./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor235377707 <...> Warning: Permanently added '10.128.0.17' (ED25519) to the list of known hosts. execve("./syz-executor235377707", ["./syz-executor235377707"], 0x7ffd545d1b60 /* 10 vars */) = 0 brk(NULL) = 0x555555b5f000 brk(0x555555b5fd00) = 0x555555b5fd00 arch_prctl(ARCH_SET_FS, 0x555555b5f380) = 0 set_tid_address(0x555555b5f650) = 5014 set_robust_list(0x555555b5f660, 24) = 0 rseq(0x555555b5fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor235377707", 4096) = 27 getrandom("\xd4\xf4\x3f\x63\xb5\x3b\x8f\x80", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555b5fd00 brk(0x555555b80d00) = 0x555555b80d00 brk(0x555555b81000) = 0x555555b81000 mprotect(0x7fba408f2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getrandom("\x08\xa5\xa6\x3b\x30\x94\xdc\x47", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.kJrwb9", 0700) = 0 chmod("./syzkaller.kJrwb9", 0777) = 0 chdir("./syzkaller.kJrwb9") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5015 ./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x555555b5f660, 24) = 0 [pid 5015] chdir("./0") = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [ 56.546419][ T5015] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5015 'syz-executor235' [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5015] munmap(0x7fba3843a000, 16777216) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./bus", 0777) = 0 [ 56.741108][ T5015] loop0: detected capacity change from 0 to 32768 [ 56.753948][ T5015] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5015) [ 56.773930][ T5015] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 56.782745][ T5015] BTRFS info (device loop0): enabling auto defrag [ 56.789196][ T5015] BTRFS info (device loop0): enabling disk space caching [ 56.796323][ T5015] BTRFS info (device loop0): disabling tree log [ 56.802637][ T5015] BTRFS info (device loop0): force clearing of disk cache [ 56.809811][ T5015] BTRFS info (device loop0): force zlib compression, level 3 [ 56.817322][ T5015] BTRFS info (device loop0): disabling disk space caching [ 56.839752][ T5015] BTRFS info (device loop0): enabling ssd optimizations [ 56.846740][ T5015] BTRFS info (device loop0): auto enabling async discard [ 56.855817][ T5015] BTRFS info (device loop0): rebuilding free space tree [ 56.876347][ T5015] BTRFS info (device loop0): disabling free space tree [pid 5015] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5015] chdir("./bus") = 0 [pid 5015] ioctl(4, LOOP_CLR_FD) = 0 [pid 5015] close(4) = 0 [pid 5015] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5015] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5015] exit_group(0) = ? [pid 5015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 56.884014][ T5015] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 56.894100][ T5015] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x555555b5f660, 24) = 0 [pid 5042] chdir("./1") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5042] munmap(0x7fba3843a000, 16777216) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./bus", 0777) = 0 [ 57.323464][ T5042] loop0: detected capacity change from 0 to 32768 [ 57.334123][ T5042] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5042) [ 57.349054][ T5042] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 57.357889][ T5042] BTRFS info (device loop0): enabling auto defrag [ 57.364363][ T5042] BTRFS info (device loop0): enabling disk space caching [ 57.371532][ T5042] BTRFS info (device loop0): disabling tree log [ 57.377815][ T5042] BTRFS info (device loop0): force clearing of disk cache [ 57.384998][ T5042] BTRFS info (device loop0): force zlib compression, level 3 [ 57.392551][ T5042] BTRFS info (device loop0): disabling disk space caching [ 57.412895][ T5042] BTRFS info (device loop0): enabling ssd optimizations [pid 5042] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./bus") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5042] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5042] exit_group(0) = ? [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 57.420072][ T5042] BTRFS info (device loop0): auto enabling async discard [ 57.428024][ T5042] BTRFS info (device loop0): rebuilding free space tree [ 57.439994][ T5042] BTRFS info (device loop0): disabling free space tree [ 57.447632][ T5042] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.457733][ T5042] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x555555b5f660, 24) = 0 [pid 5062] chdir("./2") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5062] munmap(0x7fba3843a000, 16777216) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./bus", 0777) = 0 [ 57.851969][ T5062] loop0: detected capacity change from 0 to 32768 [ 57.862673][ T5062] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5062) [ 57.879102][ T5062] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 57.888044][ T5062] BTRFS info (device loop0): enabling auto defrag [ 57.894822][ T5062] BTRFS info (device loop0): enabling disk space caching [ 57.903444][ T5062] BTRFS info (device loop0): disabling tree log [ 57.909839][ T5062] BTRFS info (device loop0): force clearing of disk cache [ 57.917086][ T5062] BTRFS info (device loop0): force zlib compression, level 3 [ 57.924574][ T5062] BTRFS info (device loop0): disabling disk space caching [ 57.943375][ T5062] BTRFS info (device loop0): enabling ssd optimizations [pid 5062] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./bus") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [pid 5062] close(4) = 0 [pid 5062] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5062] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5062] exit_group(0) = ? [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 57.950527][ T5062] BTRFS info (device loop0): auto enabling async discard [ 57.958394][ T5062] BTRFS info (device loop0): rebuilding free space tree [ 57.970064][ T5062] BTRFS info (device loop0): disabling free space tree [ 57.977440][ T5062] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.987716][ T5062] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x555555b5f660, 24) = 0 [pid 5079] chdir("./3") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7fba3843a000, 16777216) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./bus", 0777) = 0 [ 58.363872][ T5079] loop0: detected capacity change from 0 to 32768 [ 58.373710][ T5079] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5079) [ 58.389151][ T5079] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 58.397940][ T5079] BTRFS info (device loop0): enabling auto defrag [ 58.404696][ T5079] BTRFS info (device loop0): enabling disk space caching [ 58.412120][ T5079] BTRFS info (device loop0): disabling tree log [ 58.418480][ T5079] BTRFS info (device loop0): force clearing of disk cache [ 58.426251][ T5079] BTRFS info (device loop0): force zlib compression, level 3 [ 58.434269][ T5079] BTRFS info (device loop0): disabling disk space caching [ 58.453258][ T5079] BTRFS info (device loop0): enabling ssd optimizations [pid 5079] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./bus") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5079] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 58.460546][ T5079] BTRFS info (device loop0): auto enabling async discard [ 58.469125][ T5079] BTRFS info (device loop0): rebuilding free space tree [ 58.481013][ T5079] BTRFS info (device loop0): disabling free space tree [ 58.488271][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.498456][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x555555b5f660, 24) = 0 [pid 5096] chdir("./4") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5096] munmap(0x7fba3843a000, 16777216) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./bus", 0777) = 0 [ 58.881343][ T5096] loop0: detected capacity change from 0 to 32768 [ 