./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1393078879 <...> Warning: Permanently added '10.128.1.134' (ED25519) to the list of known hosts. execve("./syz-executor1393078879", ["./syz-executor1393078879"], 0x7fffba18e240 /* 10 vars */) = 0 brk(NULL) = 0x55555613b000 brk(0x55555613bd00) = 0x55555613bd00 arch_prctl(ARCH_SET_FS, 0x55555613b380) = 0 set_tid_address(0x55555613b650) = 5064 set_robust_list(0x55555613b660, 24) = 0 rseq(0x55555613bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1393078879", 4096) = 28 getrandom("\xdf\xef\x45\x5d\x8e\xaf\x70\x7a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555613bd00 brk(0x55555615cd00) = 0x55555615cd00 brk(0x55555615d000) = 0x55555615d000 mprotect(0x7fefdf5a1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x55555613b660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x55555613b650) = 5065 [pid 5065] <... set_robust_list resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] mkdir("./syzkaller.7xawTE", 0700./strace-static-x86_64: Process 5066 attached ) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555613b650) = 5066 [pid 5066] set_robust_list(0x55555613b660, 24 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] chmod("./syzkaller.7xawTE", 0777 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] <... chmod resumed>) = 0 [pid 5065] chdir("./syzkaller.7xawTE"./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x55555613b660, 24 [pid 5065] <... chdir resumed>) = 0 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] mkdir("./syzkaller.RqBYMW", 0700 [pid 5064] <... clone resumed>, child_tidptr=0x55555613b650) = 5067 [pid 5067] mkdir("./syzkaller.eRt90g", 0700 [pid 5065] mkdir("./0", 0777 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] chmod("./syzkaller.RqBYMW", 0777 [pid 5067] <... mkdir resumed>) = 0 [pid 5066] <... chmod resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5068 attached [pid 5067] chmod("./syzkaller.eRt90g", 0777 [pid 5066] chdir("./syzkaller.RqBYMW" [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... clone resumed>, child_tidptr=0x55555613b650) = 5068 [pid 5068] set_robust_list(0x55555613b660, 24 [pid 5066] <... chdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... set_robust_list resumed>) = 0 [pid 5066] mkdir("./0", 0777 [pid 5068] mkdir("./syzkaller.fDjUzi", 0700 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5069 attached [pid 5068] <... mkdir resumed>) = 0 [pid 5067] <... chmod resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x55555613b650) = 5069 [pid 5068] chmod("./syzkaller.fDjUzi", 0777 [pid 5067] chdir("./syzkaller.eRt90g" [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] set_robust_list(0x55555613b660, 24 [pid 5068] <... chmod resumed>) = 0 [pid 5067] <... chdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5069] <... set_robust_list resumed>) = 0 [pid 5069] mkdir("./syzkaller.fCXbkE", 0700 [pid 5067] mkdir("./0", 0777 [pid 5065] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5070 attached [pid 5064] <... clone resumed>, child_tidptr=0x55555613b650) = 5070 [pid 5069] <... mkdir resumed>) = 0 [pid 5068] chdir("./syzkaller.fDjUzi" [pid 5067] <... mkdir resumed>) = 0 [pid 5065] close(3 [pid 5068] <... chdir resumed>) = 0 [pid 5070] set_robust_list(0x55555613b660, 24 [pid 5069] chmod("./syzkaller.fCXbkE", 0777 [pid 5068] mkdir("./0", 0777 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] close(3 [pid 5065] <... close resumed>) = 0 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5069] <... chmod resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] chdir("./syzkaller.fCXbkE" [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5067] <... openat resumed>) = 3 [pid 5070] mkdir("./syzkaller.9Qsbf4", 0700 [pid 5069] <... chdir resumed>) = 0 [pid 5069] mkdir("./0", 0777 [pid 5068] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5072 attached [pid 5069] <... mkdir resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5072] set_robust_list(0x55555613b660, 24 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] <... set_robust_list resumed>) = 0 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] chdir("./0" [pid 5068] close(3 [pid 5067] close(3 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5068] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5072] <... chdir resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached ./strace-static-x86_64: Process 5071 attached [pid 5072] <... prctl resumed>) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 5071 [pid 5065] <... clone resumed>, child_tidptr=0x55555613b650) = 5072 [pid 5073] set_robust_list(0x55555613b660, 24 [pid 5071] set_robust_list(0x55555613b660, 24 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5070] chmod("./syzkaller.9Qsbf4", 0777 [pid 5073] chdir("./0" [pid 5072] setpgid(0, 0 [pid 5069] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5074 attached [pid 5073] <... chdir resumed>) = 0 [pid 5072] <... setpgid resumed>) = 0 [pid 5071] chdir("./0" [pid 5070] <... chmod resumed>) = 0 [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5074] set_robust_list(0x55555613b660, 24 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] <... chdir resumed>) = 0 [pid 5070] chdir("./syzkaller.9Qsbf4" [pid 5069] close(3 [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 5073 [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 5074 [pid 5074] <... set_robust_list resumed>) = 0 [pid 5073] <... prctl resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] <... chdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5074] chdir("./0" [pid 5073] setpgid(0, 0 [pid 5072] write(3, "1000", 4 [pid 5071] <... prctl resumed>) = 0 [pid 5070] mkdir("./0", 0777 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached [pid 5074] <... chdir resumed>) = 0 [pid 5073] <... setpgid resumed>) = 0 [pid 5072] <... write resumed>) = 4 [pid 5071] setpgid(0, 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5075] set_robust_list(0x55555613b660, 24 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] close(3 [pid 5071] <... setpgid resumed>) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] <... prctl resumed>) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5072] <... close resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 5075 [pid 5075] chdir("./0" [pid 5072] symlink("/dev/binderfs", "./binderfs" [pid 5070] <... openat resumed>) = 3 [pid 5074] setpgid(0, 0 [pid 5073] write(3, "1000", 4 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] <... chdir resumed>) = 0 [pid 5074] <... setpgid resumed>) = 0 [pid 5073] <... write resumed>) = 4 [pid 5072] <... symlink resumed>) = 0 [pid 5073] close(3 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5071] <... openat resumed>) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD [pid 5075] <... prctl resumed>) = 0 [pid 5074] <... openat resumed>) = 3 [pid 5073] <... close resumed>) = 0 [pid 5072] memfd_create("syzkaller", 0 [pid 5071] write(3, "1000", 4 [pid 5070] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5075] setpgid(0, 0 [pid 5074] write(3, "1000", 4 [pid 5073] symlink("/dev/binderfs", "./binderfs" [pid 5072] <... memfd_create resumed>) = 3 [pid 5071] <... write resumed>) = 4 [pid 5070] close(3 [pid 5075] <... setpgid resumed>) = 0 [pid 5074] <... write resumed>) = 4 [pid 5073] <... symlink resumed>) = 0 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5071] close(3 [pid 5070] <... close resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] close(3 [pid 5072] <... mmap resumed>) = 0x7fefd70e9000 [pid 5075] <... openat resumed>) = 3 [pid 5074] <... close resumed>) = 0 [pid 5073] memfd_create("syzkaller", 0 [pid 5071] <... close resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5077 attached [pid 5075] write(3, "1000", 4 [pid 5073] <... memfd_create resumed>) = 3 [pid 5071] symlink("/dev/binderfs", "./binderfs" [pid 5077] set_robust_list(0x55555613b660, 24 [pid 5071] <... symlink resumed>) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5077 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] <... write resumed>) = 4 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5075] close(3 [pid 5074] <... symlink resumed>) = 0 [pid 5077] chdir("./0" [pid 5075] <... close resumed>) = 0 [pid 5073] <... mmap resumed>) = 0x7fefd70e9000 [pid 5071] memfd_create("syzkaller", 0 [pid 5074] memfd_create("syzkaller", 0 [pid 5077] <... chdir resumed>) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs" [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] <... symlink resumed>) = 0 [pid 5074] <... memfd_create resumed>) = 3 [pid 5071] <... memfd_create resumed>) = 3 [pid 5077] <... prctl resumed>) = 0 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5077] setpgid(0, 0 [pid 5075] memfd_create("syzkaller", 0 [pid 5074] <... mmap resumed>) = 0x7fefd70e9000 [pid 5071] <... mmap resumed>) = 0x7fefd70e9000 [pid 5077] <... setpgid resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5075] <... memfd_create resumed>) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5074] <... write resumed>) = 16777216 [pid 5071] <... write resumed>) = 16777216 [pid 5074] munmap(0x7fefd70e9000, 138412032 [pid 5071] munmap(0x7fefd70e9000, 138412032 [pid 5075] <... write resumed>) = 16777216 [pid 5074] <... munmap resumed>) = 0 [pid 5071] <... munmap resumed>) = 0 [pid 5075] munmap(0x7fefd70e9000, 138412032 [pid 5074] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5075] <... munmap resumed>) = 0 [pid 5074] <... openat resumed>) = 4 [pid 5072] <... write resumed>) = 16777216 [pid 5071] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5075] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5074] ioctl(4, LOOP_SET_FD, 3 [pid 5075] <... openat resumed>) = 4 [pid 5073] <... write resumed>) = 16777216 [pid 5075] ioctl(4, LOOP_SET_FD, 3 [pid 5077] <... write resumed>) = 16777216 [pid 5074] <... ioctl resumed>) = 0 [pid 5073] munmap(0x7fefd70e9000, 138412032 [pid 5072] munmap(0x7fefd70e9000, 138412032 [pid 5071] <... openat resumed>) = 4 [pid 5077] munmap(0x7fefd70e9000, 138412032 [pid 5075] <... ioctl resumed>) = 0 [pid 5074] close(3 [pid 5071] ioctl(4, LOOP_SET_FD, 3 [pid 5077] <... munmap resumed>) = 0 [pid 5075] close(3 [pid 5074] <... close resumed>) = 0 [pid 5073] <... munmap resumed>) = 0 [pid 5072] <... munmap resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5075] <... close resumed>) = 0 [pid 5074] mkdir("./bus", 0777 [pid 5073] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5071] <... ioctl resumed>) = 0 [pid 5077] <... openat resumed>) = 4 [pid 5075] mkdir("./bus", 0777 [pid 5074] <... mkdir resumed>) = 0 [pid 5073] <... openat resumed>) = 4 [pid 5072] <... openat resumed>) = 4 [pid 5071] close(3 [pid 5077] ioctl(4, LOOP_SET_FD, 3 [pid 5074] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5073] ioctl(4, LOOP_SET_FD, 3 [pid 5072] ioctl(4, LOOP_SET_FD, 3 [pid 5071] <... close resumed>) = 0 [pid 5075] <... mkdir resumed>) = 0 [ 55.272216][ T5074] loop2: detected capacity change from 0 to 32768 [ 55.280442][ T5075] loop4: detected capacity change from 0 to 32768 [ 55.293491][ T5071] loop1: detected capacity change from 0 to 32768 [ 55.304525][ T5077] loop5: detected capacity change from 0 to 32768 [ 55.307983][ T5072] loop0: detected capacity change from 0 to 32768 [pid 5077] <... ioctl resumed>) = 0 [pid 5075] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5077] close(3 [pid 5071] mkdir("./bus", 0777 [pid 5077] <... close resumed>) = 0 [pid 5077] mkdir("./bus", 0777 [pid 5072] <... ioctl resumed>) = 0 [pid 5077] <... mkdir resumed>) = 0 [pid 5071] <... mkdir resumed>) = 0 [pid 5077] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5072] close(3 [pid 5071] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5072] <... close resumed>) = 0 [pid 5072] mkdir("./bus", 0777 [pid 5073] <... ioctl resumed>) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5073] close(3) = 0 [pid 5072] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5073] mkdir("./bus", 0777) = 0 [ 55.311666][ T5074] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5074) [ 55.319174][ T5073] loop3: detected capacity change from 0 to 32768 [ 55.343484][ T5075] BTRFS: device /dev/loop4 using temp-fsid 4750e633-6454-48f0-a238-160e0ae364eb [ 55.354567][ T5075] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5075) [ 55.370613][ T5074] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 55.379926][ T5075] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 55.380133][ T5074] BTRFS info (device loop2): doing ref verification [ 55.389703][ T5077] BTRFS: device /dev/loop5 using temp-fsid edf50027-68ec-4610-933a-fe6a844572fe [ 55.395660][ T5074] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.405400][ T5077] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5077) [ 55.428257][ T5075] BTRFS info (device loop4): doing ref verification [ 55.429512][ T5074] BTRFS info (device loop2): force zlib compression, level 3 [ 55.435056][ T5075] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.450854][ T5074] BTRFS info (device loop2): allowing degraded mounts [ 55.454332][ T5071] BTRFS: device /dev/loop1 using temp-fsid 7223842d-e19c-4715-b4d8-c94faa2be59d [ 55.460000][ T5077] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 55.477989][ T5071] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5071) [ 55.479261][ T5077] BTRFS info (device loop5): doing ref verification [ 55.491320][ T5075] BTRFS info (device loop4): force zlib compression, level 3 [ 55.498559][ T5074] BTRFS info (device loop2): using free space tree [ 55.505775][ T5075] BTRFS info (device loop4): allowing degraded mounts [ 55.512642][ T5077] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.520613][ T5071] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 55.537718][ T5077] BTRFS info (device loop5): force zlib compression, level 3 [ 55.539490][ T5073] BTRFS: device /dev/loop3 using temp-fsid 6b1cf8ea-765f-42b4-b6e5-603ec08556d6 [ 55.550482][ T5077] BTRFS info (device loop5): allowing degraded mounts [ 55.554417][ T5075] BTRFS info (device loop4): using free space tree [ 55.565951][ T5077] BTRFS info (device loop5): using free space tree [ 55.568274][ T5071] BTRFS info (device loop1): doing ref verification [ 55.577595][ T5073] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5073) [ 55.594449][ T5071] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.605768][ T5071] BTRFS info (device loop1): force zlib compression, level 3 [ 55.613562][ T5071] BTRFS info (device loop1): allowing degraded mounts [ 55.622038][ T5071] BTRFS info (device loop1): using free space tree [ 55.624249][ T5072] BTRFS: device /dev/loop0 using temp-fsid 8c7b4721-ae9d-49de-9a5c-e44163503393 [ 55.633343][ T5073] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 55.639065][ T5072] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5072) [ 55.647708][ T5073] BTRFS info (device loop3): doing ref verification [ 55.665619][ T5073] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.676751][ T5073] BTRFS info (device loop3): force zlib compression, level 3 [ 55.684475][ T5073] BTRFS info (device loop3): allowing degraded mounts [ 55.691552][ T5073] BTRFS info (device loop3): using free space tree [ 55.698631][ T5072] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.707492][ T5072] BTRFS info (device loop0): doing ref verification [ 55.714225][ T5072] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.725024][ T5072] BTRFS info (device loop0): force zlib compression, level 3 [ 55.725605][ T5074] BTRFS info (device loop2): auto enabling async discard [ 55.733039][ T5072] BTRFS info (device loop0): allowing degraded mounts [ 55.746293][ T5072] BTRFS info (device loop0): using free space tree [ 55.761161][ T5077] BTRFS info (device loop5): auto enabling async discard [pid 5073] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5074] <... mount resumed>) = 0 [pid 5077] <... mount resumed>) = 0 [pid 5075] <... mount resumed>) = 0 [pid 5077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5075] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5077] chdir("./bus" [pid 5075] <... openat resumed>) = 3 [pid 5074] <... openat resumed>) = 3 [pid 5077] <... chdir resumed>) = 0 [pid 5075] chdir("./bus" [pid 5074] chdir("./bus" [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [ 55.778687][ T5075] BTRFS info (device loop4): auto enabling async discard [ 55.802521][ T5072] BTRFS info (device loop0): auto enabling async discard [pid 5077] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5075] <... chdir resumed>) = 0 [pid 5075] ioctl(4, LOOP_CLR_FD [pid 5074] <... chdir resumed>) = 0 [pid 5072] <... mount resumed>) = 0 [pid 5075] <... ioctl resumed>) = 0 [pid 5075] close(4) = 0 [pid 5075] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5074] ioctl(4, LOOP_CLR_FD [pid 5072] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5074] <... ioctl resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5072] chdir("./bus" [pid 5074] close(4 [pid 5075] <... openat resumed>) = 4 [pid 5077] <... openat resumed>) = 4 [pid 5074] <... close resumed>) = 0 [pid 5073] <... mount resumed>) = 0 [pid 5072] <... chdir resumed>) = 0 [pid 5074] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5072] ioctl(4, LOOP_CLR_FD [pid 5077] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5075] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5074] <... openat resumed>) = 4 [pid 5073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5072] <... ioctl resumed>) = 0 [pid 5077] <... write resumed>) = 65228 [pid 5075] <... write resumed>) = 65228 [pid 5073] <... openat resumed>) = 3 [pid 5072] close(4 [pid 5071] <... mount resumed>) = 0 [pid 5073] chdir("./bus" [pid 5072] <... close resumed>) = 0 [pid 5073] <... chdir resumed>) = 0 [pid 5072] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5074] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5072] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5071] <... openat resumed>) = 3 [pid 5075] exit_group(0 [pid 5074] <... write resumed>) = 65228 [pid 5073] ioctl(4, LOOP_CLR_FD [pid 5072] <... write resumed>) = 65228 [pid 5071] chdir("./bus" [pid 5077] exit_group(0 [pid 5075] <... exit_group resumed>) = ? [pid 5074] exit_group(0 [pid 5073] <... ioctl resumed>) = 0 [pid 5072] exit_group(0 [pid 5071] <... chdir resumed>) = 0 [ 55.825991][ T5071] BTRFS info (device loop1): auto enabling async discard [ 55.833147][ T5073] BTRFS info (device loop3): auto enabling async discard [pid 5077] <... exit_group resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5073] close(4 [pid 5071] ioctl(4, LOOP_CLR_FD [pid 5073] <... close resumed>) = 0 [pid 5071] <... ioctl resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5073] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5071] close(4) = 0 [pid 5069] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... exit_group resumed>) = ? [pid 5072] <... exit_group resumed>) = ? [pid 5071] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ [pid 5073] <... openat resumed>) = 4 [pid 5072] +++ exited with 0 +++ [pid 5071] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5069] newfstatat(3, "", [pid 5073] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] restart_syscall(<... resuming interrupted clone ...