][ T5167] BTRFS info (device loop0): use zlib compression, level 3 [ 53.895644][ T5167] BTRFS info (device loop0): enabling ssd optimizations [pid 5167] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5167] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./bus") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5167] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5167] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5167] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5167] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5167] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5167] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5167] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5167] open("./bus", O_RDONLY) = 6 [pid 5167] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5167] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5167] creat("./bus", 000) = 7 [pid 5167] exit_group(0) = ? [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 53.902679][ T5167] BTRFS info (device loop0): using spread ssd allocation scheme [ 53.910769][ T5167] BTRFS info (device loop0): using free space tree [ 53.926896][ T5167] BTRFS info (device loop0): auto enabling async discard umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x555556a41650) = 5184 [pid 5184] set_robust_list(0x555556a41660, 24) = 0 [pid 5184] chdir("./9") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 54.001348][ T5184] syz-executor314[5184]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5184] munmap(0x7f018beb6000, 16777216) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./bus", 0777) = 0 [ 54.208844][ T5184] loop0: detected capacity change from 0 to 32768 [ 54.217694][ T5184] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5184) [ 54.234311][ T5184] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.243165][ T5184] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 54.254119][ T5184] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 54.265102][ T5184] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 54.275853][ T5184] BTRFS info (device loop0): trying to use backup root at mount time [ 54.283957][ T5184] BTRFS info (device loop0): use zlib compression, level 3 [ 54.291239][ T5184] BTRFS info (device loop0): enabling ssd optimizations [ 54.298248][ T5184] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5184] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./bus") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5184] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5184] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5184] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5184] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5184] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5184] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5184] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5184] open("./bus", O_RDONLY) = 6 [pid 5184] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5184] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5184] creat("./bus", 000) = 7 [pid 5184] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 54.306065][ T5184] BTRFS info (device loop0): using free space tree [ 54.321467][ T5184] BTRFS info (device loop0): auto enabling async discard umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x555556a41650) = 5201 [pid 5201] set_robust_list(0x555556a41660, 24) = 0 [pid 5201] chdir("./10") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5201] munmap(0x7f018beb6000, 16777216) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./bus", 0777) = 0 [ 54.599431][ T5201] loop0: detected capacity change from 0 to 32768 [ 54.609024][ T5201] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5201) [ 54.625200][ T5201] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.634087][ T5201] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 54.645071][ T5201] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 54.656007][ T5201] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 54.666643][ T5201] BTRFS info (device loop0): trying to use backup root at mount time [ 54.674825][ T5201] BTRFS info (device loop0): use zlib compression, level 3 [ 54.682123][ T5201] BTRFS info (device loop0): enabling ssd optimizations [ 54.689194][ T5201] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5201] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5201] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./bus") = 0 [pid 5201] ioctl(4, LOOP_CLR_FD) = 0 [pid 5201] close(4) = 0 [pid 5201] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5201] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5201] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5201] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5201] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5201] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5201] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5201] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5201] open("./bus", O_RDONLY) = 6 [pid 5201] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5201] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5201] creat("./bus", 000) = 7 [pid 5201] exit_group(0) = ? [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=18 /* 0.18 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 54.696886][ T5201] BTRFS info (device loop0): using free space tree [ 54.712790][ T5201] BTRFS info (device loop0): auto enabling async discard umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached , child_tidptr=0x555556a41650) = 5218 [pid 5218] set_robust_list(0x555556a41660, 24) = 0 [pid 5218] chdir("./11") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5218] munmap(0x7f018beb6000, 16777216) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./bus", 0777) = 0 [ 54.997449][ T5218] loop0: detected capacity change from 0 to 32768 [ 55.006516][ T5218] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5218) [ 55.021610][ T5218] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.030660][ T5218] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.041504][ T5218] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.052669][ T5218] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.063297][ T5218] BTRFS info (device loop0): trying to use backup root at mount time [ 55.071369][ T5218] BTRFS info (device loop0): use zlib compression, level 3 [ 55.078608][ T5218] BTRFS info (device loop0): enabling ssd optimizations [ 55.085806][ T5218] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5218] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./bus") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5218] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5218] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5218] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5218] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5218] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5218] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5218] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5218] open("./bus", O_RDONLY) = 6 [pid 5218] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5218] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5218] creat("./bus", 000) = 7 [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 55.093504][ T5218] BTRFS info (device loop0): using free space tree [ 55.109603][ T5218] BTRFS info (device loop0): auto enabling async discard umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x555556a41650) = 5235 [pid 5235] set_robust_list(0x555556a41660, 24) = 0 [pid 5235] chdir("./12") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] memfd_create("syzkaller", 0) = 3 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 55.264848][ T5235] __do_sys_memfd_create: 2 callbacks suppressed [ 55.264864][ T5235] syz-executor314[5235]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5235] munmap(0x7f018beb6000, 16777216) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5235] close(3) = 0 [pid 5235] mkdir("./bus", 0777) = 0 [ 55.426949][ T5235] loop0: detected capacity change from 0 to 32768 [ 55.435421][ T5235] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5235) [ 55.450606][ T5235] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.459514][ T5235] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.470574][ T5235] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.481381][ T5235] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.492029][ T5235] BTRFS info (device loop0): trying to use backup root at mount time [ 55.500134][ T5235] BTRFS info (device loop0): use zlib compression, level 3 [ 55.507374][ T5235] BTRFS info (device loop0): enabling ssd optimizations [ 55.514336][ T5235] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5235] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5235] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5235] chdir("./bus") = 0 [pid 5235] ioctl(4, LOOP_CLR_FD) = 0 [pid 5235] close(4) = 0 [pid 5235] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5235] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5235] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5235] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5235] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5235] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5235] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5235] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5235] open("./bus", O_RDONLY) = 6 [pid 5235] creat(NULL, 000) = -1 EFAULT (Bad address) [ 55.521972][ T5235] BTRFS info (device loop0): using free space tree [ 55.538164][ T5235] BTRFS info (device loop0): auto enabling async discard [pid 5235] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5235] creat("./bus", 000) = 7 [pid 5235] exit_group(0) = ? [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 55.577279][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 55.577294][ T28] audit: type=1804 audit(1693868453.780:26): pid=5235 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/12/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 55.606973][ T28] audit: type=1804 audit(1693868453.780:27): pid=5235 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/12/bus/bus" dev="loop0" ino=263 res=1 errno=0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x555556a41650) = 5252 [pid 5252] set_robust_list(0x555556a41660, 24) = 0 [pid 5252] chdir("./13") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000 [ 55.692055][ T5252] syz-executor314[5252]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5252] munmap(0x7f018beb6000, 16777216) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./bus", 0777) = 0 [ 55.867986][ T5252] loop0: detected capacity change from 0 to 32768 [ 55.877647][ T5252] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5252) [ 55.893893][ T5252] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.902588][ T5252] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.913753][ T5252] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.924810][ T5252] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.935813][ T5252] BTRFS info (device loop0): trying to use backup root at mount time [ 55.944083][ T5252] BTRFS info (device loop0): use zlib compression, level 3 [ 55.951286][ T5252] BTRFS info (device loop0): enabling ssd optimizations [ 55.958570][ T5252] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5252] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./bus") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5252] pwritev2(4, NULL, 0, 0, 0) = 0 [pid 5252] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5252] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572 [pid 5252] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device) [pid 5252] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address) [pid 5252] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5252] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 5252] open("./bus", O_RDONLY) = 6 [ 55.966387][ T5252] BTRFS info (device loop0): using