58.892870][ T5096] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5096) [ 58.910137][ T5096] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 58.919070][ T5096] BTRFS info (device loop0): enabling auto defrag [ 58.925910][ T5096] BTRFS info (device loop0): enabling disk space caching [ 58.933472][ T5096] BTRFS info (device loop0): disabling tree log [ 58.940311][ T5096] BTRFS info (device loop0): force clearing of disk cache [ 58.947453][ T5096] BTRFS info (device loop0): force zlib compression, level 3 [ 58.955132][ T5096] BTRFS info (device loop0): disabling disk space caching [ 58.974547][ T5096] BTRFS info (device loop0): enabling ssd optimizations [pid 5096] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./bus") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5096] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 58.981717][ T5096] BTRFS info (device loop0): auto enabling async discard [ 58.989746][ T5096] BTRFS info (device loop0): rebuilding free space tree [ 59.001265][ T5096] BTRFS info (device loop0): disabling free space tree [ 59.008517][ T5096] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 59.018817][ T5096] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5115 ./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x555555b5f660, 24) = 0 [pid 5115] chdir("./5") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5115] munmap(0x7fba3843a000, 16777216) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./bus", 0777) = 0 [ 59.394140][ T5115] loop0: detected capacity change from 0 to 32768 [ 59.404990][ T5115] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5115) [ 59.420293][ T5115] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 59.429364][ T5115] BTRFS info (device loop0): enabling auto defrag [ 59.436360][ T5115] BTRFS info (device loop0): enabling disk space caching [ 59.444157][ T5115] BTRFS info (device loop0): disabling tree log [ 59.450784][ T5115] BTRFS info (device loop0): force clearing of disk cache [ 59.457955][ T5115] BTRFS info (device loop0): force zlib compression, level 3 [ 59.465766][ T5115] BTRFS info (device loop0): disabling disk space caching [ 59.484621][ T5115] BTRFS info (device loop0): enabling ssd optimizations [pid 5115] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./bus") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5115] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5115] exit_group(0) = ? [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 59.492219][ T5115] BTRFS info (device loop0): auto enabling async discard [ 59.500900][ T5115] BTRFS info (device loop0): rebuilding free space tree [ 59.511916][ T5115] BTRFS info (device loop0): disabling free space tree [ 59.518961][ T5115] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 59.529235][ T5115] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x555555b5f660, 24) = 0 [pid 5132] chdir("./6") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5132] munmap(0x7fba3843a000, 16777216) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./bus", 0777) = 0 [ 60.013942][ T5132] loop0: detected capacity change from 0 to 32768 [ 60.026403][ T5132] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5132) [ 60.042660][ T5132] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 60.051422][ T5132] BTRFS info (device loop0): enabling auto defrag [ 60.057863][ T5132] BTRFS info (device loop0): enabling disk space caching [ 60.065135][ T5132] BTRFS info (device loop0): disabling tree log [ 60.071746][ T5132] BTRFS info (device loop0): force clearing of disk cache [ 60.079316][ T5132] BTRFS info (device loop0): force zlib compression, level 3 [ 60.086830][ T5132] BTRFS info (device loop0): disabling disk space caching [ 60.105887][ T5132] BTRFS info (device loop0): enabling ssd optimizations [ 60.113311][ T5132] BTRFS info (device loop0): auto enabling async discard [ 60.122275][ T5132] BTRFS info (device loop0): rebuilding free space tree [ 60.137351][ T5132] BTRFS info (device loop0): disabling free space tree [ 60.144572][ T5132] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5132] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5132] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./bus") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5132] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5132] exit_group(0) = ? [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 60.154745][ T5132] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555555b5f660, 24) = 0 [pid 5149] chdir("./7") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5149] munmap(0x7fba3843a000, 16777216) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./bus", 0777) = 0 [ 60.537304][ T5149] loop0: detected capacity change from 0 to 32768 [ 60.547195][ T5149] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5149) [ 60.562959][ T5149] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 60.572136][ T5149] BTRFS info (device loop0): enabling auto defrag [ 60.578838][ T5149] BTRFS info (device loop0): enabling disk space caching [ 60.586534][ T5149] BTRFS info (device loop0): disabling tree log [ 60.593505][ T5149] BTRFS info (device loop0): force clearing of disk cache [ 60.601157][ T5149] BTRFS info (device loop0): force zlib compression, level 3 [ 60.608688][ T5149] BTRFS info (device loop0): disabling disk space caching [ 60.628747][ T5149] BTRFS info (device loop0): enabling ssd optimizations [pid 5149] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5149] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./bus") = 0 [pid 5149] ioctl(4, LOOP_CLR_FD) = 0 [pid 5149] close(4) = 0 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5149] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5149] exit_group(0) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 60.637256][ T5149] BTRFS info (device loop0): auto enabling async discard umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x555555b5f660, 24) = 0 [pid 5166] chdir("./8") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5166] munmap(0x7fba3843a000, 16777216) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./bus", 0777) = 0 [pid 5166] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5166] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./bus") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [ 61.028285][ T5166] loop0: detected capacity change from 0 to 32768 [ 61.038619][ T5166] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5166) [pid 5166] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5166] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5166] exit_group(0) = ? [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x555555b5f660, 24) = 0 [pid 5183] chdir("./9") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5183] munmap(0x7fba3843a000, 16777216) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./bus", 0777) = 0 [pid 5183] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5183] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./bus") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5183] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5183] exit_group(0) = ? [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 61.454884][ T5183] loop0: detected capacity change from 0 to 32768 [ 61.466462][ T5183] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5183) umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5200 ./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x555555b5f660, 24) = 0 [pid 5200] chdir("./10") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5200] munmap(0x7fba3843a000, 16777216) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] mkdir("./bus", 0777) = 0 [ 61.879662][ T5200] loop0: detected capacity change from 0 to 32768 [ 61.890481][ T5200] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5200) [ 61.906689][ T5200] _btrfs_printk: 30 callbacks suppressed [ 61.906705][ T5200] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 61.921707][ T5200] BTRFS info (device loop0): enabling auto defrag [ 61.928248][ T5200] BTRFS info (device loop0): enabling disk space caching [ 61.935667][ T5200] BTRFS info (device loop0): disabling tree log [ 61.942534][ T5200] BTRFS info (device loop0): force clearing of disk cache [ 61.949776][ T5200] BTRFS info (device loop0): force zlib compression, level 3 [ 61.957181][ T5200] BTRFS info (device loop0): disabling disk space caching [ 61.977244][ T5200] BTRFS info (device loop0): enabling ssd optimizations [ 61.984631][ T5200] BTRFS info (device loop0): auto enabling async discard [ 61.993334][ T5200] BTRFS info (device loop0): rebuilding free space tree [ 62.005038][ T5200] BTRFS info (device loop0): disabling free space tree [ 62.012383][ T5200] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5200] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5200] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./bus") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5200] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5200] exit_group(0) = ? [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 62.022313][ T5200] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x555555b5f660, 24) = 0 [pid 5218] chdir("./11") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5218] munmap(0x7fba3843a000, 16777216) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./bus", 0777) = 0 [ 62.412738][ T5218] loop0: detected capacity change from 0 to 32768 [ 62.422628][ T5218] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5218) [ 62.440689][ T5218] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 62.449570][ T5218] BTRFS info (device loop0): enabling auto defrag [ 62.456027][ T5218] BTRFS info (device loop0): enabling disk space caching [ 62.463190][ T5218] BTRFS info (device loop0): disabling tree log [ 62.469790][ T5218] BTRFS info (device loop0): force clearing of disk cache [ 62.477082][ T5218] BTRFS info (device loop0): force zlib compression, level 3 [ 62.484644][ T5218] BTRFS info (device loop0): disabling disk space caching [ 62.505573][ T5218] BTRFS info (device loop0): enabling ssd optimizations [pid 5218] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./bus") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5218] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 62.512993][ T5218] BTRFS info (device loop0): auto enabling async discard [ 62.521208][ T5218] BTRFS info (device loop0): rebuilding free space tree [ 62.532286][ T5218] BTRFS info (device loop0): disabling free space tree [ 62.539211][ T5218] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.549113][ T5218] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5235 ./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x555555b5f660, 24) = 0 [pid 5235] chdir("./12") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] memfd_create("syzkaller", 0) = 3 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5235] munmap(0x7fba3843a000, 16777216) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5235] close(3) = 0 [pid 5235] mkdir("./bus", 0777) = 0 [ 62.939699][ T5235] loop0: detected capacity change from 0 to 32768 [ 62.950796][ T5235] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5235) [ 62.968312][ T5235] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 62.977224][ T5235] BTRFS info (device loop0): enabling auto defrag [ 62.983744][ T5235] BTRFS info (device loop0): enabling disk space caching [ 62.990809][ T5235] BTRFS info (device loop0): disabling tree log [ 62.997160][ T5235] BTRFS info (device loop0): force clearing of disk cache [ 63.004508][ T5235] BTRFS info (device loop0): force zlib compression, level 3 [ 63.012097][ T5235] BTRFS info (device loop0): disabling disk space caching [ 63.030987][ T5235] BTRFS info (device loop0): enabling ssd optimizations [pid 5235] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5235] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5235] chdir("./bus") = 0 [pid 5235] ioctl(4, LOOP_CLR_FD) = 0 [pid 5235] close(4) = 0 [pid 5235] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5235] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5235] exit_group(0) = ? [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 63.038076][ T5235] BTRFS info (device loop0): auto enabling async discard [ 63.046535][ T5235] BTRFS info (device loop0): rebuilding free space tree [ 63.057798][ T5235] BTRFS info (device loop0): disabling free space tree [ 63.064969][ T5235] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.075525][ T5235] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5252 ./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x555555b5f660, 24) = 0 [pid 5252] chdir("./13") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5252] munmap(0x7fba3843a000, 16777216) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./bus", 0777) = 0 [ 63.455709][ T5252] loop0: detected capacity change from 0 to 32768 [ 63.466805][ T5252] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5252) [ 63.484634][ T5252] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 63.493514][ T5252] BTRFS info (device loop0): enabling auto defrag [ 63.500008][ T5252] BTRFS info (device loop0): enabling disk space caching [ 63.507177][ T5252] BTRFS info (device loop0): disabling tree log [ 63.513757][ T5252] BTRFS info (device loop0): force clearing of disk cache [ 63.520993][ T5252] BTRFS info (device loop0): force zlib compression, level 3 [ 63.528408][ T5252] BTRFS info (device loop0): disabling disk space caching [ 63.547586][ T5252] BTRFS info (device loop0): enabling ssd optimizations [pid 5252] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./bus") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5252] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5252] exit_group(0) = ? [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 63.554813][ T5252] BTRFS info (device loop0): auto enabling async discard [ 63.563284][ T5252] BTRFS info (device loop0): rebuilding free space tree [ 63.574066][ T5252] BTRFS info (device loop0): disabling free space tree [ 63.581151][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.590892][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5269 ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x555555b5f660, 24) = 0 [pid 5269] chdir("./14") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5269] munmap(0x7fba3843a000, 16777216) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] mkdir("./bus", 0777) = 0 [ 63.992291][ T5269] loop0: detected capacity change from 0 to 32768 [ 64.002637][ T5269] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5269) [ 64.017446][ T5269] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 64.026583][ T5269] BTRFS info (device loop0): enabling auto defrag [ 64.033157][ T5269] BTRFS info (device loop0): enabling disk space caching [ 64.040378][ T5269] BTRFS info (device loop0): disabling tree log [ 64.046641][ T5269] BTRFS info (device loop0): force clearing of disk cache [ 64.053800][ T5269] BTRFS info (device loop0): force zlib compression, level 3 [ 64.061251][ T5269] BTRFS info (device loop0): disabling disk space caching [ 64.078989][ T5269] BTRFS info (device loop0): enabling ssd optimizations [pid 5269] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5269] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./bus") = 0 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5269] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5269] exit_group(0) = ? [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 64.086298][ T5269] BTRFS info (device loop0): auto enabling async discard [ 64.094485][ T5269] BTRFS info (device loop0): rebuilding free space tree [ 64.105377][ T5269] BTRFS info (device loop0): disabling free space tree [ 64.112817][ T5269] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.122616][ T5269] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5286 ./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x555555b5f660, 24) = 0 [pid 5286] chdir("./15") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] memfd_create("syzkaller", 0) = 3 [pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5286] munmap(0x7fba3843a000, 16777216) = 0 [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5286] close(3) = 0 [pid 5286] mkdir("./bus", 0777) = 0 [ 64.509371][ T5286] loop0: detected capacity change from 0 to 32768 [ 64.519053][ T5286] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5286) [ 64.535876][ T5286] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 64.544837][ T5286] BTRFS info (device loop0): enabling auto defrag [ 64.551503][ T5286] BTRFS info (device loop0): enabling disk space caching [ 64.558768][ T5286] BTRFS info (device loop0): disabling tree log [ 64.565535][ T5286] BTRFS info (device loop0): force clearing of disk cache [ 64.573086][ T5286] BTRFS info (device loop0): force zlib compression, level 3 [ 64.581026][ T5286] BTRFS info (device loop0): disabling disk space caching [ 64.599867][ T5286] BTRFS info (device loop0): enabling ssd optimizations [pid 5286] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5286] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5286] chdir("./bus") = 0 [pid 5286] ioctl(4, LOOP_CLR_FD) = 0 [pid 5286] close(4) = 0 [pid 5286] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5286] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5286] exit_group(0) = ? [pid 5286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 64.606924][ T5286] BTRFS info (device loop0): auto enabling async discard [ 64.614883][ T5286] BTRFS info (device loop0): rebuilding free space tree [ 64.625524][ T5286] BTRFS info (device loop0): disabling free space tree [ 64.632556][ T5286] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.642254][ T5286] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5303 ./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x555555b5f660, 24) = 0 [pid 5303] chdir("./16") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] memfd_create("syzkaller", 0) = 3 [pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5303] munmap(0x7fba3843a000, 16777216) = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] close(3) = 0 [pid 5303] mkdir("./bus", 0777) = 0 [ 65.034144][ T5303] loop0: detected capacity change from 0 to 32768 [ 65.044270][ T5303] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5303) [ 65.061445][ T5303] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 65.070217][ T5303] BTRFS info (device loop0): enabling auto defrag [ 65.076995][ T5303] BTRFS info (device loop0): enabling disk space caching [ 65.084328][ T5303] BTRFS info (device loop0): disabling tree log [ 65.091461][ T5303] BTRFS info (device loop0): force clearing of disk cache [ 65.099090][ T5303] BTRFS info (device loop0): force zlib compression, level 3 [ 65.107292][ T5303] BTRFS info (device loop0): disabling disk space caching [ 65.130995][ T5303] BTRFS info (device loop0): enabling ssd optimizations [ 65.139939][ T5303] BTRFS info (device loop0): auto enabling async discard [ 65.148733][ T5303] BTRFS info (device loop0): rebuilding free space tree [ 65.162079][ T5303] BTRFS info (device loop0): disabling free space tree [ 65.169557][ T5303] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5303] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5303] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5303] chdir("./bus") = 0 [pid 5303] ioctl(4, LOOP_CLR_FD) = 0 [pid 5303] close(4) = 0 [pid 5303] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5303] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5303] exit_group(0) = ? [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 65.180009][ T5303] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x555555b5f660, 24) = 0 [pid 5320] chdir("./17") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] memfd_create("syzkaller", 0) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5320] munmap(0x7fba3843a000, 16777216) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] mkdir("./bus", 0777) = 0 [ 65.571149][ T5320] loop0: detected capacity change from 0 to 32768 [ 65.581780][ T5320] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5320) [ 65.600138][ T5320] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 65.609000][ T5320] BTRFS info (device loop0): enabling auto defrag [ 65.615822][ T5320] BTRFS info (device loop0): enabling disk space caching [ 65.623316][ T5320] BTRFS info (device loop0): disabling tree log [ 65.630317][ T5320] BTRFS info (device loop0): force clearing of disk cache [ 65.637595][ T5320] BTRFS info (device loop0): force zlib compression, level 3 [ 65.645496][ T5320] BTRFS info (device loop0): disabling disk space caching [pid 5320] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5320] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./bus") = 0 [pid 5320] ioctl(4, LOOP_CLR_FD) = 0 [pid 5320] close(4) = 0 [pid 5320] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5320] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5320] exit_group(0) = ? [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 65.665308][ T5320] BTRFS info (device loop0): enabling ssd optimizations [ 65.672499][ T5320] BTRFS info (device loop0): auto enabling async discard umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5337 ./strace-static-x86_64: Process 5337 attached [pid 5337] set_robust_list(0x555555b5f660, 24) = 0 [pid 5337] chdir("./18") = 0 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5337] setpgid(0, 0) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5337] write(3, "1000", 4) = 4 [pid 5337] close(3) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5337] memfd_create("syzkaller", 0) = 3 [pid 5337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5337] munmap(0x7fba3843a000, 16777216) = 0 [pid 5337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5337] close(3) = 0 [pid 5337] mkdir("./bus", 0777) = 0 [pid 5337] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5337] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5337] chdir("./bus") = 0 [pid 5337] ioctl(4, LOOP_CLR_FD) = 0 [pid 5337] close(4) = 0 [ 66.066671][ T5337] loop0: detected capacity change from 0 to 32768 [ 66.076310][ T5337] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5337) [pid 5337] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5337] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5337] exit_group(0) = ? [pid 5337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5354 ./strace-static-x86_64: Process 5354 attached [pid 5354] set_robust_list(0x555555b5f660, 24) = 0 [pid 5354] chdir("./19") = 0 [pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5354] setpgid(0, 0) = 0 [pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5354] write(3, "1000", 4) = 4 [pid 5354] close(3) = 0 [pid 5354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5354] munmap(0x7fba3843a000, 16777216) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./bus", 0777) = 0 [pid 5354] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5354] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./bus") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [ 66.494902][ T5354] loop0: detected capacity change from 0 to 32768 [ 66.507072][ T5354] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5354) [pid 5354] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5354] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5354] exit_group(0) = ? [pid 5354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5354, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=17 /* 0.17 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5371 ./strace-static-x86_64: Process 5371 