> [pid 5073] <... write resumed>) = 65228 [pid 5070] <... restart_syscall resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5073] exit_group(0 [pid 5069] getdents64(3, [pid 5065] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... exit_group resumed>) = ? [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] +++ exited with 0 +++ [pid 5071] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] <... openat resumed>) = 3 [pid 5067] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5070] newfstatat(3, "", [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 5067] newfstatat(3, "", [pid 5065] newfstatat(3, "", [pid 5071] <... write resumed>) = 65228 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, [pid 5067] getdents64(3, [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5068] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] getdents64(3, [pid 5070] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5068] <... openat resumed>) = 3 [pid 5065] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(3, "", [pid 5071] exit_group(0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5071] <... exit_group resumed>) = ? [pid 5068] getdents64(3, [pid 5071] +++ exited with 0 +++ [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5068] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5066] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5070] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./0/bus", [pid 5066] newfstatat(AT_FDCWD, "./0/bus", [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 5070] newfstatat(4, "", [pid 5068] <... umount2 resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5068] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5070] getdents64(4, [pid 5066] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5070] getdents64(4, [pid 5066] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5070] close(4 [pid 5066] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5066] rmdir("./0/bus" [pid 5070] rmdir("./0/bus" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./0/bus", [pid 5067] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./0/binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... unlink resumed>) = 0 [pid 5068] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./0/bus", [pid 5065] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5069] newfstatat(AT_FDCWD, "./0/bus", [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] getdents64(3, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./0/binderfs" [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... unlink resumed>) = 0 [pid 5070] close(3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(3, [pid 5070] rmdir("./0" [pid 5069] <... openat resumed>) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... rmdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5065] newfstatat(AT_FDCWD, "./0/bus", [pid 5069] newfstatat(4, "", [pid 5068] <... openat resumed>) = 4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] newfstatat(4, "", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] mkdir("./1", 0777 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5069] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5069] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] <... openat resumed>) = 3 [pid 5069] close(4 [pid 5070] ioctl(3, LOOP_CLR_FD [pid 5069] <... close resumed>) = 0 [pid 5070] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] close(3 [pid 5069] rmdir("./0/bus" [pid 5067] <... openat resumed>) = 4 [pid 5066] rmdir("./0" [pid 5065] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] getdents64(4, [pid 5070] <... close resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] mkdir("./1", 0777 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... mkdir resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5068] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] getdents64(4, [pid 5067] newfstatat(4, "", [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... openat resumed>) = 4 [pid 5068] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] close(4 [pid 5065] newfstatat(4, "", [pid 5067] getdents64(4, [pid 5068] <... close resumed>) = 0 ./strace-static-x86_64: Process 5184 attached [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5184 [pid 5069] unlink("./0/binderfs" [pid 5068] rmdir("./0/bus" [pid 5067] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5068] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5069] <... unlink resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5184] set_robust_list(0x55555613b660, 24 [pid 5069] getdents64(3, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] close(4 [pid 5065] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5184] chdir("./1" [pid 5069] close(3 [pid 5065] getdents64(4, [pid 5068] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5067] <... close resumed>) = 0 [pid 5184] <... chdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] rmdir("./0/bus" [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 5186 [pid 5065] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5069] rmdir("./0") = 0 [pid 5069] mkdir("./1", 0777 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... mkdir resumed>) = 0 [pid 5068] unlink("./0/binderfs" [pid 5067] <... rmdir resumed>) = 0 [pid 5065] close(4 [pid 5184] <... prctl resumed>) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5067] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5186 attached [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... openat resumed>) = 3 [pid 5068] getdents64(3, [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./0/bus" [pid 5186] set_robust_list(0x55555613b660, 24 [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5186] <... set_robust_list resumed>) = 0 [pid 5184] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] close(3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5184] write(3, "1000", 4 [pid 5069] <... ioctl resumed>) = 0 [pid 5184] <... write resumed>) = 4 [pid 5069] close(3 [pid 5068] <... close resumed>) = 0 [pid 5067] unlink("./0/binderfs" [pid 5065] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5186] chdir("./1" [pid 5184] close(3 [pid 5069] <... close resumed>) = 0 [pid 5186] <... chdir resumed>) = 0 [pid 5184] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] rmdir("./0" [pid 5067] <... unlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5186] <... prctl resumed>) = 0 [pid 5067] getdents64(3, [pid 5186] setpgid(0, 0 [pid 5184] memfd_create("syzkaller", 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5187 attached [pid 5186] <... setpgid resumed>) = 0 [pid 5184] <... memfd_create resumed>) = 3 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 5187 [pid 5067] close(3 [pid 5065] unlink("./0/binderfs" [pid 5187] set_robust_list(0x55555613b660, 24 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... unlink resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5184] <... mmap resumed>) = 0x7fefd70e9000 [pid 5067] rmdir("./0" [pid 5065] getdents64(3, [pid 5187] chdir("./1" [pid 5186] <... openat resumed>) = 3 [pid 5068] mkdir("./1", 0777 [pid 5067] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] mkdir("./1", 0777 [pid 5065] close(3 [pid 5187] <... chdir resumed>) = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... close resumed>) = 0 [pid 5187] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5067] <... mkdir resumed>) = 0 [pid 5065] rmdir("./0" [pid 5187] write(3, "1000", 4 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5187] <... write resumed>) = 4 [pid 5068] <... openat resumed>) = 3 [pid 5187] close(3) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] <... openat resumed>) = 3 [pid 5065] mkdir("./1", 0777 [pid 5187] memfd_create("syzkaller", 0 [pid 5186] write(3, "1000", 4 [pid 5065] <... mkdir resumed>) = 0 [pid 5186] <... write resumed>) = 4 [pid 5068] <... ioctl resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5187] <... memfd_create resumed>) = 3 [pid 5186] close(3 [pid 5068] close(3 [pid 5067] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5186] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5187] <... mmap resumed>) = 0x7fefd70e9000 [pid 5065] <... ioctl resumed>) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs" [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] close(3 [pid 5186] <... symlink resumed>) = 0 [pid 5065] <... close resumed>) = 0 ./strace-static-x86_64: Process 5188 attached [pid 5186] memfd_create("syzkaller", 0 [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 5189 [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 5188 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached ./strace-static-x86_64: Process 5189 attached [pid 5188] set_robust_list(0x55555613b660, 24 [pid 5186] <... memfd_create resumed>) = 3 [pid 5189] set_robust_list(0x55555613b660, 24 [pid 5065] <... clone resumed>, child_tidptr=0x55555613b650) = 5190 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5189] <... set_robust_list resumed>) = 0 [pid 5186] <... mmap resumed>) = 0x7fefd70e9000 [pid 5188] <... set_robust_list resumed>) = 0 [pid 5190] set_robust_list(0x55555613b660, 24 [pid 5189] chdir("./1") = 0 [pid 5190] <... set_robust_list resumed>) = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5190] chdir("./1" [pid 5189] <... prctl resumed>) = 0 [pid 5188] chdir("./1" [pid 5189] setpgid(0, 0 [pid 5190] <... chdir resumed>) = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5189] <... setpgid resumed>) = 0 [pid 5190] <... prctl resumed>) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] setpgid(0, 0 [pid 5189] write(3, "1000", 4 [pid 5188] <... chdir resumed>) = 0 [pid 5189] <... write resumed>) = 4 [pid 5189] close(3 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5189] <... close resumed>) = 0 [pid 5188] <... prctl resumed>) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs" [pid 5188] setpgid(0, 0 [pid 5190] <... setpgid resumed>) = 0 [pid 5189] <... symlink resumed>) = 0 [pid 5188] <... setpgid resumed>) = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5188] <... openat resumed>) = 3 [pid 5190] <... openat resumed>) = 3 [pid 5188] write(3, "1000", 4 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5188] <... write resumed>) = 4 [pid 5190] symlink("/dev/binderfs", "./binderfs" [pid 5188] close(3 [pid 5190] <... symlink resumed>) = 0 [pid 5188] <... close resumed>) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs" [pid 5190] memfd_create("syzkaller", 0 [pid 5188] <... symlink resumed>) = 0 [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5190] <... memfd_create resumed>) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5184] <... write resumed>) = 16777216 [pid 5184] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5187] <... write resumed>) = 16777216 [pid 5184] <... openat resumed>) = 4 [pid 5187] munmap(0x7fefd70e9000, 138412032 [pid 5184] ioctl(4, LOOP_SET_FD, 3 [pid 5187] <... munmap resumed>) = 0 [pid 5186] <... write resumed>) = 16777216 [pid 5186] munmap(0x7fefd70e9000, 138412032 [pid 5187] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5184] <... ioctl resumed>) = 0 [pid 5187] <... openat resumed>) = 4 [pid 5184] close(3 [pid 5187] ioctl(4, LOOP_SET_FD, 3 [pid 5184] <... close resumed>) = 0 [pid 5186] <... munmap resumed>) = 0 [pid 5184] mkdir("./bus", 0777 [pid 5186] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5184] <... mkdir resumed>) = 0 [ 57.641589][ T5184] loop5: detected capacity change from 0 to 32768 [ 57.665979][ T5187] loop4: detected capacity change from 0 to 32768 [pid 5184] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5186] <... openat resumed>) = 4 [pid 5187] <... ioctl resumed>) = 0 [pid 5186] ioctl(4, LOOP_SET_FD, 3 [pid 5189] <... write resumed>) = 16777216 [pid 5189] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5187] close(3 [pid 5186] <... ioctl resumed>) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3 [pid 5190] <... write resumed>) = 16777216 [pid 5187] <... close resumed>) = 0 [pid 5186] close(3 [pid 5190] munmap(0x7fefd70e9000, 138412032 [pid 5187] mkdir("./bus", 0777 [pid 5186] <... close resumed>) = 0 [pid 5189] <... ioctl resumed>) = 0 [pid 5189] close(3) = 0 [ 57.681027][ T5184] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5184) [ 57.703434][ T5186] loop1: detected capacity change from 0 to 32768 [ 57.720319][ T5189] loop3: detected capacity change from 0 to 32768 [ 57.733548][ T5184] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [pid 5189] mkdir("./bus", 0777) = 0 [pid 5190] <... munmap resumed>) = 0 [pid 5188] <... write resumed>) = 16777216 [pid 5187] <... mkdir resumed>) = 0 [pid 5186] mkdir("./bus", 0777 [pid 5189] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5188] munmap(0x7fefd70e9000, 138412032 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5187] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5186] <... mkdir resumed>) = 0 [pid 5190] <... openat resumed>) = 4 [pid 5186] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5190] ioctl(4, LOOP_SET_FD, 3 [pid 5188] <... munmap resumed>) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 57.748894][ T5184] BTRFS info (device loop5): doing ref verification [ 57.758320][ T5184] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.761757][ T5190] loop0: detected capacity change from 0 to 32768 [ 57.775748][ T5186] BTRFS: device /dev/loop1 using temp-fsid f5f33d6e-4241-4199-baac-bba2c44c5024 [ 57.784845][ T5184] BTRFS info (device loop5): force zlib compression, level 3 [ 57.784875][ T5184] BTRFS info (device loop5): allowing degraded mounts [pid 5188] ioctl(4, LOOP_SET_FD, 3 [pid 5190] <... ioctl resumed>) = 0 [pid 5188] <... ioctl resumed>) = 0 [pid 5190] close(3 [pid 5188] close(3 [pid 5190] <... close resumed>) = 0 [pid 5188] <... close resumed>) = 0 [pid 5190] mkdir("./bus", 0777 [pid 5188] mkdir("./bus", 0777 [pid 5190] <... mkdir resumed>) = 0 [pid 5188] <... mkdir resumed>) = 0 [pid 5190] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 57.784889][ T5184] BTRFS info (device loop5): using free space tree [ 57.787795][ T5188] loop2: detected capacity change from 0 to 32768 [ 57.795223][ T5186] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5186) [ 57.831035][ T5187] BTRFS: device /dev/loop4 using temp-fsid d4ca3832-326e-4033-a82a-c4a1054d422f [ 57.840560][ T5187] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5187) [ 57.857024][ T5186] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 57.861217][ T5189] BTRFS: device /dev/loop3 using temp-fsid 643fda45-9c78-454a-a889-2b6e1bc948cf [ 57.868711][ T5186] BTRFS info (device loop1): doing ref verification [ 57.877140][ T5189] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5189) [ 57.882268][ T5186] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.894302][ T5187] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 57.913979][ T5186] BTRFS info (device loop1): force zlib compression, level 3 [ 57.916234][ T5187] BTRFS info (device loop4): doing ref verification [ 57.923944][ T5186] BTRFS info (device loop1): allowing degraded mounts [ 57.928677][ T5190] BTRFS: device /dev/loop0 using temp-fsid 016e3ed5-4907-4479-a2ea-5a18f86e6b54 [ 57.935072][ T5186] BTRFS info (device loop1): using free space tree [ 57.944452][ T5189] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 57.950773][ T5187] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.959470][ T5189] BTRFS info (device loop3): doing ref verification [ 57.970487][ T5187] BTRFS info (device loop4): force zlib compression, level 3 [ 57.977168][ T5190] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5190) [ 57.984376][ T5189] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.998431][ T5188] BTRFS: device /dev/loop2 using temp-fsid cbe0f5c1-622b-4917-813a-c571a51a2ca9 [ 58.007721][ T5189] BTRFS info (device loop3): force zlib compression, level 3 [ 58.016255][ T5188] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5188) [ 58.036275][ T5187] BTRFS info (device loop4): allowing degraded mounts [ 58.036291][ T5187] BTRFS info (device loop4): using free space tree [ 58.050002][ T5189] BTRFS info (device loop3): allowing degraded mounts [ 58.056887][ T5190] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.056920][ T5189] BTRFS info (device loop3): using free space tree [ 58.066218][ T5190] BTRFS info (device loop0): doing ref verification [ 58.081651][ T5190] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5188] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5184] <... mount resumed>) = 0 [pid 5184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./bus") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [ 58.082153][ T5188] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 58.092591][ T5190] BTRFS info (device loop0): force zlib compression, level 3 [ 58.102733][ T5184] BTRFS info (device loop5): auto enabling async discard [ 58.109328][ T5190] BTRFS info (device loop0): allowing degraded mounts [ 58.118856][ T5188] BTRFS info (device loop2): doing ref verification [ 58.124895][ T5190] BTRFS info (device loop0): using free space tree [pid 5184] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5184] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5184] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [pid 5070] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5186] <... mount resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5186] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5070] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5186] <... openat resumed>) = 3 [pid 5070] <... openat resumed>) = 3 [pid 5070] newfstatat(3, "", [pid 5186] chdir("./bus" [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5186] <... chdir resumed>) = 0 [pid 5070] getdents64(3, [pid 5186] ioctl(4, LOOP_CLR_FD [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5186] <... ioctl resumed>) = 0 [pid 5070] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5186] close(4) = 0 [ 58.141380][ T5188] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 58.161593][ T5188] BTRFS info (device loop2): force zlib compression, level 3 [ 58.170080][ T5188] BTRFS info (device loop2): allowing degraded mounts [ 58.172493][ T5186] BTRFS info (device loop1): auto enabling async discard [ 58.177312][ T5188] BTRFS info (device loop2): using free space tree [pid 5186] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5186] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5186] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5189] <... mount resumed>) = 0 [pid 5070] newfstatat(AT_FDCWD, "./1/bus", [pid 5189] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5189] <... openat resumed>) = 3 [pid 5070] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5190] <... mount resumed>) = 0 [pid 5189] chdir("./bus" [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5070] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5190] <... openat resumed>) = 3 [pid 5189] <... chdir resumed>) = 0 [pid 5070] <... openat resumed>) = 4 [ 58.282572][ T5187] BTRFS info (device loop4): auto enabling async discard [ 58.290925][ T5189] BTRFS info (device loop3): auto enabling async discard [ 58.309148][ T5190] BTRFS info (device loop0): auto enabling async discard [pid 5190] chdir("./bus" [pid 5189] ioctl(4, LOOP_CLR_FD [pid 5190] <... chdir resumed>) = 0 [pid 5189] <... ioctl resumed>) = 0 [pid 5190] ioctl(4, LOOP_CLR_FD [pid 5189] close(4 [pid 5190] <... ioctl resumed>) = 0 [pid 5189] <... close resumed>) = 0 [pid 5070] newfstatat(4, "", [pid 5190] close(4 [pid 5189] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5190] <... close resumed>) = 0 [pid 5190] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, [pid 5190] <... openat resumed>) = 4 [pid 5070] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5190] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5189] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] getdents64(4, [pid 5190] exit_group(0 [pid 5070] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./1/bus" [pid 5190] <... exit_group resumed>) = ? [pid 5189] <... write resumed>) = 65228 [pid 5070] <... rmdir resumed>) = 0 [pid 5070] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5190] +++ exited with 0 +++ [pid 5189] exit_group(0 [pid 5070] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5189] <... exit_group resumed>) = ? [pid 5189] +++ exited with 0 +++ [pid 5187] <... mount resumed>) = 0 [pid 5070] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5070] unlink("./1/binderfs" [pid 5187] <... openat resumed>) = 3 [pid 5070] <... unlink resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 5187] chdir("./bus" [pid 5070] getdents64(3, [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5065] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5187] <... chdir resumed>) = 0 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] <... restart_syscall resumed>) = 0 [pid 5187] ioctl(4, LOOP_CLR_FD [pid 5070] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5187] <... ioctl resumed>) = 0 [pid 5187] close(4 [pid 5070] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5187] <... close resumed>) = 0 [pid 5070] rmdir("./1" [pid 5068] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5187] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] <... rmdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 5070] mkdir("./2", 0777 [pid 5068] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(3, "", [pid 5187] <... openat resumed>) = 4 [pid 5070] <... mkdir resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5068] getdents64(3, [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5065] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] <... openat resumed>) = 3 [pid 5068] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5187] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] close(3 [pid 5187] <... write resumed>) = 65228 [ 58.399292][ T5188] BTRFS info (device loop2): auto enabling async discard [pid 5070] <... close resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5188] <... mount resumed>) = 0 [pid 5188] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5283 attached [pid 5283] set_robust_list(0x55555613b660, 24 [pid 5188] <... openat resumed>) = 3 [pid 5187] exit_group(0 [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5283 [pid 5283] <... set_robust_list resumed>) = 0 [pid 5283] chdir("./2") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] chdir("./bus" [pid 5283] setpgid(0, 0 [pid 5188] <... chdir resumed>) = 0 [pid 5283] <... setpgid resumed>) = 0 [pid 5188] ioctl(4, LOOP_CLR_FD [pid 5187] <... exit_group resumed>) = ? [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5188] <... ioctl resumed>) = 0 [pid 5187] +++ exited with 0 +++ [pid 5188] close(4 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5188] <... close resumed>) = 0 [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5283] <... openat resumed>) = 3 [pid 5188] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5069] <... restart_syscall resumed>) = 0 [pid 5069] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5188] <... openat resumed>) = 4 [pid 5283] write(3, "1000", 4 [pid 5188] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5283] <... write resumed>) = 4 [pid 5283] close(3 [pid 5188] <... write resumed>) = 65228 [pid 5283] <... close resumed>) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs" [pid 5188] exit_group(0 [pid 5283] <... symlink resumed>) = 0 [pid 5188] <... exit_group resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5283] memfd_create("syzkaller", 0) = 3 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- [pid 5283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./1/bus") = 0 [pid 5066] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./1/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./1") = 0 [pid 5066] mkdir("./2", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... umount2 resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 5286 [pid 5065] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5286 attached ) = 4 [pid 5286] set_robust_list(0x55555613b660, 24 [pid 5065] newfstatat(4, "", [pid 5286] <... set_robust_list resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5286] chdir("./2" [pid 5065] getdents64(4, [pid 5286] <... chdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] getdents64(4, [pid 5286] setpgid(0, 0 [pid 5065] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5286] <... setpgid resumed>) = 0 [pid 5065] close(4 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... close resumed>) = 0 [pid 5286] <... openat resumed>) = 3 [pid 5065] rmdir("./1/bus" [pid 5286] write(3, "1000", 4 [pid 5065] <... rmdir resumed>) = 0 [pid 5286] <... write resumed>) = 4 [pid 5065] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5286] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5286] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5286] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5286] <... symlink resumed>) = 0 [pid 5065] unlink("./1/binderfs") = 0 [pid 5065] getdents64(3, [pid 5286] memfd_create("syzkaller", 0 [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5286] <... memfd_create resumed>) = 3 [pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5065] close(3) = 0 [pid 5065] rmdir("./1") = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] mkdir("./2", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3 [pid 5068] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./1/bus", ./strace-static-x86_64: Process 5287 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x55555613b650) = 5287 [pid 5068] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5287] set_robust_list(0x55555613b660, 24 [pid 5068] <... openat resumed>) = 4 [pid 5287] <... set_robust_list resumed>) = 0 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] getdents64(4, [pid 5287] chdir("./2") = 0 [pid 5068] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(4, [pid 5287] <... prctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5068] close(4 [pid 5069] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... close resumed>) = 0 [pid 5069] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5287] setpgid(0, 0 [pid 5068] rmdir("./1/bus" [pid 5287] <... setpgid resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... openat resumed>) = 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./1/bus", [pid 5069] newfstatat(4, "", [pid 5068] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] getdents64(4, [pid 5068] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5287] <... openat resumed>) = 3 [pid 5069] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] unlink("./1/binderfs" [pid 5067] newfstatat(4, "", [pid 5069] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] close(4) = 0 [pid 5283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] rmdir("./1/bus") = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5067] getdents64(4, [pid 5069] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, [pid 5067] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5287] write(3, "1000", 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(4, [pid 5287] <... write resumed>) = 4 [pid 5069] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5068] close(3 [pid 5067] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5287] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5287] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] close(4 [pid 5069] unlink("./1/binderfs" [pid 5287] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... unlink resumed>) = 0 [pid 5068] rmdir("./1" [pid 5067] <... close resumed>) = 0 [pid 5287] <... symlink resumed>) = 0 [pid 5069] getdents64(3, [pid 5068] <... rmdir resumed>) = 0 [pid 5067] rmdir("./1/bus" [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] mkdir("./2", 0777 [pid 5069] close(3 [pid 5068] <... mkdir resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5287] memfd_create("syzkaller", 0 [pid 5069] <... close resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5067] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5069] rmdir("./1" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... ioctl resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5287] <... memfd_create resumed>) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5068] close(3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./1/binderfs" [pid 5069] mkdir("./2", 0777 [pid 5068] <... close resumed>) = 0 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... unlink resumed>) = 0 [pid 5287] <... mmap resumed>) = 0x7fefd70e9000 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] getdents64(3, ./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x55555613b660, 24 [pid 5069] <... openat resumed>) = 3 [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 5290 [pid 5067] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 5290] <... set_robust_list resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./1" [pid 5069] <... ioctl resumed>) = 0 [pid 5290] chdir("./2" [pid 5069] close(3 [pid 5067] <... rmdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] mkdir("./2", 0777./strace-static-x86_64: Process 5291 attached [pid 5290] <... chdir resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5291] set_robust_list(0x55555613b660, 24) = 0 [pid 5290] <... prctl resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 5291 [pid 5067] <... openat resumed>) = 3 [pid 5291] chdir("./2" [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5290] setpgid(0, 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3 [pid 5290] <... setpgid resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5291] <... chdir resumed>) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5292 attached [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5290] <... openat resumed>) = 3 [pid 5291] <... prctl resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 5292 [pid 5292] set_robust_list(0x55555613b660, 24 [pid 5290] write(3, "1000", 4 [pid 5292] <... set_robust_list resumed>) = 0 [pid 5291] setpgid(0, 0 [pid 5290] <... write resumed>) = 4 [pid 5292] chdir("./2" [pid 5291] <... setpgid resumed>) = 0 [pid 5290] close(3) = 0 [pid 5292] <... chdir resumed>) = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5290] symlink("/dev/binderfs", "./binderfs" [pid 5292] setpgid(0, 0 [pid 5291] <... openat resumed>) = 3 [pid 5290] <... symlink resumed>) = 0 [pid 5292] <... setpgid resumed>) = 0 [pid 5291] write(3, "1000", 4 [pid 5290] memfd_create("syzkaller", 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5291] <... write resumed>) = 4 [pid 5290] <... memfd_create resumed>) = 3 [pid 5286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5291] close(3 [pid 5292] <... openat resumed>) = 3 [pid 5291] <... close resumed>) = 0 [pid 5292] write(3, "1000", 4 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] <... write resumed>) = 4 [pid 5291] memfd_create("syzkaller", 0 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5292] close(3 [pid 5291] <... memfd_create resumed>) = 3 [pid 5290] <... mmap resumed>) = 0x7fefd70e9000 [pid 5292] <... close resumed>) = 0 [pid 5291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5292] symlink("/dev/binderfs", "./binderfs" [pid 5291] <... mmap resumed>) = 0x7fefd70e9000 [pid 5292] <... symlink resumed>) = 0 [pid 5292] memfd_create("syzkaller", 0) = 3 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5283] <... write resumed>) = 16777216 [pid 5283] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5283] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5283] ioctl(4, LOOP_SET_FD, 3 [pid 5286] <... write resumed>) = 16777216 [pid 5283] <... ioctl resumed>) = 0 [pid 5286] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5283] close(3) = 0 [ 59.839764][ T5283] loop5: detected capacity change from 0 to 32768 [pid 5283] mkdir("./bus", 0777 [pid 5286] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5283] <... mkdir resumed>) = 0 [pid 5286] <... openat resumed>) = 4 [pid 5286] ioctl(4, LOOP_SET_FD, 3 [pid 5283] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5286] <... ioctl resumed>) = 0 [pid 5286] close(3) = 0 [pid 5286] mkdir("./bus", 0777) = 0 [ 59.909846][ T5286] loop1: detected capacity change from 0 to 32768 [ 59.935711][ T5283] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5283) [ 59.990214][ T5286] BTRFS: device /dev/loop1 using temp-fsid 653bbe55-6d71-42e3-8719-04294b4d81d6 [ 60.001310][ T5283] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 60.020098][ T5283] BTRFS info (device loop5): doing ref verification [pid 5286] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5287] <... write resumed>) = 16777216 [pid 5287] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 60.032663][ T5286] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5286) [ 60.037670][ T5283] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] mkdir("./bus", 0777) = 0 [ 60.105949][ T5287] loop0: detected capacity change from 0 to 32768 [ 60.126247][ T5286] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 60.138617][ T5283] BTRFS info (device loop5): force zlib compression, level 3 [ 60.162031][ T5286] BTRFS info (device loop1): doing ref verification [ 60.170659][ T5283] BTRFS info (device loop5): allowing degraded mounts [ 60.170880][ T5287] BTRFS: device /dev/loop0 using temp-fsid f27eb670-b8a5-4977-9b06-39a2c6811fb4 [ 60.182919][ T5286] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5287] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5292] <... write resumed>) = 16777216 [pid 5292] munmap(0x7fefd70e9000, 138412032 [pid 5291] <... write resumed>) = 16777216 [pid 5292] <... munmap resumed>) = 0 [ 60.208073][ T5283] BTRFS info (device loop5): using free space tree [ 60.218207][ T5287] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5287) [ 60.220412][ T5286] BTRFS info (device loop1): force zlib compression, level 3 [pid 5291] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5290] <... write resumed>) = 16777216 [pid 5292] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5290] munmap(0x7fefd70e9000, 138412032 [pid 5292] <... openat resumed>) = 4 [pid 5291] <... openat resumed>) = 4 [ 60.254847][ T5287] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 60.259680][ T5286] BTRFS info (device loop1): allowing degraded mounts [ 60.267002][ T5287] BTRFS info (device loop0): doing ref verification [ 60.276022][ T5286] BTRFS info (device loop1): using free space tree [ 60.278254][ T5287] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.294604][ T5287] BTRFS info (device loop0): force zlib compression, level 3 [ 60.295371][ T5290] loop3: detected capacity change from 0 to 32768 [pid 5290] <... munmap resumed>) = 0 [pid 5292] ioctl(4, LOOP_SET_FD, 3 [pid 5291] ioctl(4, LOOP_SET_FD, 3 [pid 5290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3 [pid 5292] <... ioctl resumed>) = 0 [pid 5290] <... ioctl resumed>) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./bus", 0777 [pid 5292] close(3) = 0 [pid 5292] mkdir("./bus", 0777) = 0 [pid 5292] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5290] <... mkdir resumed>) = 0 [pid 5290] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5291] <... ioctl resumed>) = 0 [ 60.302182][ T5287] BTRFS info (device loop0): allowing degraded mounts [ 60.311578][ T5292] loop2: detected capacity change from 0 to 32768 [ 60.315333][ T5287] BTRFS info (device loop0): using free space tree [ 60.316446][ T5291] loop4: detected capacity change from 0 to 32768 [ 60.342933][ T5292] BTRFS: device /dev/loop2 using temp-fsid 970687ea-444b-4f94-83c2-34ac282154bc [ 60.346700][ T5286] BTRFS info (device loop1): auto enabling async discard [pid 5291] close(3) = 