free space tree [ 55.982054][ T5252] BTRFS info (device loop0): auto enabling async discard [pid 5252] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5252] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor) [pid 5252] creat("./bus", 000) = 7 [pid 5252] exit_group(0) = ? [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=20 /* 0.20 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104 [ 56.009195][ T28] audit: type=1804 audit(1693868454.210:28): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/13/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 56.033304][ T28] audit: type=1804 audit(1693868454.230:29): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/13/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 56.092436][ T5028] VFS: Busy inodes after unmount of loop0 (btrfs) [ 56.092621][ T5028] ------------[ cut here ]------------ [ 56.105166][ T5028] kernel BUG at fs/super.c:697! [ 56.110651][ T5028] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 56.116745][ T5028] CPU: 1 PID: 5028 Comm: syz-executor314 Not tainted 6.5.0-syzkaller-11329-g708283abf896 #0 [ 56.126896][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 56.137138][ T5028] RIP: 0010:generic_shutdown_super+0x2bc/0x2c0 [ 56.143391][ T5028] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 16 b7 ef ff 48 8b 13 48 c7 c7 20 77 17 8b 4c 89 e6 e8 34 d3 cd 08 <0f> 0b 66 90 66 0f 1f 00 41 57 41 56 53 49 89 fe 49 bf 00 00 00 00 [ 56.163182][ T5028] RSP: 0018:ffffc90003df7c28 EFLAGS: 00010246 [ 56.169268][ T5028] RAX: 000000000000002f RBX: ffffffff8d847640 RCX: 8fbdece34c75d100 [ 56.177337][ T5028] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 56.185588][ T5028] RBP: 1ffff1100ed760f1 R08: ffffffff8170a5ec R09: 1ffff920007bef38 [ 56.193564][ T5028] R10: dffffc0000000000 R11: fffff520007bef39 R12: ffff888076bb0658 [ 56.201629][ T5028] R13: dffffc0000000000 R14: ffffffff8b4a57d8 R15: ffff888076bb0788 [ 56.209689][ T5028] FS: 0000555556a41380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 56.218627][ T5028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.225224][ T5028] CR2: 0000555556a4a6f8 CR3: 0000000020e02000 CR4: 00000000003506e0 [ 56.233189][ T5028] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.241149][ T5028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.249198][ T5028] Call Trace: [ 56.252466][ T5028] [ 56.255394][ T5028] ? __die_body+0x8b/0xe0 [ 56.259721][ T5028] ? die+0xa1/0xd0 [ 56.263437][ T5028] ? do_trap+0x153/0x380 [ 56.267670][ T5028] ? generic_shutdown_super+0x2bc/0x2c0 [ 56.273290][ T5028] ? do_error_trap+0x1dc/0x2c0 [ 56.278045][ T5028] ? generic_shutdown_super+0x2bc/0x2c0 [ 56.283585][ T5028] ? do_int3+0x50/0x50 [ 56.287729][ T5028] ? report_bug+0x3e4/0x500 [ 56.292230][ T5028] ? handle_invalid_op+0x34/0x40 [ 56.297934][ T5028] ? generic_shutdown_super+0x2bc/0x2c0 [ 56.303570][ T5028] ? exc_invalid_op+0x33/0x50 [ 56.308238][ T5028] ? asm_exc_invalid_op+0x1a/0x20 [ 56.313284][ T5028] ? __wake_up_klogd+0xcc/0x100 [ 56.318146][ T5028] ? generic_shutdown_super+0x2bc/0x2c0 [ 56.323696][ T5028] ? generic_shutdown_super+0x2bc/0x2c0 [ 56.329350][ T5028] kill_anon_super+0x3b/0x70 [ 56.333944][ T5028] btrfs_kill_super+0x41/0x50 [ 56.338700][ T5028] deactivate_locked_super+0xa4/0x110 [ 56.344072][ T5028] cleanup_mnt+0x426/0x4c0 [ 56.348488][ T5028] task_work_run+0x24a/0x300 [ 56.353072][ T5028] ? dput+0x3a1/0x420 [ 56.357054][ T5028] ? task_work_cancel+0x2b0/0x2b0 [ 56.362251][ T5028] ? __x64_sys_umount+0x126/0x170 [ 56.367275][ T5028] ptrace_notify+0x2cd/0x380 [ 56.371858][ T5028] ? do_notify_parent+0xf50/0xf50 [ 56.376958][ T5028] ? user_path_at_empty+0x12f/0x180 [ 56.382331][ T5028] ? __x64_sys_umount+0x126/0x170 [ 56.387475][ T5028] ? path_umount+0xf40/0xf40 [ 56.392103][ T5028] ? rcu_is_watching+0x15/0xb0 [ 56.396870][ T5028] syscall_exit_to_user_mode+0x15c/0x280 [ 56.402505][ T5028] do_syscall_64+0x4d/0xc0 [ 56.406916][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.413152][ T5028] RIP: 0033:0x7f01942f6607 [ 56.417560][ T5028] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 56.437158][ T5028] RSP: 002b:00007ffdb004de98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 56.445651][ T5028] RAX: 0000000000000000 RBX: 000000000000d95c RCX: 00007f01942f6607 [ 56.453614][ T5028] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffdb004df50 [ 56.461576][ T5028] RBP: 00007ffdb004df50 R08: 0000000000000000 R09: 0000000000000000 [ 56.469555][ T5028] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffdb004efc0 [ 56.477535][ T5028] R13: 0000555556a426c0 R14: 431bde82d7b634db R15: 00007ffdb004efe0 [ 56.485597][ T5028] [ 56.488618][ T5028] Modules linked in: [ 56.497711][ T5028] ---[ end trace 0000000000000000 ]--- [ 56.506814][ T5028] RIP: 0010:generic_shutdown_super+0x2bc/0x2c0 [ 56.513016][ T5028] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 16 b7 ef ff 48 8b 13 48 c7 c7 20 77 17 8b 4c 89 e6 e8 34 d3 cd 08 <0f> 0b 66 90 66 0f 1f 00 41 57 41 56 53 49 89 fe 49 bf 00 00 00 00 [ 56.533127][ T5028] RSP: 0018:ffffc90003df7c28 EFLAGS: 00010246 [ 56.539230][ T5028] RAX: 000000000000002f RBX: ffffffff8d847640 RCX: 8fbdece34c75d100 [ 56.547931][ T5028] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 56.556122][ T5028] RBP: 1ffff1100ed760f1 R08: ffffffff8170a5ec R09: 1ffff920007bef38 [ 56.564302][ T5028] R10: dffffc0000000000 R11: fffff520007bef39 R12: ffff888076bb0658 [ 56.572287][ T5028] R13: dffffc0000000000 R14: ffffffff8b4a57d8 R15: ffff888076bb0788 [ 56.580713][ T5028] FS: 0000555556a41380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 56.590027][ T5028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.596975][ T5028] CR2: 0000555556a4a6f8 CR3: 0000000020e02000 CR4: 00000000003506e0 [ 56.605275][ T5028] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.613287][ T5028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.621302][ T5028] Kernel panic - not syncing: Fatal exception [ 56.627689][ T5028] Kernel Offset: disabled [ 56.632260][ T5028] Rebooting in 86400 seconds..