attached [pid 5371] set_robust_list(0x555555b5f660, 24) = 0 [pid 5371] chdir("./20") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] memfd_create("syzkaller", 0) = 3 [pid 5371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5371] munmap(0x7fba3843a000, 16777216) = 0 [pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5371] close(3) = 0 [pid 5371] mkdir("./bus", 0777) = 0 [ 66.916746][ T5371] loop0: detected capacity change from 0 to 32768 [ 66.927298][ T5371] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5371) [ 66.944706][ T5371] _btrfs_printk: 30 callbacks suppressed [ 66.944718][ T5371] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 66.959041][ T5371] BTRFS info (device loop0): enabling auto defrag [ 66.965562][ T5371] BTRFS info (device loop0): enabling disk space caching [ 66.972921][ T5371] BTRFS info (device loop0): disabling tree log [ 66.979206][ T5371] BTRFS info (device loop0): force clearing of disk cache [ 66.986591][ T5371] BTRFS info (device loop0): force zlib compression, level 3 [ 66.994216][ T5371] BTRFS info (device loop0): disabling disk space caching [ 67.015292][ T5371] BTRFS info (device loop0): enabling ssd optimizations [ 67.022791][ T5371] BTRFS info (device loop0): auto enabling async discard [ 67.030898][ T5371] BTRFS info (device loop0): rebuilding free space tree [ 67.042150][ T5371] BTRFS info (device loop0): disabling free space tree [ 67.049089][ T5371] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5371] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5371] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5371] chdir("./bus") = 0 [pid 5371] ioctl(4, LOOP_CLR_FD) = 0 [pid 5371] close(4) = 0 [pid 5371] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5371] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5371] exit_group(0) = ? [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 67.058929][ T5371] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x555555b5f660, 24) = 0 [pid 5389] chdir("./21") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] memfd_create("syzkaller", 0) = 3 [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5389] munmap(0x7fba3843a000, 16777216) = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5389] close(3) = 0 [pid 5389] mkdir("./bus", 0777) = 0 [ 67.443267][ T5389] loop0: detected capacity change from 0 to 32768 [ 67.453120][ T5389] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5389) [ 67.470971][ T5389] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 67.479746][ T5389] BTRFS info (device loop0): enabling auto defrag [ 67.486366][ T5389] BTRFS info (device loop0): enabling disk space caching [ 67.494034][ T5389] BTRFS info (device loop0): disabling tree log [ 67.500706][ T5389] BTRFS info (device loop0): force clearing of disk cache [ 67.508275][ T5389] BTRFS info (device loop0): force zlib compression, level 3 [ 67.516510][ T5389] BTRFS info (device loop0): disabling disk space caching [ 67.534482][ T5389] BTRFS info (device loop0): enabling ssd optimizations [pid 5389] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5389] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5389] chdir("./bus") = 0 [pid 5389] ioctl(4, LOOP_CLR_FD) = 0 [pid 5389] close(4) = 0 [pid 5389] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5389] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5389] exit_group(0) = ? [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 67.541660][ T5389] BTRFS info (device loop0): auto enabling async discard [ 67.549853][ T5389] BTRFS info (device loop0): rebuilding free space tree [ 67.561356][ T5389] BTRFS info (device loop0): disabling free space tree [ 67.568931][ T5389] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 67.579774][ T5389] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5406 ./strace-static-x86_64: Process 5406 attached [pid 5406] set_robust_list(0x555555b5f660, 24) = 0 [pid 5406] chdir("./22") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] memfd_create("syzkaller", 0) = 3 [pid 5406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5406] munmap(0x7fba3843a000, 16777216) = 0 [pid 5406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5406] close(3) = 0 [pid 5406] mkdir("./bus", 0777) = 0 [ 67.965874][ T5406] loop0: detected capacity change from 0 to 32768 [ 67.976006][ T5406] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5406) [ 67.994360][ T5406] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 68.003908][ T5406] BTRFS info (device loop0): enabling auto defrag [ 68.010805][ T5406] BTRFS info (device loop0): enabling disk space caching [ 68.020871][ T5406] BTRFS info (device loop0): disabling tree log [ 68.027649][ T5406] BTRFS info (device loop0): force clearing of disk cache [ 68.038037][ T5406] BTRFS info (device loop0): force zlib compression, level 3 [ 68.045954][ T5406] BTRFS info (device loop0): disabling disk space caching [ 68.065046][ T5406] BTRFS info (device loop0): enabling ssd optimizations [ 68.072326][ T5406] BTRFS info (device loop0): auto enabling async discard [ 68.081564][ T5406] BTRFS info (device loop0): rebuilding free space tree [ 68.092562][ T5406] BTRFS info (device loop0): disabling free space tree [ 68.099990][ T5406] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5406] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5406] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5406] chdir("./bus") = 0 [pid 5406] ioctl(4, LOOP_CLR_FD) = 0 [pid 5406] close(4) = 0 [pid 5406] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5406] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5406] exit_group(0) = ? [pid 5406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5406, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 68.110327][ T5406] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5423 ./strace-static-x86_64: Process 5423 attached [pid 5423] set_robust_list(0x555555b5f660, 24) = 0 [pid 5423] chdir("./23") = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5423] setpgid(0, 0) = 0 [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] memfd_create("syzkaller", 0) = 3 [pid 5423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5423] munmap(0x7fba3843a000, 16777216) = 0 [pid 5423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5423] close(3) = 0 [pid 5423] mkdir("./bus", 0777) = 0 [ 68.497428][ T5423] loop0: detected capacity change from 0 to 32768 [ 68.507535][ T5423] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5423) [ 68.526075][ T5423] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 68.535385][ T5423] BTRFS info (device loop0): enabling auto defrag [ 68.543371][ T5423] BTRFS info (device loop0): enabling disk space caching [ 68.550894][ T5423] BTRFS info (device loop0): disabling tree log [ 68.557169][ T5423] BTRFS info (device loop0): force clearing of disk cache [ 68.565132][ T5423] BTRFS info (device loop0): force zlib compression, level 3 [ 68.573443][ T5423] BTRFS info (device loop0): disabling disk space caching [ 68.594181][ T5423] BTRFS info (device loop0): enabling ssd optimizations [ 68.601805][ T5423] BTRFS info (device loop0): auto enabling async discard [ 68.610204][ T5423] BTRFS info (device loop0): rebuilding free space tree [ 68.621483][ T5423] BTRFS info (device loop0): disabling free space tree [ 68.628601][ T5423] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.638339][ T5423] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5423] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5423] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5423] chdir("./bus") = 0 [pid 5423] ioctl(4, LOOP_CLR_FD) = 0 [pid 5423] close(4) = 0 [pid 5423] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5423] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5423] exit_group(0) = ? [pid 5423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5423, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=24 /* 0.24 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5440 ./strace-static-x86_64: Process 5440 attached [pid 5440] set_robust_list(0x555555b5f660, 24) = 0 [pid 5440] chdir("./24") = 0 [pid 5440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5440] setpgid(0, 0) = 0 [pid 5440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5440] write(3, "1000", 4) = 4 [pid 5440] close(3) = 0 [pid 5440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5440] memfd_create("syzkaller", 0) = 3 [pid 5440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5440] munmap(0x7fba3843a000, 16777216) = 0 [pid 5440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5440] close(3) = 0 [pid 5440] mkdir("./bus", 0777) = 0 [ 69.015252][ T5440] loop0: detected capacity change from 0 to 32768 [ 69.025515][ T5440] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5440) [ 69.043940][ T5440] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 69.052861][ T5440] BTRFS info (device loop0): enabling auto defrag [ 69.059337][ T5440] BTRFS info (device loop0): enabling disk space caching [ 69.066661][ T5440] BTRFS info (device loop0): disabling tree log [ 69.073008][ T5440] BTRFS info (device loop0): force clearing of disk cache [ 69.080182][ T5440] BTRFS info (device loop0): force zlib compression, level 3 [ 69.087664][ T5440] BTRFS info (device loop0): disabling disk space caching [ 69.105774][ T5440] BTRFS info (device loop0): enabling ssd optimizations [pid 5440] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5440] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5440] chdir("./bus") = 0 [pid 5440] ioctl(4, LOOP_CLR_FD) = 0 [pid 5440] close(4) = 0 [pid 5440] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5440] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5440] exit_group(0) = ? [pid 5440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5440, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 69.112868][ T5440] BTRFS info (device loop0): auto enabling async discard [ 69.121204][ T5440] BTRFS info (device loop0): rebuilding free space tree [ 69.132574][ T5440] BTRFS info (device loop0): disabling free space tree [ 69.139753][ T5440] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.149817][ T5440] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5457 ./strace-static-x86_64: Process 5457 attached [pid 5457] set_robust_list(0x555555b5f660, 24) = 0 [pid 5457] chdir("./25") = 0 [pid 5457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5457] setpgid(0, 0) = 0 [pid 5457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5457] write(3, "1000", 4) = 4 [pid 5457] close(3) = 0 [pid 5457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5457] memfd_create("syzkaller", 0) = 3 [pid 5457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5457] munmap(0x7fba3843a000, 16777216) = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5457] close(3) = 0 [pid 5457] mkdir("./bus", 0777) = 0 [ 69.529208][ T5457] loop0: detected capacity change from 0 to 32768 [ 69.540513][ T5457] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5457) [ 69.557691][ T5457] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 69.567381][ T5457] BTRFS info (device loop0): enabling auto defrag [ 69.575002][ T5457] BTRFS info (device loop0): enabling disk space caching [ 69.583640][ T5457] BTRFS info (device loop0): disabling tree log [ 69.591932][ T5457] BTRFS info (device loop0): force clearing of disk cache [ 69.599269][ T5457] BTRFS info (device loop0): force zlib compression, level 3 [ 69.607479][ T5457] BTRFS info (device loop0): disabling disk space caching [ 69.628148][ T5457] BTRFS info (device loop0): enabling ssd optimizations [ 69.635526][ T5457] BTRFS info (device loop0): auto enabling async discard [ 69.643735][ T5457] BTRFS info (device loop0): rebuilding free space tree [ 69.654675][ T5457] BTRFS info (device loop0): disabling free space tree [ 69.661727][ T5457] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5457] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5457] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5457] chdir("./bus") = 0 [pid 5457] ioctl(4, LOOP_CLR_FD) = 0 [pid 5457] close(4) = 0 [pid 5457] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5457] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5457] exit_group(0) = ? [pid 5457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5457, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 69.671696][ T5457] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5475 ./strace-static-x86_64: Process 5475 attached [pid 5475] set_robust_list(0x555555b5f660, 24) = 0 [pid 5475] chdir("./26") = 0 [pid 5475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5475] setpgid(0, 0) = 0 [pid 5475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5475] write(3, "1000", 4) = 4 [pid 5475] close(3) = 0 [pid 5475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5475] memfd_create("syzkaller", 0) = 3 [pid 5475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5475] munmap(0x7fba3843a000, 16777216) = 0 [pid 5475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5475] close(3) = 0 [pid 5475] mkdir("./bus", 0777) = 0 [ 70.051866][ T5475] loop0: detected capacity change from 0 to 32768 [ 70.062113][ T5475] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5475) [ 70.078628][ T5475] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 70.087482][ T5475] BTRFS info (device loop0): enabling auto defrag [ 70.094095][ T5475] BTRFS info (device loop0): enabling disk space caching [ 70.101180][ T5475] BTRFS info (device loop0): disabling tree log [ 70.107444][ T5475] BTRFS info (device loop0): force clearing of disk cache [ 70.114738][ T5475] BTRFS info (device loop0): force zlib compression, level 3 [ 70.122178][ T5475] BTRFS info (device loop0): disabling disk space caching [ 70.142254][ T5475] BTRFS info (device loop0): enabling ssd optimizations [pid 5475] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5475] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5475] chdir("./bus") = 0 [pid 5475] ioctl(4, LOOP_CLR_FD) = 0 [pid 5475] close(4) = 0 [pid 5475] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5475] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5475] exit_group(0) = ? [pid 5475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5475, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 70.149358][ T5475] BTRFS info (device loop0): auto enabling async discard [ 70.157563][ T5475] BTRFS info (device loop0): rebuilding free space tree [ 70.171181][ T5475] BTRFS info (device loop0): disabling free space tree [ 70.178720][ T5475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 70.189210][ T5475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5492 ./strace-static-x86_64: Process 5492 attached [pid 5492] set_robust_list(0x555555b5f660, 24) = 0 [pid 5492] chdir("./27") = 0 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5492] setpgid(0, 0) = 0 [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] write(3, "1000", 4) = 4 [pid 5492] close(3) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5492] memfd_create("syzkaller", 0) = 3 [pid 5492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5492] munmap(0x7fba3843a000, 16777216) = 0 [pid 5492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5492] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5492] close(3) = 0 [pid 5492] mkdir("./bus", 0777) = 0 [ 70.573995][ T5492] loop0: detected capacity change from 0 to 32768 [ 70.584566][ T5492] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5492) [ 70.599956][ T5492] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 70.608644][ T5492] BTRFS info (device loop0): enabling auto defrag [ 70.615153][ T5492] BTRFS info (device loop0): enabling disk space caching [ 70.622241][ T5492] BTRFS info (device loop0): disabling