0 [pid 5291] mkdir("./bus", 0777) = 0 [pid 5291] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5286] <... mount resumed>) = 0 [pid 5286] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5286] chdir("./bus") = 0 [pid 5286] ioctl(4, LOOP_CLR_FD) = 0 [ 60.352548][ T5292] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5292) [ 60.376268][ T5290] BTRFS: device /dev/loop3 using temp-fsid 468b2674-54ee-4ec9-99bd-6ed9cd39798c [ 60.385521][ T5290] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5290) [ 60.402109][ T5291] BTRFS: device /dev/loop4 using temp-fsid da068968-8ce4-4a38-a51a-3b58c3b275a3 [pid 5286] close(4) = 0 [pid 5286] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 60.412070][ T5291] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5291) [ 60.417269][ T5290] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 60.429609][ T5292] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 60.437379][ T5290] BTRFS info (device loop3): doing ref verification [ 60.445999][ T5292] BTRFS info (device loop2): doing ref verification [pid 5286] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5286] exit_group(0) = ? [pid 5286] +++ exited with 0 +++ [ 60.453726][ T5290] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.469314][ T5291] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 60.480487][ T5291] BTRFS info (device loop4): doing ref verification [ 60.494884][ T5287] BTRFS info (device loop0): auto enabling async discard [ 60.498161][ T5283] BTRFS info (device loop5): auto enabling async discard [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5066] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 60.503159][ T5291] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.518786][ T5290] BTRFS info (device loop3): force zlib compression, level 3 [ 60.520948][ T5292] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.527204][ T5290] BTRFS info (device loop3): allowing degraded mounts [ 60.538720][ T5291] BTRFS info (device loop4): force zlib compression, level 3 [ 60.555904][ T5292] BTRFS info (device loop2): force zlib compression, level 3 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5287] <... mount resumed>) = 0 [pid 5287] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5287] <... openat resumed>) = 3 [pid 5287] chdir("./bus") = 0 [pid 5283] <... mount resumed>) = 0 [pid 5287] ioctl(4, LOOP_CLR_FD [pid 5283] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5287] <... ioctl resumed>) = 0 [pid 5287] close(4 [pid 5283] <... openat resumed>) = 3 [pid 5283] chdir("./bus") = 0 [pid 5283] ioctl(4, LOOP_CLR_FD [pid 5287] <... close resumed>) = 0 [pid 5283] <... ioctl resumed>) = 0 [pid 5287] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5283] close(4) = 0 [ 60.563877][ T5290] BTRFS info (device loop3): using free space tree [ 60.565251][ T5292] BTRFS info (device loop2): allowing degraded mounts [pid 5287] <... openat resumed>) = 4 [pid 5283] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5287] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5287] exit_group(0) = ? [pid 5283] <... openat resumed>) = 4 [pid 5287] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5283] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 60.619191][ T5292] BTRFS info (device loop2): using free space tree [ 60.627039][ T5291] BTRFS info (device loop4): allowing degraded mounts [pid 5065] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5283] <... write resumed>) = 65228 [pid 5283] exit_group(0) = ? [pid 5283] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5070] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 60.665698][ T5291] BTRFS info (device loop4): using free space tree [pid 5070] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./2/bus", [pid 5292] <... mount resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5292] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5292] chdir("./bus") = 0 [pid 5292] ioctl(4, LOOP_CLR_FD [pid 5066] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5292] <... ioctl resumed>) = 0 [pid 5292] close(4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5292] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5292] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5066] <... openat resumed>) = 4 [ 60.743181][ T5292] BTRFS info (device loop2): auto enabling async discard [ 60.782281][ T5290] BTRFS info (device loop3): auto enabling async discard [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5292] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5066] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5292] <... write resumed>) = 65228 [pid 5066] close(4) = 0 [pid 5066] rmdir("./2/bus" [pid 5292] exit_group(0) = ? [pid 5066] <... rmdir resumed>) = 0 [pid 5066] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5292] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] unlink("./2/binderfs" [pid 5067] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] getdents64(3, [pid 5067] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5066] close(3 [pid 5065] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./2") = 0 [pid 5065] newfstatat(AT_FDCWD, "./2/bus", [pid 5066] mkdir("./3", 0777) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5065] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] close(3 [pid 5065] <... openat resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5386 attached [pid 5065] getdents64(4, [pid 5386] set_robust_list(0x55555613b660, 24 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 5386 [pid 5065] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5386] <... set_robust_list resumed>) = 0 [pid 5386] chdir("./3" [pid 5290] <... mount resumed>) = 0 [pid 5065] getdents64(4, [pid 5386] <... chdir resumed>) = 0 [ 60.857714][ T5291] BTRFS info (device loop4): auto enabling async discard [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5290] <... openat resumed>) = 3 [pid 5065] close(4 [pid 5290] chdir("./bus" [pid 5065] <... close resumed>) = 0 [pid 5386] setpgid(0, 0 [pid 5290] <... chdir resumed>) = 0 [pid 5065] rmdir("./2/bus" [pid 5386] <... setpgid resumed>) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5290] ioctl(4, LOOP_CLR_FD [pid 5065] <... rmdir resumed>) = 0 [pid 5290] <... ioctl resumed>) = 0 [pid 5065] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5386] <... openat resumed>) = 3 [pid 5290] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5290] <... close resumed>) = 0 [pid 5386] write(3, "1000", 4 [pid 5290] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5065] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5386] <... write resumed>) = 4 [pid 5290] <... openat resumed>) = 4 [pid 5386] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5386] <... close resumed>) = 0 [pid 5065] unlink("./2/binderfs" [pid 5386] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... unlink resumed>) = 0 [pid 5386] <... symlink resumed>) = 0 [pid 5290] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5386] memfd_create("syzkaller", 0) = 3 [pid 5065] getdents64(3, [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5290] <... write resumed>) = 65228 [pid 5065] rmdir("./2") = 0 [pid 5065] mkdir("./3", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5290] exit_group(0) = ? [pid 5065] <... clone resumed>, child_tidptr=0x55555613b650) = 5387 [pid 5290] +++ exited with 0 +++ ./strace-static-x86_64: Process 5387 attached [pid 5387] set_robust_list(0x55555613b660, 24 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- [pid 5387] <... set_robust_list resumed>) = 0 [pid 5068] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5387] chdir("./3" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5387] <... chdir resumed>) = 0 [pid 5387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5387] setpgid(0, 0 [pid 5068] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5387] <... setpgid resumed>) = 0 [pid 5387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... openat resumed>) = 3 [pid 5387] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 5387] write(3, "1000", 4) = 4 [pid 5387] close(3) = 0 [pid 5387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5387] memfd_create("syzkaller", 0) = 3 [pid 5387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5291] <... mount resumed>) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5291] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5070] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, [pid 5291] <... openat resumed>) = 3 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5291] chdir("./bus" [pid 5070] newfstatat(AT_FDCWD, "./2/bus", [pid 5291] <... chdir resumed>) = 0 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5291] ioctl(4, LOOP_CLR_FD [pid 5070] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5291] <... ioctl resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5291] close(4) = 0 [pid 5070] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5291] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] <... openat resumed>) = 4 [pid 5291] <... openat resumed>) = 4 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4 [pid 5291] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] <... close resumed>) = 0 [pid 5291] <... write resumed>) = 65228 [pid 5070] rmdir("./2/bus") = 0 [pid 5070] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./2/binderfs") = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5291] exit_group(0 [pid 5070] rmdir("./2" [pid 5291] <... exit_group resumed>) = ? [pid 5070] <... rmdir resumed>) = 0 [pid 5291] +++ exited with 0 +++ [pid 5070] mkdir("./3", 0777) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5070] close(3) = 0 [pid 5069] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5389 attached [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5389 [pid 5389] set_robust_list(0x55555613b660, 24) = 0 [pid 5389] chdir("./3") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] memfd_create("syzkaller", 0) = 3 [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./2/bus") = 0 [pid 5067] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./2/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./2") = 0 [pid 5067] mkdir("./3", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5392 attached [pid 5387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5392] set_robust_list(0x55555613b660, 24 [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 5392 [pid 5392] <... set_robust_list resumed>) = 0 [pid 5068] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5392] chdir("./3" [pid 5068] newfstatat(AT_FDCWD, "./2/bus", [pid 5392] <... chdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5392] <... prctl resumed>) = 0 [pid 5069] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5392] setpgid(0, 0 [pid 5068] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5392] <... setpgid resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 4 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] newfstatat(AT_FDCWD, "./2/bus", [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] getdents64(4, [pid 5392] <... openat resumed>) = 3 [pid 5069] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5392] write(3, "1000", 4 [pid 5068] getdents64(4, [pid 5392] <... write resumed>) = 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5392] close(3 [pid 5069] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] rmdir("./2/bus" [pid 5069] <... openat resumed>) = 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5392] <... close resumed>) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] newfstatat(4, "", [pid 5068] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5392] memfd_create("syzkaller", 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5392] <... memfd_create resumed>) = 3 [pid 5069] getdents64(4, [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] unlink("./2/binderfs" [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] getdents64(4, [pid 5392] <... mmap resumed>) = 0x7fefd70e9000 [pid 5069] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5069] close(4 [pid 5068] getdents64(3, [pid 5069] <... close resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] rmdir("./2/bus" [pid 5068] close(3 [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./2" [pid 5069] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... rmdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] mkdir("./3", 0777 [pid 5069] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5068] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5069] unlink("./2/binderfs" [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5069] <... unlink resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, [pid 5068] close(3) = 0 [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./2") = 0 [pid 5069] mkdir("./3", 0777) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 5393 ./strace-static-x86_64: Process 5393 attached [pid 5393] set_robust_list(0x55555613b660, 24) = 0 [pid 5393] chdir("./3") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5393] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5393] memfd_create("syzkaller", 0) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 ./strace-static-x86_64: Process 5394 attached [pid 5394] set_robust_list(0x55555613b660, 24) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 5394 [pid 5394] chdir("./3") = 0 [pid 5394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5394] setpgid(0, 0) = 0 [pid 5394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5394] write(3, "1000", 4) = 4 [pid 5394] close(3) = 0 [pid 5394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5394] memfd_create("syzkaller", 0) = 3 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5386] <... write resumed>) = 16777216 [pid 5386] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5386] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [ 62.129122][ T5386] loop1: detected capacity change from 0 to 32768 [pid 5386] mkdir("./bus", 0777) = 0 [ 62.203779][ T5386] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5386) [pid 5386] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 62.279659][ T5386] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 62.312528][ T5386] BTRFS info (device loop1): doing ref verification [pid 5393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5387] <... write resumed>) = 16777216 [pid 5394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5387] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5387] ioctl(4, LOOP_SET_FD, 3) = 0 [ 62.341399][ T5386] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 62.356911][ T5387] loop0: detected capacity change from 0 to 32768 [pid 5387] close(3) = 0 [pid 5387] mkdir("./bus", 0777) = 0 [pid 5387] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5389] <... write resumed>) = 16777216 [ 62.385307][ T5386] BTRFS info (device loop1): force zlib compression, level 3 [ 62.398123][ T5387] BTRFS: device /dev/loop0 using temp-fsid 25e9a319-cc9d-4c57-bd83-da5c3b671a5d [ 62.398183][ T5386] BTRFS info (device loop1): allowing degraded mounts [ 62.407167][ T5387] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5387) [ 62.428056][ T5386] BTRFS info (device loop1): using free space tree [pid 5389] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 62.485294][ T5387] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.493298][ T5389] loop5: detected capacity change from 0 to 32768 [pid 5389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5389] close(3) = 0 [pid 5389] mkdir("./bus", 0777) = 0 [ 62.528533][ T5387] BTRFS info (device loop0): doing ref verification [ 62.535138][ T5387] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 62.553671][ T5389] BTRFS: device /dev/loop5 using temp-fsid 81347f1f-fbdd-4cd5-a92f-580b7cd17050 [ 62.563655][ T5389] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5389) [ 62.577918][ T5387] BTRFS info (device loop0): force zlib compression, level 3 [ 62.586176][ T5387] BTRFS info (device loop0): allowing degraded mounts [ 62.594360][ T5387] BTRFS info (device loop0): using free space tree [ 62.615967][ T5389] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 62.631948][ T5389] BTRFS info (device loop5): doing ref verification [ 62.638680][ T5389] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 62.650931][ T5386] BTRFS info (device loop1): auto enabling async discard [ 62.661831][ T5389] BTRFS info (device loop5): force zlib compression, level 3 [ 62.669825][ T5389] BTRFS info (device loop5): allowing degraded mounts [pid 5389] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5386] <... mount resumed>) = 0 [pid 5386] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5386] chdir("./bus") = 0 [pid 5386] ioctl(4, LOOP_CLR_FD) = 0 [pid 5386] close(4) = 0 [pid 5386] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 62.676607][ T5389] BTRFS info (device loop5): using free space tree [pid 5386] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5386] exit_group(0) = ? [pid 5386] +++ exited with 0 +++ [pid 5394] <... write resumed>) = 16777216 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5386, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 5066] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5394] munmap(0x7fefd70e9000, 138412032 [pid 5393] <... write resumed>) = 16777216 [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5393] munmap(0x7fefd70e9000, 138412032 [pid 5066] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5392] <... write resumed>) = 16777216 [pid 5394] <... munmap resumed>) = 0 [pid 5393] <... munmap resumed>) = 0 [pid 5387] <... mount resumed>) = 0 [pid 5387] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5394] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5393] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5392] munmap(0x7fefd70e9000, 138412032 [pid 5387] chdir("./bus" [pid 5394] <... openat resumed>) = 4 [pid 5387] <... chdir resumed>) = 0 [pid 5394] ioctl(4, LOOP_SET_FD, 3 [pid 5393] <... openat resumed>) = 4 [pid 5387] ioctl(4, LOOP_CLR_FD [pid 5393] ioctl(4, LOOP_SET_FD, 3 [pid 5387] <... ioctl resumed>) = 0 [pid 5393] <... ioctl resumed>) = 0 [ 62.766476][ T5387] BTRFS info (device loop0): auto enabling async discard [ 62.796131][ T5389] BTRFS info (device loop5): auto enabling async discard [ 62.799504][ T5394] loop4: detected capacity