tree log [ 70.628482][ T5492] BTRFS info (device loop0): force clearing of disk cache [ 70.635678][ T5492] BTRFS info (device loop0): force zlib compression, level 3 [ 70.643263][ T5492] BTRFS info (device loop0): disabling disk space caching [ 70.662058][ T5492] BTRFS info (device loop0): enabling ssd optimizations [pid 5492] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5492] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5492] chdir("./bus") = 0 [pid 5492] ioctl(4, LOOP_CLR_FD) = 0 [pid 5492] close(4) = 0 [pid 5492] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5492] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5492] exit_group(0) = ? [pid 5492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5492, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 70.669105][ T5492] BTRFS info (device loop0): auto enabling async discard umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5509 ./strace-static-x86_64: Process 5509 attached [pid 5509] set_robust_list(0x555555b5f660, 24) = 0 [pid 5509] chdir("./28") = 0 [pid 5509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5509] setpgid(0, 0) = 0 [pid 5509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5509] write(3, "1000", 4) = 4 [pid 5509] close(3) = 0 [pid 5509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5509] memfd_create("syzkaller", 0) = 3 [pid 5509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5509] munmap(0x7fba3843a000, 16777216) = 0 [pid 5509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5509] close(3) = 0 [pid 5509] mkdir("./bus", 0777) = 0 [pid 5509] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5509] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5509] chdir("./bus") = 0 [pid 5509] ioctl(4, LOOP_CLR_FD) = 0 [ 71.056672][ T5509] loop0: detected capacity change from 0 to 32768 [ 71.066848][ T5509] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5509) [pid 5509] close(4) = 0 [pid 5509] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5509] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5509] exit_group(0) = ? [pid 5509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5509, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5526 ./strace-static-x86_64: Process 5526 attached [pid 5526] set_robust_list(0x555555b5f660, 24) = 0 [pid 5526] chdir("./29") = 0 [pid 5526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5526] setpgid(0, 0) = 0 [pid 5526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5526] write(3, "1000", 4) = 4 [pid 5526] close(3) = 0 [pid 5526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5526] memfd_create("syzkaller", 0) = 3 [pid 5526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5526] munmap(0x7fba3843a000, 16777216) = 0 [pid 5526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5526] close(3) = 0 [pid 5526] mkdir("./bus", 0777) = 0 [pid 5526] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5526] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5526] chdir("./bus") = 0 [pid 5526] ioctl(4, LOOP_CLR_FD) = 0 [ 71.467505][ T5526] loop0: detected capacity change from 0 to 32768 [ 71.477003][ T5526] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5526) [pid 5526] close(4) = 0 [pid 5526] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5526] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5526] exit_group(0) = ? [pid 5526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5526, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5543 ./strace-static-x86_64: Process 5543 attached [pid 5543] set_robust_list(0x555555b5f660, 24) = 0 [pid 5543] chdir("./30") = 0 [pid 5543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5543] setpgid(0, 0) = 0 [pid 5543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5543] write(3, "1000", 4) = 4 [pid 5543] close(3) = 0 [pid 5543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5543] memfd_create("syzkaller", 0) = 3 [pid 5543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5543] munmap(0x7fba3843a000, 16777216) = 0 [pid 5543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5543] close(3) = 0 [pid 5543] mkdir("./bus", 0777) = 0 [pid 5543] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5543] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5543] chdir("./bus") = 0 [pid 5543] ioctl(4, LOOP_CLR_FD) = 0 [pid 5543] close(4) = 0 [pid 5543] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5543] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5543] exit_group(0) = ? [pid 5543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5543, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 71.885016][ T5543] loop0: detected capacity change from 0 to 32768 [ 71.895665][ T5543] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5543) umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5560 ./strace-static-x86_64: Process 5560 attached [pid 5560] set_robust_list(0x555555b5f660, 24) = 0 [pid 5560] chdir("./31") = 0 [pid 5560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5560] setpgid(0, 0) = 0 [pid 5560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5560] write(3, "1000", 4) = 4 [pid 5560] close(3) = 0 [pid 5560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5560] memfd_create("syzkaller", 0) = 3 [pid 5560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5560] munmap(0x7fba3843a000, 16777216) = 0 [pid 5560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5560] close(3) = 0 [pid 5560] mkdir("./bus", 0777) = 0 [ 72.302933][ T5560] loop0: detected capacity change from 0 to 32768 [ 72.312865][ T5560] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5560) [ 72.327679][ T5560] _btrfs_printk: 43 callbacks suppressed [ 72.327694][ T5560] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 72.342558][ T5560] BTRFS info (device loop0): enabling auto defrag [ 72.349004][ T5560] BTRFS info (device loop0): enabling disk space caching [ 72.356260][ T5560] BTRFS info (device loop0): disabling tree log [ 72.362745][ T5560] BTRFS info (device loop0): force clearing of disk cache [ 72.369958][ T5560] BTRFS info (device loop0): force zlib compression, level 3 [ 72.377353][ T5560] BTRFS info (device loop0): disabling disk space caching [ 72.395323][ T5560] BTRFS info (device loop0): enabling ssd optimizations [pid 5560] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5560] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5560] chdir("./bus") = 0 [pid 5560] ioctl(4, LOOP_CLR_FD) = 0 [pid 5560] close(4) = 0 [pid 5560] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5560] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5560] exit_group(0) = ? [pid 5560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5560, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=26 /* 0.26 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 72.402569][ T5560] BTRFS info (device loop0): auto enabling async discard [ 72.410541][ T5560] BTRFS info (device loop0): rebuilding free space tree [ 72.422107][ T5560] BTRFS info (device loop0): disabling free space tree [ 72.429591][ T5560] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 72.439233][ T5560] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555b68730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b68730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555555b606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b5f650) = 5577 ./strace-static-x86_64: Process 5577 attached [pid 5577] set_robust_list(0x555555b5f660, 24) = 0 [pid 5577] chdir("./32") = 0 [pid 5577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5577] setpgid(0, 0) = 0 [pid 5577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5577] write(3, "1000", 4) = 4 [pid 5577] close(3) = 0 [pid 5577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5577] memfd_create("syzkaller", 0) = 3 [pid 5577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba3843a000 [pid 