change from 0 to 32768 [ 62.810309][ T5393] loop3: detected capacity change from 0 to 32768 [pid 5387] close(4) = 0 [pid 5394] <... ioctl resumed>) = 0 [pid 5389] <... mount resumed>) = 0 [pid 5387] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5394] close(3 [pid 5389] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5387] <... openat resumed>) = 4 [pid 5394] <... close resumed>) = 0 [pid 5389] <... openat resumed>) = 3 [pid 5394] mkdir("./bus", 0777 [pid 5392] <... munmap resumed>) = 0 [pid 5389] chdir("./bus" [pid 5387] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5389] <... chdir resumed>) = 0 [pid 5394] <... mkdir resumed>) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5389] ioctl(4, LOOP_CLR_FD [pid 5394] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5392] <... openat resumed>) = 4 [pid 5389] <... ioctl resumed>) = 0 [pid 5387] <... write resumed>) = 65228 [pid 5392] ioctl(4, LOOP_SET_FD, 3 [pid 5389] close(4 [pid 5387] exit_group(0 [pid 5389] <... close resumed>) = 0 [pid 5387] <... exit_group resumed>) = ? [pid 5389] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5387] +++ exited with 0 +++ [pid 5389] <... openat resumed>) = 4 [pid 5389] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5387, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- [pid 5065] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5393] close(3) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5393] mkdir("./bus", 0777 [pid 5389] <... write resumed>) = 65228 [pid 5065] <... openat resumed>) = 3 [pid 5393] <... mkdir resumed>) = 0 [pid 5393] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5389] exit_group(0 [pid 5065] newfstatat(3, "", [pid 5389] <... exit_group resumed>) = ? [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5389] +++ exited with 0 +++ [pid 5065] getdents64(3, [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5392] <... ioctl resumed>) = 0 [pid 5392] close(3) = 0 [pid 5392] mkdir("./bus", 0777) = 0 [pid 5065] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5392] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5070] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 62.845388][ T5394] BTRFS: device /dev/loop4 using temp-fsid c7f7fb41-f46e-4888-8970-5cc30d72d7b4 [ 62.848707][ T5392] loop2: detected capacity change from 0 to 32768 [ 62.871804][ T5394] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5394) [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./3/bus") = 0 [ 62.926585][ T5394] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 62.935801][ T5393] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5393) [pid 5066] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./3/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./3") = 0 [pid 5066] mkdir("./4", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5441 ./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x55555613b660, 24) = 0 [pid 5441] chdir("./4") = 0 [pid 5441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5441] setpgid(0, 0) = 0 [ 62.974148][ T5394] BTRFS info (device loop4): doing ref verification [ 63.001591][ T5392] BTRFS: device /dev/loop2 using temp-fsid 235f3539-cf98-472d-ad2c-30e474ce0447 [ 63.011944][ T5394] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5441] write(3, "1000", 4) = 4 [ 63.022998][ T5393] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 63.027544][ T5392] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5392) [ 63.032227][ T5393] BTRFS info (device loop3): doing ref verification [ 63.054149][ T5393] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.064391][ T5394] BTRFS info (device loop4): force zlib compression, level 3 [pid 5441] close(3) = 0 [pid 5441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5441] memfd_create("syzkaller", 0) = 3 [pid 5441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 63.065994][ T5393] BTRFS info (device loop3): force zlib compression, level 3 [ 63.082856][ T5393] BTRFS info (device loop3): allowing degraded mounts [ 63.089500][ T5394] BTRFS info (device loop4): allowing degraded mounts [ 63.092054][ T5393] BTRFS info (device loop3): using free space tree [ 63.111965][ T5392] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [pid 5065] <... umount2 resumed>) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [ 63.145003][ T5394] BTRFS info (device loop4): using free space tree [ 63.153135][ T5392] BTRFS info (device loop2): doing ref verification [ 63.180418][ T5392] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5070] rmdir("./3/bus") = 0 [pid 5065] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./3/binderfs") = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./3") = 0 [pid 5070] mkdir("./4", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5461 attached [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5461] set_robust_list(0x55555613b660, 24 [pid 5065] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5461] <... set_robust_list resumed>) = 0 [pid 5461] chdir("./4" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5461] <... chdir resumed>) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5461 [pid 5065] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5461] setpgid(0, 0 [pid 5065] newfstatat(4, "", [pid 5461] <... setpgid resumed>) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5461] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5461] write(3, "1000", 4 [pid 5065] rmdir("./3/bus" [pid 5461] <... write resumed>) = 4 [pid 5461] close(3) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.208544][ T5392] BTRFS info (device loop2): force zlib compression, level 3 [ 63.223179][ T5392] BTRFS info (device loop2): allowing degraded mounts [ 63.245667][ T5392] BTRFS info (device loop2): using free space tree [pid 5065] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./3/binderfs") = 0 [pid 5065] getdents64(3, [pid 5461] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5461] <... symlink resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./3" [pid 5461] memfd_create("syzkaller", 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5461] <... memfd_create resumed>) = 3 [pid 5461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] mkdir("./4", 0777 [pid 5461] <... mmap resumed>) = 0x7fefd70e9000 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5471 ./strace-static-x86_64: Process 5471 attached [ 63.253980][ T5393] BTRFS info (device loop3): auto enabling async discard [pid 5471] set_robust_list(0x55555613b660, 24) = 0 [pid 5471] chdir("./4") = 0 [pid 5471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5471] setpgid(0, 0) = 0 [pid 5471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5471] write(3, "1000", 4 [pid 5393] <... mount resumed>) = 0 [pid 5471] <... write resumed>) = 4 [pid 5393] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5471] close(3 [pid 5393] <... openat resumed>) = 3 [pid 5471] <... close resumed>) = 0 [pid 5393] chdir("./bus" [pid 5471] symlink("/dev/binderfs", "./binderfs" [pid 5393] <... chdir resumed>) = 0 [pid 5471] <... symlink resumed>) = 0 [pid 5393] ioctl(4, LOOP_CLR_FD [pid 5471] memfd_create("syzkaller", 0 [pid 5393] <... ioctl resumed>) = 0 [pid 5471] <... memfd_create resumed>) = 3 [pid 5393] close(4 [pid 5471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5393] <... close resumed>) = 0 [pid 5471] <... mmap resumed>) = 0x7fefd70e9000 [pid 5393] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5393] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5393] exit_group(0) = ? [pid 5393] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... openat resumed>) = 3 [ 63.361955][ T5394] BTRFS info (device loop4): auto enabling async discard [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5068] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5394] <... mount resumed>) = 0 [pid 5394] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5394] <... openat resumed>) = 3 [pid 5394] chdir("./bus") = 0 [pid 5394] ioctl(4, LOOP_CLR_FD) = 0 [pid 5394] close(4) = 0 [pid 5394] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5394] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5394] exit_group(0) = ? [ 63.555570][ T5392] BTRFS info (device loop2): auto enabling async discard [pid 5394] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5394, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [pid 5069] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5392] <... mount resumed>) = 0 [pid 5392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./bus") = 0 [pid 5392] ioctl(4, LOOP_CLR_FD) = 0 [pid 5392] close(4) = 0 [pid 5392] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5392] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5392] exit_group(0) = ? [pid 5392] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5392, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5067] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./3/bus") = 0 [pid 5068] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./3/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./3" [pid 5441] <... write resumed>) = 16777216 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./4", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5494 ./strace-static-x86_64: Process 5494 attached [pid 5494] set_robust_list(0x55555613b660, 24) = 0 [pid 5494] chdir("./4") = 0 [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5494] setpgid(0, 0) = 0 [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5494] write(3, "1000", 4) = 4 [pid 5494] close(3) = 0 [pid 5494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5494] memfd_create("syzkaller", 0) = 3 [pid 5441] munmap(0x7fefd70e9000, 138412032 [pid 5494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5441] <... munmap resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5441] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5441] <... openat resumed>) = 4 [pid 5441] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5441] <... ioctl resumed>) = 0 [ 64.014950][ T5441] loop1: detected capacity change from 0 to 32768 [pid 5069] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5441] close(3) = 0 [pid 5069] getdents64(4, [pid 5441] mkdir("./bus", 0777 [pid 5069] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5441] <... mkdir resumed>) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./3/bus" [pid 5441] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5069] <... rmdir resumed>) = 0 [pid 5069] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./3/binderfs") = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./3") = 0 [ 64.102160][ T5441] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5441) [pid 5069] mkdir("./4", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] <... umount2 resumed>) = 0 [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 5067] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5461] <... write resumed>) = 16777216 [pid 5069] <... close resumed>) = 0 [pid 5067] rmdir("./3/bus") = 0 [pid 5067] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.208253][ T5441] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 64.216973][ T5441] BTRFS info (device loop1): doing ref verification [pid 5067] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./3/binderfs"./strace-static-x86_64: Process 5496 attached [pid 5461] munmap(0x7fefd70e9000, 138412032 [pid 5067] <... unlink resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 5496 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./3") = 0 [pid 5067] mkdir("./4", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5496] set_robust_list(0x55555613b660, 24 [pid 5067] <... openat resumed>) = 3 [pid 5496] <... set_robust_list resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5496] chdir("./4") = 0 ./strace-static-x86_64: Process 5497 attached [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 5497 [pid 5497] set_robust_list(0x55555613b660, 24) = 0 [pid 5497] chdir("./4") = 0 [pid 5497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5497] setpgid(0, 0) = 0 [pid 5497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5496] <... prctl resumed>) = 0 [pid 5496] setpgid(0, 0 [pid 5497] <... openat resumed>) = 3 [pid 5496] <... setpgid resumed>) = 0 [pid 5461] <... munmap resumed>) = 0 [pid 5497] write(3, "1000", 4) = 4 [pid 5497] close(3) = 0 [pid 5497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5497] memfd_create("syzkaller", 0) = 3 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5461] openat(AT_FDCWD, "/dev/loop5", O_RDWR [ 64.268113][ T5441] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] <... openat resumed>) = 4 [pid 5496] write(3, "1000", 4 [pid 5461] ioctl(4, LOOP_SET_FD, 3 [pid 5496] <... write resumed>) = 4 [pid 5461] <... ioctl resumed>) = 0 [pid 5496] close(3) = 0 [pid 5461] close(3 [pid 5496] symlink("/dev/binderfs", "./binderfs" [pid 5461] <... close resumed>) = 0 [pid 5496] <... symlink resumed>) = 0 [pid 5461] mkdir("./bus", 0777 [pid 5496] memfd_create("syzkaller", 0 [pid 5461] <... mkdir resumed>) = 0 [pid 5496] <... memfd_create resumed>) = 3 [ 64.328396][ T5441] BTRFS info (device loop1): force zlib compression, level 3 [ 64.336413][ T5441] BTRFS info (device loop1): allowing degraded mounts [ 64.351268][ T5461] loop5: detected capacity change from 0 to 32768 [ 64.367387][ T5461] BTRFS: device /dev/loop5 using temp-fsid f49e7609-07ca-409b-940c-425bf2c02d36 [pid 5461] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 64.410173][ T5441] BTRFS info (device loop1): using free space tree [ 64.428389][ T5461] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5461) [pid 5494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5471] <... write resumed>) = 16777216 [pid 5471] munmap(0x7fefd70e9000, 138412032) = 0 [ 64.538931][ T5461] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.598124][ T5461] BTRFS info (device loop5): doing ref verification [ 64.604749][ T5461] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5471] close(3) = 0 [pid 5471] mkdir("./bus", 0777) = 0 [ 64.659690][ T5471] loop0: detected capacity change from 0 to 32768 [ 64.716695][ T5471] BTRFS: device /dev/loop0 using temp-fsid 893a63a5-a55c-4984-8f24-fe46d54063e1 [ 64.758652][ T5441] BTRFS info (device loop1): auto enabling async discard [ 64.768736][ T5461] BTRFS info (device loop5): force zlib compression, level 3 [ 64.776121][ T5461] BTRFS info (device loop5): allowing degraded mounts [pid 5471] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 64.810959][ T5471] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5471) [pid 5496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5441] <... mount resumed>) = 0 [pid 5441] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5441] chdir("./bus") = 0 [pid 5441] ioctl(4, LOOP_CLR_FD) = 0 [pid 5441] close(4) = 0 [pid 5441] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5441] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [ 64.868074][ T5461] BTRFS info (device loop5): using free space tree [ 64.875271][ T5471] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.889031][ T5471] BTRFS info (device loop0): doing ref verification [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5441] exit_group(0) = ? [pid 5441] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5441, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- [pid 5066] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 64.921115][ T5471] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 64.949773][ T5471] BTRFS info (device loop0): force zlib compression, level 3 [ 64.957171][ T5471] BTRFS info (device loop0): allowing degraded mounts [ 64.964001][ T5471] BTRFS info (device loop0): using free space tree [pid 5066] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5494] <... write resumed>) = 16777216 [pid 5494] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5494] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5461] <... mount resumed>) = 0 [pid 5461] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5494] <... openat resumed>) = 4 [pid 5461] chdir("./bus" [pid 5494] ioctl(4, LOOP_SET_FD, 3 [pid 5461] <... chdir resumed>) = 0 [pid 5461] ioctl(4, LOOP_CLR_FD) = 0 [pid 5461] close(4) = 0 [pid 5461] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5461] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5461] exit_group(0) = ? [pid 5461] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5494] <... ioctl resumed>) = 0 [pid 5494] close(3) = 0 [pid 5494] mkdir("./bus", 0777 [pid 5070] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5494] <... mkdir resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5494] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 65.069173][ T5461] BTRFS info (device loop5): auto enabling async discard [ 65.097722][ T5494] loop3: detected capacity change from 0 to 32768 [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 65.143955][ T5494] BTRFS: device /dev/loop3 using temp-fsid bd2b3e60-d16f-4c88-a633-3d67517b90a9 [pid 5070] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5496] <... write resumed>) = 16777216 [pid 5496] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5496] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 65.208600][ T5471] BTRFS info (device loop0): auto enabling async discard [ 65.219744][ T5494] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5494) [ 65.245755][ T5496] loop4: detected capacity change from 0 to 32768 [pid 5496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5496] close(3) = 0 [pid 5496] mkdir("./bus", 0777) = 0 [pid 5496] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5471] <... mount resumed>) = 0 [ 65.256321][ T5494] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 65.271387][ T5496] BTRFS: device /dev/loop4 using temp-fsid 70876ecf-db77-41db-8407-7274f5db81b5 [ 65.289277][ T5494] BTRFS info (device loop3): doing ref verification [ 65.296216][ T5494] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5471] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5471] chdir("./bus") = 0 [pid 5471] ioctl(4, LOOP_CLR_FD) = 0 [pid 5471] close(4) = 0 [pid 5471] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5471] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5471] exit_group(0) = ? [pid 5471] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5471, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 65.314268][ T5496] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5496) [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [ 65.370300][ T5494] BTRFS info (device loop3): force zlib compression, level 3 [ 65.400319][ T5496] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 65.413618][ T5494] BTRFS info (device loop3): allowing degraded mounts [pid 5066] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./4/bus") = 0 [pid 5066] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./4/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5070] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./4") = 0 [ 65.426643][ T5496] BTRFS info (device loop4): doing ref verification [ 65.466647][ T5494] BTRFS info (device loop3): using free space tree [pid 5066] mkdir("./5", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5546 attached [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./4/bus", [pid 5546] set_robust_list(0x55555613b660, 24 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 5546 [pid 5546] <... set_robust_list resumed>) = 0 [pid 5546] chdir("./5") = 0 [pid 5546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5546] setpgid(0, 0) = 0 [pid 5546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5546] write(3, "1000", 4) = 4 [pid 5546] close(3) = 0 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5546] symlink("/dev/binderfs", "./binderfs" [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5546] <... symlink resumed>) = 0 [pid 5546] memfd_create("syzkaller", 0) = 3 [pid 5070] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5070] <... openat resumed>) = 4 [ 65.468340][ T5496] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./4/bus") = 0 [pid 5070] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./4/binderfs") = 0 [pid 5070] getdents64(3, [pid 5497] <... write resumed>) = 16777216 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./4") = 0 [ 65.540934][ T5496] BTRFS info (device loop4): force zlib compression, level 3 [ 65.571964][ T5496] BTRFS info (device loop4): allowing degraded mounts [pid 5070] mkdir("./5", 0777) = 0 [pid 5497] munmap(0x7fefd70e9000, 138412032 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5497] <... munmap resumed>) = 0 [pid 5070] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = 0 [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] close(3) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5562 [pid 5065] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", ./strace-static-x86_64: Process 5562 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5562] set_robust_list(0x55555613b660, 24 [pid 5065] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5562] <... set_robust_list resumed>) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 65.621297][ T5496] BTRFS info (device loop4): using free space tree [pid 5065] getdents64(4, [pid 5562] chdir("./5" [pid 5497] <... openat resumed>) = 4 [pid 5562] <... chdir resumed>) = 0 [pid 5497] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./4/bus") = 0 [pid 5065] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./4/binderfs" [pid 5562] <... prctl resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5562] setpgid(0, 0 [pid 5065] getdents64(3, [pid 5562] <... setpgid resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] close(3) = 0 [pid 5065] rmdir("./4" [pid 5562] <... openat resumed>) = 3 [pid 5065] <... rmdir resumed>) = 0 [pid 5562] write(3, "1000", 4 [pid 5065] mkdir("./5", 0777 [pid 5562] <... write resumed>) = 4 [pid 5562] close(3) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs" [pid 5497] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5562] <... symlink resumed>) = 0 [pid 5497] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5497] <... close resumed>) = 0 [pid 5497] mkdir("./bus", 0777) = 0 [pid 5065] close(3 [pid 5562] memfd_create("syzkaller", 0 [pid 5497] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5562] <... memfd_create resumed>) = 3 [ 65.682449][ T5497] loop2: detected capacity change from 0 to 32768 [ 65.708749][ T5494] BTRFS info (device loop3): auto enabling async discard ./strace-static-x86_64: Process 5574 attached [pid 5562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5574] set_robust_list(0x55555613b660, 24 [pid 5065] <... clone resumed>, child_tidptr=0x55555613b650) = 5574 [pid 5574] <... set_robust_list resumed>) = 0 [pid 5494] <... mount resumed>) = 0 [pid 5494] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5574] chdir("./5" [pid 5494] chdir("./bus") = 0 [pid 5574] <... chdir resumed>) = 0 [pid 5562] <... mmap resumed>) = 0x7fefd70e9000 [pid 5494] ioctl(4, LOOP_CLR_FD [pid 5574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5574] setpgid(0, 0 [pid 5494] <... ioctl resumed>) = 0 [pid 5494] close(4 [pid 5574] <... setpgid resumed>) = 0 [pid 5494] <... close resumed>) = 0 [pid 5574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5494] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5574] <... openat resumed>) = 3 [pid 5494] <... openat resumed>) = 4 [pid 5574] write(3, "1000", 4) = 4 [pid 5574] close(3) = 0 [pid 5494] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5574] symlink("/dev/binderfs", "./binderfs" [pid 5494] <... write resumed>) = 65228 [pid 5574] <... symlink resumed>) = 0 [ 65.753540][ T5497] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5497) [pid 5494] exit_group(0) = ? [pid 5574] memfd_create("syzkaller", 0 [pid 5494] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5494, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- [pid 5574] <... memfd_create resumed>) = 3 [pid 5574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 65.841185][ T5497] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [pid 5068] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5496] <... mount resumed>) = 0 [ 65.905706][ T5496] BTRFS info (device loop4): auto enabling async discard [ 65.922879][ T5497] BTRFS info (device loop2): doing ref verification [pid 5496] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5496] chdir("./bus") = 0 [pid 5496] ioctl(4, LOOP_CLR_FD) = 0 [pid 5496] close(4) = 0 [pid 5496] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5496] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [ 65.983140][ T5497] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.018099][ T5497] BTRFS info (device loop2): force zlib compression, level 3 [ 66.025896][ T5497] BTRFS info (device loop2): allowing degraded mounts [pid 5496] exit_group(0) = ? [pid 5496] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5069] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 66.048111][ T5497] BTRFS info (device loop2): using free space tree [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5574] <... write resumed>) = 16777216 [pid 5574] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5574] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5068] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5574] <... openat resumed>) = 4 [pid 5574] ioctl(4, LOOP_SET_FD, 3 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./4/bus") = 0 [pid 5068] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./4/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./4") = 0 [pid 5068] mkdir("./5", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5596 attached [ 66.246231][ T5497] BTRFS info (device loop2): auto enabling async discard [ 66.259683][ T5574] loop0: detected capacity change from 0 to 32768 , child_tidptr=0x55555613b650) = 5596 [pid 5596] set_robust_list(0x55555613b660, 24) = 0 [pid 5596] chdir("./5") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5574] <... ioctl resumed>) = 0 [pid 5562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5574] close(3) = 0 [pid 5574] mkdir("./bus", 0777 [pid 5596] memfd_create("syzkaller", 0 [pid 5574] <... mkdir resumed>) = 0 [pid 5497] <... mount resumed>) = 0 [pid 5574] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5596] <... memfd_create resumed>) = 3 [pid 5497] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5497] <... openat resumed>) = 3 [pid 5596] <... mmap resumed>) = 0x7fefd70e9000 [pid 5497] chdir("./bus") = 0 [pid 5497] ioctl(4, LOOP_CLR_FD) = 0 [pid 5497] close(4) = 0 [pid 5497] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 66.343246][ T5574] BTRFS: device /dev/loop0 using temp-fsid 355cbed9-9d96-4039-9808-7b7080953833 [pid 5497] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5497] exit_group(0) = ? [pid 5497] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5497, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 5067] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 66.392676][ T5574] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5574) [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 66.509284][ T5574] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.517993][ T5574] BTRFS info (device loop0): doing ref verification [pid 5067] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5546] <... write resumed>) = 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5546] munmap(0x7fefd70e9000, 138412032 [pid 5069] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./4/bus") = 0 [pid 5069] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5546] <... munmap resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./4/binderfs") = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [ 66.590862][ T5574] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5069] rmdir("./4") = 0 [pid 5069] mkdir("./5", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5600 attached [pid 5546] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5600] set_robust_list(0x55555613b660, 24) = 0 [pid 5546] <... openat resumed>) = 4 [pid 5600] chdir("./5") = 0 [pid 5600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5600] setpgid(0, 0) = 0 [pid 5600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5600] write(3, "1000", 4 [pid 5546] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 5600 [pid 5600] <... write resumed>) = 4 [pid 5600] close(3) = 0 [pid 5600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5546] <... ioctl resumed>) = 0 [pid 5600] memfd_create("syzkaller", 0) = 3 [pid 5600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5546] close(3) = 0 [pid 5546] mkdir("./bus", 0777) = 0 [ 66.658408][ T5574] BTRFS info (device loop0): force zlib compression, level 3 [ 66.691227][ T5546] loop1: detected capacity change from 0 to 32768 [ 66.699795][ T5574] BTRFS info (device loop0): allowing degraded mounts [ 66.733112][ T5574] BTRFS info (device loop0): using free space tree [ 66.740784][ T5546] BTRFS: device /dev/loop1 using temp-fsid 4e786a5a-5b0b-4a6b-8865-7a1070f9eb71 [pid 5546] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 66.785245][ T5546] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5546) [ 66.870399][ T5546] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 66.891247][ T5546] BTRFS info (device loop1): doing ref verification [ 66.898127][ T5546] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.920277][ T5546] BTRFS info (device loop1): force zlib compression, level 3 [ 66.927659][ T5546] BTRFS info (device loop1): allowing degraded mounts [ 66.978193][ T5546] BTRFS info (device loop1): using free space tree [pid 5596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5562] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5562] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 5562] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5562] <... openat resumed>) = 4 [pid 5067] <... close resumed>) = 0 [ 67.103610][ T5574] BTRFS info (device loop0): auto enabling async discard [pid 5067] rmdir("./4/bus" [pid 5562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./4/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./4" [pid 5596] <... write resumed>) = 16777216 [pid 5562] close(3 [pid 5574] <... mount resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5596] munmap(0x7fefd70e9000, 138412032 [pid 5574] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5562] <... close resumed>) = 0 [pid 5574] <... openat resumed>) = 3 [pid 5562] mkdir("./bus", 0777 [pid 5574] chdir("./bus" [pid 5562] <... mkdir resumed>) = 0 [pid 5574] <... chdir resumed>) = 0 [ 67.168545][ T5562] loop5: detected capacity change from 0 to 32768 [pid 5562] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5596] <... munmap resumed>) = 0 [pid 5574] ioctl(4, LOOP_CLR_FD [pid 5067] mkdir("./5", 0777 [pid 5596] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5574] <... ioctl resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5596] ioctl(4, LOOP_SET_FD, 3 [pid 5574] close(4) = 0 [pid 5574] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5596] <... ioctl resumed>) = 0 [pid 5574] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5574] <... write resumed>) = 65228 [pid 5574] exit_group(0) = ? [pid 5574] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5574, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [ 67.222096][ T5562] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5562) [ 67.250359][ T5596] loop3: detected capacity change from 0 to 32768 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5629 attached , child_tidptr=0x55555613b650) = 5629 [pid 5629] set_robust_list(0x55555613b660, 24) = 0 [pid 5629] chdir("./5") = 0 [pid 5629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5629] setpgid(0, 0) = 0 [pid 5629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] close(3 [pid 5629] write(3, "1000", 4 [pid 5596] <... close resumed>) = 0 [pid 5629] <... write resumed>) = 4 [pid 5596] mkdir("./bus", 0777 [pid 5629] close(3 [pid 5596] <... mkdir resumed>) = 0 [pid 5629] <... close resumed>) = 0 [pid 5596] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 67.327568][ T5546] BTRFS info (device loop1): auto enabling async discard [ 67.341050][ T5562] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [pid 5629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5629] memfd_create("syzkaller", 0) = 3 [pid 5629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5546] <... mount resumed>) = 0 [pid 5546] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5546] chdir("./bus") = 0 [pid 5546] ioctl(4, LOOP_CLR_FD) = 0 [pid 5546] close(4) = 0 [ 67.370890][ T5596] BTRFS: device /dev/loop3 using temp-fsid bb72cdb1-2282-463a-a806-9e0c7d9e73b1 [ 67.402467][ T5562] BTRFS info (device loop5): doing ref verification [pid 5546] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5546] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5546] exit_group(0) = ? [pid 5546] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5546, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [ 67.422373][ T5596] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5596) [ 67.438981][ T5562] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5066] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 67.511583][ T5562] BTRFS info (device loop5): force zlib compression, level 3 [ 67.527975][ T5596] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [pid 5066] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./5/bus") = 0 [pid 5065] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./5/binderfs") = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./5") = 0 [ 67.557337][ T5562] BTRFS info (device loop5): allowing degraded mounts [ 67.585862][ T5596] BTRFS info (device loop3): doing ref verification [ 67.599051][ T5562] BTRFS info (device loop5): using free space tree [pid 5065] mkdir("./6", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5636 ./strace-static-x86_64: Process 5636 attached [pid 5636] set_robust_list(0x55555613b660, 24) = 0 [pid 5636] chdir("./6") = 0 [pid 5636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5636] setpgid(0, 0) = 0 [pid 5636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 67.618418][ T5596] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5636] write(3, "1000", 4) = 4 [pid 5629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5600] <... write resumed>) = 16777216 [pid 5600] munmap(0x7fefd70e9000, 138412032 [pid 5636] close(3) = 0 [pid 5600] <... munmap resumed>) = 0 [pid 5636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5636] memfd_create("syzkaller", 0) = 3 [pid 5636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5600] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] <... umount2 resumed>) = 0 [pid 5600] <... openat resumed>) = 4 [ 67.718626][ T5596] BTRFS info (device loop3): force zlib compression, level 3 [ 67.726035][ T5596] BTRFS info (device loop3): allowing degraded mounts [pid 5066] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5600] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5600] <... ioctl resumed>) = 0 [pid 5600] close(3 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5600] <... close resumed>) = 0 [pid 5066] getdents64(4, [pid 5600] mkdir("./bus", 0777 [pid 5066] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [ 67.762713][ T5600] loop4: detected capacity change from 0 to 32768 [pid 5600] <... mkdir resumed>) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./5/bus") = 0 [pid 5066] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5600] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./5/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./5") = 0 [pid 5066] mkdir("./6", 0777) = 0 [ 67.811309][ T5596] BTRFS info (device loop3): using free space tree [ 67.828126][ T5600] BTRFS: device /dev/loop4 using temp-fsid 60a0b1c6-ce92-4500-af93-f07bf8f6a0f3 [ 67.837202][ T5600] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5600) [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5652 attached [pid 5652] set_robust_list(0x55555613b660, 24) = 0 [pid 5652] chdir("./6") = 0 [pid 5652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5652] setpgid(0, 0) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 5652 [pid 5652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5652] write(3, "1000", 4) = 4 [pid 5652] close(3) = 0 [pid 5652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5652] memfd_create("syzkaller", 0) = 3 [pid 5652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 67.920514][ T5562] BTRFS info (device loop5): auto enabling async discard [ 67.962970][ T5600] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [pid 5562] <... mount resumed>) = 0 [pid 