5577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5577] munmap(0x7fba3843a000, 16777216) = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5577] close(3) = 0 [pid 5577] mkdir("./bus", 0777) = 0 [ 72.821014][ T5577] loop0: detected capacity change from 0 to 32768 [ 72.830561][ T5577] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor235 (5577) [ 72.848176][ T5577] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 72.857192][ T5577] BTRFS info (device loop0): enabling auto defrag [ 72.864270][ T5577] BTRFS info (device loop0): enabling disk space caching [ 72.871490][ T5577] BTRFS info (device loop0): disabling tree log [ 72.877855][ T5577] BTRFS info (device loop0): force clearing of disk cache [ 72.885230][ T5577] BTRFS info (device loop0): force zlib compression, level 3 [ 72.892662][ T5577] BTRFS info (device loop0): disabling disk space caching [ 72.910698][ T5577] BTRFS info (device loop0): enabling ssd optimizations [pid 5577] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC, "autodefrag,autodefrag,space_cache=v1,notreelog,clear_cache,compress-force,noenospc_debug,barrier,nos"...) = 0 [pid 5577] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5577] chdir("./bus") = 0 [pid 5577] ioctl(4, LOOP_CLR_FD) = 0 [pid 5577] close(4) = 0 [pid 5577] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5577] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x61\x67\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x31"..., 65191) = 65191 [pid 5577] exit_group(0) = ? [pid 5577] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5577, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555b606f0 /* 4 entries */, 32768) = 104 [ 72.917927][ T5577] BTRFS info (device loop0): auto enabling async discard [ 72.926206][ T5577] BTRFS info (device loop0): rebuilding free space tree [ 72.938627][ T5577] BTRFS info (device loop0): disabling free space tree [ 72.945923][ T5577] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 72.955639][ T5577] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.023306][ T5014] assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4360 [ 73.033388][ T5014] ------------[ cut here ]------------ [ 73.038933][ T5014] kernel BUG at fs/btrfs/disk-io.c:4360! [ 73.045165][ T5014] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 73.051260][ T5014] CPU: 0 PID: 5014 Comm: syz-executor235 Not tainted 6.5.0-rc3-syzkaller-00275-gffabf7c73176 #0 [ 73.061686][ T5014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 73.071762][ T5014] RIP: 0010:close_ctree+0x8ce/0xd00 [ 73.077006][ T5014] Code: f7 e9 62 f9 ff ff e8 11 1f d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 40 32 4a 8b 48 c7 c2 e0 03 4a 8b b9 08 11 00 00 e8 a2 99 ff ff <0f> 0b e8 eb 1e d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 e0 32 4a 8b 48 [ 73.096821][ T5014] RSP: 0018:ffffc900038ffa80 EFLAGS: 00010246 [ 73.102976][ T5014] RAX: 0000000000000051 RBX: ffff888017710d48 RCX: 3b063c94712fcf00 [ 73.110993][ T5014] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 73.118956][ T5014] RBP: ffffc900038ffc18 R08: ffffffff816f6bcc R09: 1ffff9200071ff04 [ 73.126918][ T5014] R10: dffffc0000000000 R11: fffff5200071ff05 R12: ffff888017710fb0 [ 73.134879][ T5014] R13: ffff888017710000 R14: 1ffff11002ee225e R15: 0000000000000000 [ 73.142855][ T5014] FS: 0000555555b5f380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 73.151880][ T5014] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.158553][ T5014] CR2: 00007fff1f253b38 CR3: 0000000022882000 CR4: 00000000003506f0 [ 73.166778][ T5014] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.174825][ T5014] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.182904][ T5014] Call Trace: [ 73.186302][ T5014] [ 73.192280][ T5014] ? __die_body+0x5e/0xa0 [ 73.196623][ T5014] ? die+0x87/0xb0 [ 73.200337][ T5014] ? do_trap+0x11e/0x350 [ 73.204568][ T5014] ? close_ctree+0x8ce/0xd00 [ 73.209147][ T5014] ? close_ctree+0x8ce/0xd00 [ 73.213855][ T5014] ? do_error_trap+0x141/0x1f0 [ 73.218638][ T5014] ? close_ctree+0x8ce/0xd00 [ 73.223221][ T5014] ? do_int3+0x30/0x30 [ 73.227287][ T5014] ? report_bug+0x3e4/0x500 [ 73.232130][ T5014] ? handle_invalid_op+0x2c/0x40 [ 73.237062][ T5014] ? close_ctree+0x8ce/0xd00 [ 73.242079][ T5014] ? exc_invalid_op+0x33/0x50 [ 73.247092][ T5014] ? asm_exc_invalid_op+0x1a/0x20 [ 73.252202][ T5014] ? __wake_up_klogd+0xcc/0x100 [ 73.257049][ T5014] ? close_ctree+0x8ce/0xd00 [ 73.261808][ T5014] ? hook_sb_delete+0xa07/0xb30 [ 73.266652][ T5014] ? init_tree_roots+0x1db0/0x1db0 [ 73.271913][ T5014] ? hook_inode_free_security+0xb0/0xb0 [ 73.277467][ T5014] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 73.283292][ T5014] ? clear_inode+0x150/0x150 [ 73.287903][ T5014] ? fscrypt_destroy_keyring+0x273/0x290 [ 73.293534][ T5014] ? btrfs_fill_super+0x2f0/0x2f0 [ 73.298652][ T5014] generic_shutdown_super+0x134/0x340 [ 73.304034][ T5014] kill_anon_super+0x3b/0x60 [ 73.308619][ T5014] btrfs_kill_super+0x41/0x50 [ 73.313287][ T5014] deactivate_locked_super+0xa4/0x110 [ 73.318758][ T5014] cleanup_mnt+0x426/0x4c0 [ 73.323287][ T5014] ? _raw_spin_unlock_irq+0x23/0x50 [ 73.328486][ T5014] task_work_run+0x24a/0x300 [ 73.333201][ T5014] ? dput+0x3a1/0x420 [ 73.337228][ T5014] ? task_work_cancel+0x2b0/0x2b0 [ 73.342428][ T5014] ? __x64_sys_umount+0x126/0x170 [ 73.347442][ T5014] ptrace_notify+0x2cd/0x380 [ 73.352025][ T5014] ? do_notify_parent+0xf50/0xf50 [ 73.357031][ T5014] ? user_path_at_empty+0x12f/0x180 [ 73.362237][ T5014] ? __x64_sys_umount+0x126/0x170 [ 73.367382][ T5014] ? path_umount+0xf40/0xf40 [ 73.371989][ T5014] ? syscall_enter_from_user_mode+0x32/0x230 [ 73.377995][ T5014] syscall_exit_to_user_mode+0x157/0x280 [ 73.383655][ T5014] do_syscall_64+0x4d/0xc0 [ 73.388238][ T5014] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.394298][ T5014] RIP: 0033:0x7fba4087a4c7 [ 73.398701][ T5014] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 73.419450][ T5014] RSP: 002b:00007fff1f2542e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 73.428230][ T5014] RAX: 0000000000000000 RBX: 0000000000011b56 RCX: 00007fba4087a4c7 [ 73.436829][ T5014] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fff1f2543a0 [ 73.445166][ T5014] RBP: 00007fff1f2543a0 R08: 0000000000000000 R09: 0000000000000000 [ 73.453224][ T5014] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff1f255410 [ 73.461798][ T5014] R13: 0000555555b606c0 R14: 431bde82d7b634db R15: 00007fff1f255430 [ 73.472391][ T5014] [ 73.475857][ T5014] Modules linked in: [ 73.480671][ T5014] ---[ end trace 0000000000000000 ]--- [ 73.486489][ T5014] RIP: 0010:close_ctree+0x8ce/0xd00 [ 73.492310][ T5014] Code: f7 e9 62 f9 ff ff e8 11 1f d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 40 32 4a 8b 48 c7 c2 e0 03 4a 8b b9 08 11 00 00 e8 a2 99 ff ff <0f> 0b e8 eb 1e d1 f6 48 c7 c7 60 03 4a 8b 48 c7 c6 e0 32 4a 8b 48 [ 73.512517][ T5014] RSP: 0018:ffffc900038ffa80 EFLAGS: 00010246 [ 73.519214][ T5014] RAX: 0000000000000051 RBX: ffff888017710d48 RCX: 3b063c94712fcf00 [ 73.527424][ T5014] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 73.535571][ T5014] RBP: ffffc900038ffc18 R08: ffffffff816f6bcc R09: 1ffff9200071ff04 [ 73.543951][ T5014] R10: dffffc0000000000 R11: fffff5200071ff05 R12: ffff888017710fb0 [ 73.551955][ T5014] R13: ffff888017710000 R14: 1ffff11002ee225e R15: 0000000000000000 [ 73.559969][ T5014] FS: 0000555555b5f380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 73.569108][ T5014] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.575730][ T5014] CR2: 00007fff1f253b38 CR3: 0000000022882000 CR4: 00000000003506f0 [ 73.585230][ T5014] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.597044][ T5014] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.605250][ T5014] Kernel panic - not syncing: Fatal exception [ 73.611869][ T5014] Kernel Offset: disabled [ 73.616377][ T5014] Rebooting in 86400 seconds..