5562] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5562] chdir("./bus") = 0 [pid 5562] ioctl(4, LOOP_CLR_FD) = 0 [ 68.004615][ T5600] BTRFS info (device loop4): doing ref verification [pid 5562] close(4) = 0 [pid 5562] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5562] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5562] exit_group(0) = ? [pid 5562] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5562, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5070] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, [pid 5636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 68.071466][ T5600] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.102577][ T5596] BTRFS info (device loop3): auto enabling async discard [pid 5070] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5596] <... mount resumed>) = 0 [pid 5596] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5596] chdir("./bus") = 0 [pid 5596] ioctl(4, LOOP_CLR_FD) = 0 [pid 5596] close(4) = 0 [pid 5596] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 68.142885][ T5600] BTRFS info (device loop4): force zlib compression, level 3 [pid 5596] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5596] exit_group(0 [pid 5629] <... write resumed>) = 16777216 [pid 5596] <... exit_group resumed>) = ? [pid 5596] +++ exited with 0 +++ [pid 5629] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5596, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5068] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 5629] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 5629] <... openat resumed>) = 4 [ 68.186683][ T5600] BTRFS info (device loop4): allowing degraded mounts [ 68.212187][ T5600] BTRFS info (device loop4): using free space tree [pid 5629] ioctl(4, LOOP_SET_FD, 3 [pid 5652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 68.232684][ T5629] loop2: detected capacity change from 0 to 32768 [pid 5068] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5629] <... ioctl resumed>) = 0 [pid 5629] close(3) = 0 [pid 5629] mkdir("./bus", 0777) = 0 [ 68.298557][ T5629] BTRFS: device /dev/loop2 using temp-fsid 0ca9a25c-2b47-45f6-a452-dd4fa59cad7d [ 68.307641][ T5629] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5629) [ 68.419952][ T5629] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [pid 5629] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5068] <... umount2 resumed>) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5068] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./5/bus", [pid 5070] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 4 [pid 5070] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] newfstatat(4, "", [pid 5070] <... openat resumed>) = 4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] newfstatat(4, "", [pid 5068] getdents64(4, [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, [pid 5068] getdents64(4, [pid 5070] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [ 68.464545][ T5629] BTRFS info (device loop2): doing ref verification [ 68.469659][ T5600] BTRFS info (device loop4): auto enabling async discard [ 68.503978][ T5629] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5070] getdents64(4, [pid 5068] close(4 [pid 5070] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] <... close resumed>) = 0 [pid 5070] close(4 [pid 5068] rmdir("./5/bus" [pid 5070] <... close resumed>) = 0 [pid 5070] rmdir("./5/bus" [pid 5068] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5068] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5636] <... write resumed>) = 16777216 [pid 5070] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./5/binderfs" [pid 5070] unlink("./5/binderfs" [pid 5068] <... unlink resumed>) = 0 [pid 5636] munmap(0x7fefd70e9000, 138412032 [pid 5070] <... unlink resumed>) = 0 [pid 5068] getdents64(3, [pid 5070] getdents64(3, [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5070] close(3 [pid 5068] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5068] rmdir("./5" [pid 5600] <... mount resumed>) = 0 [pid 5070] rmdir("./5" [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./6", 0777 [pid 5600] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5068] <... mkdir resumed>) = 0 [pid 5600] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5636] <... munmap resumed>) = 0 [pid 5600] chdir("./bus" [pid 5070] <... rmdir resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5600] <... chdir resumed>) = 0 [pid 5070] mkdir("./6", 0777 [ 68.539617][ T5629] BTRFS info (device loop2): force zlib compression, level 3 [ 68.573562][ T5629] BTRFS info (device loop2): allowing degraded mounts [pid 5636] ioctl(4, LOOP_SET_FD, 3 [pid 5600] ioctl(4, LOOP_CLR_FD [pid 5070] <... mkdir resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 5600] <... ioctl resumed>) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5600] close(4 [pid 5068] close(3 [pid 5600] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5600] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] <... openat resumed>) = 3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5636] <... ioctl resumed>) = 0 [pid 5600] <... openat resumed>) = 4 [pid 5070] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5683 attached [pid 5636] close(3 [pid 5070] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 5683 [pid 5636] <... close resumed>) = 0 [pid 5636] mkdir("./bus", 0777 [pid 5683] set_robust_list(0x55555613b660, 24 [pid 5070] close(3 [pid 5683] <... set_robust_list resumed>) = 0 [pid 5636] <... mkdir resumed>) = 0 [pid 5683] chdir("./6" [pid 5636] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5600] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] <... close resumed>) = 0 [pid 5683] <... chdir resumed>) = 0 [pid 5600] <... write resumed>) = 65228 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5684 attached [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5600] exit_group(0 [pid 5683] <... prctl resumed>) = 0 [pid 5600] <... exit_group resumed>) = ? [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5684 [pid 5684] set_robust_list(0x55555613b660, 24 [pid 5683] setpgid(0, 0 [pid 5684] <... set_robust_list resumed>) = 0 [pid 5683] <... setpgid resumed>) = 0 [pid 5684] chdir("./6" [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5600] +++ exited with 0 +++ [pid 5684] <... chdir resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5600, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 5684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5684] setpgid(0, 0) = 0 [pid 5684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5684] <... openat resumed>) = 3 [pid 5683] write(3, "1000", 4 [pid 5069] <... openat resumed>) = 3 [pid 5683] <... write resumed>) = 4 [pid 5069] newfstatat(3, "", [pid 5683] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5684] write(3, "1000", 4 [pid 5683] <... close resumed>) = 0 [ 68.584284][ T5636] loop0: detected capacity change from 0 to 32768 [ 68.599221][ T5629] BTRFS info (device loop2): using free space tree [ 68.612934][ T5636] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5636) [pid 5069] getdents64(3, [pid 5684] <... write resumed>) = 4 [pid 5683] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5684] close(3 [pid 5683] <... symlink resumed>) = 0 [pid 5069] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5684] <... close resumed>) = 0 [pid 5652] <... write resumed>) = 16777216 [pid 5684] symlink("/dev/binderfs", "./binderfs" [pid 5683] memfd_create("syzkaller", 0 [pid 5652] munmap(0x7fefd70e9000, 138412032 [pid 5683] <... memfd_create resumed>) = 3 [pid 5684] <... symlink resumed>) = 0 [pid 5684] memfd_create("syzkaller", 0 [pid 5683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5652] <... munmap resumed>) = 0 [pid 5683] <... mmap resumed>) = 0x7fefd70e9000 [pid 5652] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5652] ioctl(4, LOOP_SET_FD, 3 [pid 5684] <... memfd_create resumed>) = 3 [pid 5684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5652] <... ioctl resumed>) = 0 [pid 5652] close(3) = 0 [ 68.708821][ T5636] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.717530][ T5636] BTRFS info (device loop0): doing ref verification [ 68.731830][ T5652] loop1: detected capacity change from 0 to 32768 [pid 5652] mkdir("./bus", 0777) = 0 [ 68.778380][ T5636] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.802859][ T5652] BTRFS: device /dev/loop1 using temp-fsid 383395d8-0bb7-469a-b68c-a82f5cc2ee4c [ 68.839541][ T5629] BTRFS info (device loop2): auto enabling async discard [ 68.851066][ T5636] BTRFS info (device loop0): force zlib compression, level 3 [ 68.859343][ T5652] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5652) [pid 5652] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5629] <... mount resumed>) = 0 [pid 5629] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5629] chdir("./bus") = 0 [pid 5629] ioctl(4, LOOP_CLR_FD) = 0 [pid 5629] close(4) = 0 [pid 5629] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 68.927120][ T5636] BTRFS info (device loop0): allowing degraded mounts [ 68.942363][ T5636] BTRFS info (device loop0): using free space tree [ 68.957903][ T5652] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [pid 5629] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5069] <... umount2 resumed>) = 0 [pid 5629] <... write resumed>) = 65228 [pid 5629] exit_group(0) = ? [pid 5629] +++ exited with 0 +++ [pid 5069] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5629, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 5069] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... restart_syscall resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] getdents64(4, [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] getdents64(4, [pid 5067] <... openat resumed>) = 3 [pid 5069] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] newfstatat(3, "", [pid 5069] close(4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... close resumed>) = 0 [pid 5067] getdents64(3, [pid 5069] rmdir("./5/bus" [pid 5067] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] <... rmdir resumed>) = 0 [pid 5067] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./5/binderfs") = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./5") = 0 [pid 5069] mkdir("./6", 0777) = 0 [ 68.979289][ T5652] BTRFS info (device loop1): doing ref verification [ 68.998066][ T5652] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5710 attached [pid 5710] set_robust_list(0x55555613b660, 24 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 5710 [pid 5710] <... set_robust_list resumed>) = 0 [pid 5710] chdir("./6") = 0 [pid 5710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5710] setpgid(0, 0) = 0 [ 69.054103][ T5652] BTRFS info (device loop1): force zlib compression, level 3 [pid 5710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5710] write(3, "1000", 4) = 4 [pid 5710] close(3) = 0 [pid 5710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5710] memfd_create("syzkaller", 0) = 3 [pid 5710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 69.106373][ T5652] BTRFS info (device loop1): allowing degraded mounts [ 69.134307][ T5652] BTRFS info (device loop1): using free space tree [pid 5684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./5/bus") = 0 [pid 5067] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./5/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [ 69.244343][ T5636] BTRFS info (device loop0): auto enabling async discard [pid 5067] close(3) = 0 [pid 5067] rmdir("./5") = 0 [pid 5067] mkdir("./6", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5732 ./strace-static-x86_64: Process 5732 attached [pid 5732] set_robust_list(0x55555613b660, 24 [pid 5636] <... mount resumed>) = 0 [pid 5732] <... set_robust_list resumed>) = 0 [pid 5636] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5636] chdir("./bus") = 0 [pid 5636] ioctl(4, LOOP_CLR_FD) = 0 [pid 5636] close(4) = 0 [pid 5732] chdir("./6" [pid 5636] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5732] <... chdir resumed>) = 0 [pid 5732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5732] setpgid(0, 0) = 0 [pid 5636] <... openat resumed>) = 4 [pid 5732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5732] write(3, "1000", 4) = 4 [pid 5732] close(3) = 0 [pid 5636] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5636] <... write resumed>) = 65228 [pid 5636] exit_group(0 [pid 5732] memfd_create("syzkaller", 0) = 3 [pid 5636] <... exit_group resumed>) = ? [ 69.368097][ T5652] BTRFS info (device loop1): auto enabling async discard [pid 5732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5636] +++ exited with 0 +++ [pid 5732] <... mmap resumed>) = 0x7fefd70e9000 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5636, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5065] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5652] <... mount resumed>) = 0 [pid 5652] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5652] chdir("./bus") = 0 [pid 5652] ioctl(4, LOOP_CLR_FD) = 0 [pid 5652] close(4) = 0 [pid 5652] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5652] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5652] exit_group(0) = ? [pid 5652] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5652, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 5066] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5683] <... write resumed>) = 16777216 [pid 5683] munmap(0x7fefd70e9000, 138412032 [pid 5710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5683] <... munmap resumed>) = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5683] <... openat resumed>) = 4 [pid 5683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5683] close(3) = 0 [pid 5683] mkdir("./bus", 0777) = 0 [ 69.648258][ T5683] loop3: detected capacity change from 0 to 32768 [ 69.707954][ T5683] BTRFS: device /dev/loop3 using temp-fsid 9495acbc-1d45-459e-98b9-df8a164281a5 [ 69.729529][ T5683] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5683) [ 69.834683][ T5683] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [pid 5683] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5684] <... write resumed>) = 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 5684] munmap(0x7fefd70e9000, 138412032 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./6/bus") = 0 [pid 5066] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./6/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./6") = 0 [pid 5066] mkdir("./7", 0777) = 0 [pid 5065] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5065] newfstatat(AT_FDCWD, "./6/bus", [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5684] <... munmap resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5684] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5065] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5684] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 69.898962][ T5683] BTRFS info (device loop3): doing ref verification [ 69.927060][ T5683] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5684] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... openat resumed>) = 4 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 5736 [pid 5065] newfstatat(4, "", ./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x55555613b660, 24) = 0 [pid 5736] chdir("./7") = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0) = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5684] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5736] close(3) = 0 [pid 5065] getdents64(4, [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] memfd_create("syzkaller", 0 [pid 5684] close(3 [pid 5065] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5736] <... memfd_create resumed>) = 3 [pid 5684] <... close resumed>) = 0 [pid 5736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5684] mkdir("./bus", 0777 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5684] <... mkdir resumed>) = 0 [pid 5065] close(4 [pid 5684] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5065] <... close resumed>) = 0 [ 69.952084][ T5684] loop5: detected capacity change from 0 to 32768 [ 69.989285][ T5683] BTRFS info (device loop3): force zlib compression, level 3 [pid 5065] rmdir("./6/bus") = 0 [pid 5065] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./6/binderfs") = 0 [ 70.019410][ T5683] BTRFS info (device loop3): allowing degraded mounts [ 70.033183][ T5684] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5684) [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./6") = 0 [pid 5065] mkdir("./7", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5740 attached , child_tidptr=0x55555613b650) = 5740 [pid 5740] set_robust_list(0x55555613b660, 24) = 0 [ 70.068774][ T5683] BTRFS info (device loop3): using free space tree [ 70.099231][ T5684] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [pid 5740] chdir("./7") = 0 [pid 5740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5740] setpgid(0, 0) = 0 [pid 5740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5740] write(3, "1000", 4) = 4 [pid 5740] close(3) = 0 [pid 5740] symlink("/dev/binderfs", "./binderfs") = 0 [ 70.144635][ T5684] BTRFS info (device loop5): doing ref verification [pid 5740] memfd_create("syzkaller", 0) = 3 [pid 5736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5710] <... write resumed>) = 16777216 [ 70.218136][ T5684] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5710] munmap(0x7fefd70e9000, 138412032 [pid 5732] <... write resumed>) = 16777216 [pid 5732] munmap(0x7fefd70e9000, 138412032 [pid 5710] <... munmap resumed>) = 0 [ 70.267428][ T5684] BTRFS info (device loop5): force zlib compression, level 3 [pid 5710] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5732] <... munmap resumed>) = 0 [pid 5710] <... openat resumed>) = 4 [pid 5710] ioctl(4, LOOP_SET_FD, 3 [pid 5732] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5710] <... ioctl resumed>) = 0 [pid 5710] close(3) = 0 [pid 5710] mkdir("./bus", 0777) = 0 [ 70.316555][ T5683] BTRFS info (device loop3): auto enabling async discard [ 70.322144][ T5710] loop4: detected capacity change from 0 to 32768 [ 70.338422][ T5684] BTRFS info (device loop5): allowing degraded mounts [ 70.345209][ T5684] BTRFS info (device loop5): using free space tree [ 70.358330][ T5732] loop2: detected capacity change from 0 to 32768 [pid 5710] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5732] close(3) = 0 [pid 5732] mkdir("./bus", 0777) = 0 [pid 5732] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5683] <... mount resumed>) = 0 [pid 5683] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5683] chdir("./bus") = 0 [pid 5683] ioctl(4, LOOP_CLR_FD) = 0 [ 70.383318][ T5710] BTRFS: device /dev/loop4 using temp-fsid fbd6376f-4af1-4b60-a105-a169c3c54c9f [pid 5683] close(4) = 0 [pid 5683] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5683] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5683] exit_group(0) = ? [pid 5683] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5683, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5068] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 70.434558][ T5710] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5710) [ 70.538513][ T5732] BTRFS: device /dev/loop2 using temp-fsid b223fe6a-6c67-42a4-8a02-0bdafae27ea6 [ 70.550751][ T5732] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5732) [ 70.565743][ T5710] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 70.575150][ T5710] BTRFS info (device loop4): doing ref verification [ 70.582153][ T5710] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 70.593520][ T5710] BTRFS info (device loop4): force zlib compression, level 3 [ 70.601563][ T5710] BTRFS info (device loop4): allowing degraded mounts [ 70.604478][ T5732] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 70.620797][ T5710] BTRFS info (device loop4): using free space tree [ 70.658887][ T5732] BTRFS info (device loop2): doing ref verification [ 70.667915][ T5684] BTRFS info (device loop5): auto enabling async discard [pid 5068] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5684] <... mount resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5684] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 70.703965][ T5732] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 70.730549][ T5732] BTRFS info (device loop2): force zlib compression, level 3 [ 70.740389][ T5732] BTRFS info (device loop2): allowing degraded mounts [pid 5068] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5684] <... openat resumed>) = 3 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5684] chdir("./bus") = 0 [pid 5068] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5684] ioctl(4, LOOP_CLR_FD [pid 5068] getdents64(4, [pid 5684] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5684] close(4 [pid 5068] close(4 [pid 5684] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5684] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5068] rmdir("./6/bus") = 0 [pid 5068] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5684] <... openat resumed>) = 4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5684] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5068] unlink("./6/binderfs") = 0 [pid 5068] getdents64(3, [pid 5684] <... write resumed>) = 65228 [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5684] exit_group(0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./6") = 0 [ 70.748770][ T5732] BTRFS info (device loop2): using free space tree [pid 5684] <... exit_group resumed>) = ? [pid 5068] mkdir("./7", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5684] +++ exited with 0 +++ [pid 5068] <... openat resumed>) = 3 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5684, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5070] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 5786 [pid 5070] <... openat resumed>) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, ./strace-static-x86_64: Process 5786 attached [pid 5786] set_robust_list(0x55555613b660, 24 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5786] <... set_robust_list resumed>) = 0 [pid 5070] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5786] chdir("./7") = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5736] <... write resumed>) = 16777216 [pid 5786] <... prctl resumed>) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5736] munmap(0x7fefd70e9000, 138412032 [pid 5786] <... openat resumed>) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5786] memfd_create("syzkaller", 0) = 3 [ 70.786385][ T5710] BTRFS info (device loop4): auto enabling async discard [pid 5786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5736] <... munmap resumed>) = 0 [pid 5786] <... mmap resumed>) = 0x7fefd70e9000 [pid 5736] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5710] <... mount resumed>) = 0 [pid 5736] close(3 [pid 5710] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5736] <... close resumed>) = 0 [pid 5710] <... openat resumed>) = 3 [pid 5736] mkdir("./bus", 0777 [pid 5710] chdir("./bus" [pid 5736] <... mkdir resumed>) = 0 [pid 5710] <... chdir resumed>) = 0 [pid 5736] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5710] ioctl(4, LOOP_CLR_FD) = 0 [pid 5710] close(4) = 0 [ 70.868548][ T5736] loop1: detected capacity change from 0 to 32768 [pid 5710] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5710] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5710] exit_group(0) = ? [pid 5710] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5710, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- [pid 5069] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 70.921637][ T5736] BTRFS: device /dev/loop1 using temp-fsid 51ebcd6a-7bce-416f-8d6a-19d160b0ed7b [ 70.947923][ T5736] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5736) [ 70.962604][ T5732] BTRFS info (device loop2): auto enabling async discard [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = 0 [pid 5732] <... mount resumed>) = 0 [ 71.002803][ T5736] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 71.039371][ T5736] BTRFS info (device loop1): doing ref verification [pid 5732] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5070] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5732] <... openat resumed>) = 3 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 71.068300][ T5736] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 71.108062][ T5736] BTRFS info (device loop1): force zlib compression, level 3 [pid 5070] newfstatat(AT_FDCWD, "./6/bus", [pid 5732] chdir("./bus" [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5732] <... chdir resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5732] ioctl(4, LOOP_CLR_FD [pid 5070] <... openat resumed>) = 4 [pid 5732] <... ioctl resumed>) = 0 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5732] close(4) = 0 [pid 5070] getdents64(4, [pid 5732] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5732] <... openat resumed>) = 4 [pid 5070] getdents64(4, [pid 5732] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./6/bus") = 0 [pid 5732] <... write resumed>) = 65228 [ 71.116346][ T5736] BTRFS info (device loop1): allowing degraded mounts [ 71.124409][ T5736] BTRFS info (device loop1): using free space tree [pid 5732] exit_group(0 [pid 5070] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5732] <... exit_group resumed>) = ? [pid 5732] +++ exited with 0 +++ [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5732, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5070] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./6/binderfs" [pid 5067] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... unlink resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] getdents64(3, [pid 5067] <... openat resumed>) = 3 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5070] close(3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] <... close resumed>) = 0 [pid 5067] getdents64(3, [pid 5070] rmdir("./6" [pid 5067] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... rmdir resumed>) = 0 [pid 5070] mkdir("./7", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD [pid 5786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5070] <... ioctl resumed>) = 0 [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5809 ./strace-static-x86_64: Process 5809 attached [pid 5809] set_robust_list(0x55555613b660, 24) = 0 [pid 5809] chdir("./7") = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5809] memfd_create("syzkaller", 0) = 3 [pid 5809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5069] <... umount2 resumed>) = 0 [ 71.361521][ T5736] BTRFS info (device loop1): auto enabling async discard [pid 5069] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5736] <... mount resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5736] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5736] chdir("./bus") = 0 [pid 5736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5736] close(4) = 0 [pid 5736] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5069] <... openat resumed>) = 4 [pid 5736] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5069] newfstatat(4, "", [pid 5736] <... write resumed>) = 65228 [pid 5736] exit_group(0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5736] <... exit_group resumed>) = ? [pid 5736] +++ exited with 0 +++ [pid 5069] getdents64(4, [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5736, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 5066] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5740] <... write resumed>) = 16777216 [pid 5069] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] close(4) = 0 [pid 5069] rmdir("./6/bus") = 0 [pid 5069] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./6/binderfs") = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5740] munmap(0x7fefd70e9000, 138412032 [pid 5069] rmdir("./6" [pid 5740] <... munmap resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./7", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached , child_tidptr=0x55555613b650) = 5820 [pid 5820] set_robust_list(0x55555613b660, 24 [pid 5740] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... set_robust_list resumed>) = 0 [pid 5820] chdir("./7" [pid 5740] <... openat resumed>) = 4 [pid 5820] <... chdir resumed>) = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5740] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5820] <... prctl resumed>) = 0 [pid 5740] <... ioctl resumed>) = 0 [pid 5067] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 5820] setpgid(0, 0 [pid 5067] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./6/bus") = 0 [pid 5067] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5820] <... setpgid resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./6/binderfs" [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... unlink resumed>) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 5820] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./6") = 0 [pid 5820] write(3, "1000", 4 [pid 5067] mkdir("./7", 0777 [pid 5740] close(3 [pid 5067] <... mkdir resumed>) = 0 [pid 5740] <... close resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5740] mkdir("./bus", 0777 [pid 5067] <... openat resumed>) = 3 [pid 5740] <... mkdir resumed>) = 0 [ 71.631492][ T5740] loop0: detected capacity change from 0 to 32768 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5740] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] <... ioctl resumed>) = 0 [pid 5820] <... write resumed>) = 4 [pid 5067] close(3 [pid 5820] close(3) = 0 [pid 5820] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5822 [pid 5820] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 5822 attached [pid 5820] memfd_create("syzkaller", 0 [pid 5822] set_robust_list(0x55555613b660, 24 [pid 5820] <... memfd_create resumed>) = 3 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5822] chdir("./7" [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... chdir resumed>) = 0 [pid 5820] <... mmap resumed>) = 0x7fefd70e9000 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] memfd_create("syzkaller", 0) = 3 [ 71.693311][ T5740] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5740) [pid 5822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 71.831981][ T5740] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.891026][ T5740] BTRFS info (device loop0): doing ref verification [pid 5809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5786] <... write resumed>) = 16777216 [pid 5786] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5786] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 71.951321][ T5740] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5786] close(3) = 0 [pid 5786] mkdir("./bus", 0777 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5786] <... mkdir resumed>) = 0 [pid 5066] rmdir("./7/bus") = 0 [pid 5786] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5066] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./7/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [ 71.998565][ T5786] loop3: detected capacity change from 0 to 32768 [ 72.032452][ T5740] BTRFS info (device loop0): force zlib compression, level 3 [pid 5066] rmdir("./7") = 0 [pid 5066] mkdir("./8", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5823 ./strace-static-x86_64: Process 5823 attached [pid 5823] set_robust_list(0x55555613b660, 24) = 0 [pid 5823] chdir("./8") = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] setpgid(0, 0) = 0 [ 72.059861][ T5786] BTRFS: device /dev/loop3 using temp-fsid 29e36565-0112-460f-bc4c-cce029ca15fb [ 72.072098][ T5740] BTRFS info (device loop0): allowing degraded mounts [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] write(3, "1000", 4) = 4 [pid 5823] close(3) = 0 [pid 5823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5823] memfd_create("syzkaller", 0) = 3 [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 72.098178][ T5786] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5786) [ 72.115373][ T5740] BTRFS info (device loop0): using free space tree [pid 5822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 72.155962][ T5786] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 72.188306][ T5786] BTRFS info (device loop3): doing ref verification [ 72.228119][ T5786] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.244939][ T5786] BTRFS info (device loop3): force zlib compression, level 3 [ 72.309561][ T5786] BTRFS info (device loop3): allowing degraded mounts [pid 5820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5740] <... mount resumed>) = 0 [pid 5740] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 72.368252][ T5786] BTRFS info (device loop3): using free space tree [ 72.398139][ T5740] BTRFS info (device loop0): auto enabling async discard [pid 5740] chdir("./bus" [pid 5822] <... write resumed>) = 16777216 [pid 5740] <... chdir resumed>) = 0 [pid 5740] ioctl(4, LOOP_CLR_FD) = 0 [pid 5740] close(4) = 0 [pid 5822] munmap(0x7fefd70e9000, 138412032 [pid 5740] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5822] <... munmap resumed>) = 0 [pid 5740] <... openat resumed>) = 4 [pid 5740] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5822] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5740] <... write resumed>) = 65228 [pid 5740] exit_group(0 [pid 5822] <... openat resumed>) = 4 [pid 5740] <... exit_group resumed>) = ? [pid 5740] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5740, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- [pid 5065] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... openat resumed>) = 3 [pid 5822] <... ioctl resumed>) = 0 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5809] <... write resumed>) = 16777216 [ 72.520904][ T5822] loop2: detected capacity change from 0 to 32768 [pid 5809] munmap(0x7fefd70e9000, 138412032 [pid 5822] close(3 [pid 5809] <... munmap resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] mkdir("./bus", 0777) = 0 [pid 5822] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5809] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 72.606063][ T5786] BTRFS info (device loop3): auto enabling async discard [ 72.615314][ T5822] BTRFS: device /dev/loop2 using temp-fsid c7c0c14a-28af-41ca-a35f-058b50b99579 [pid 5809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5809] close(3) = 0 [pid 5809] mkdir("./bus", 0777) = 0 [pid 5809] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5786] <... mount resumed>) = 0 [pid 5786] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5786] chdir("./bus") = 0 [pid 5786] ioctl(4, LOOP_CLR_FD) = 0 [pid 5786] close(4) = 0 [pid 5786] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5786] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [ 72.660281][ T5809] loop5: detected capacity change from 0 to 32768 [ 72.680647][ T5822] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5822) [pid 5786] exit_group(0) = ? [pid 5786] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5786, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5068] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 72.764490][ T5822] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 72.780780][ T5809] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5809) [ 72.808399][ T5822] BTRFS info (device loop2): doing ref verification [ 72.824396][ T5822] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.850327][ T5809] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [pid 5068] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5820] <... write resumed>) = 16777216 [ 72.887144][ T5822] BTRFS info (device loop2): force zlib compression, level 3 [ 72.894775][ T5809] BTRFS info (device loop5): doing ref verification [pid 5820] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5820] ioctl(4, LOOP_SET_FD, 3) = 0 [ 72.928461][ T5809] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.943112][ T5820] loop4: detected capacity change from 0 to 32768 [ 72.943122][ T5822] BTRFS info (device loop2): allowing degraded mounts [pid 5820] close(3) = 0 [pid 5820] mkdir("./bus", 0777) = 0 [ 72.978491][ T5822] BTRFS info (device loop2): using free space tree [ 72.993426][ T5809] BTRFS info (device loop5): force zlib compression, level 3 [ 73.005481][ T5820] BTRFS: device /dev/loop4 using temp-fsid fbf0c13e-6711-4dc9-bd3a-7b7a20221513 [pid 5820] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./7/bus") = 0 [pid 5065] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./7/binderfs") = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./7") = 0 [pid 5065] mkdir("./8", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] close(3) = 0 [ 73.038067][ T5809] BTRFS info (device loop5): allowing degraded mounts [ 73.044885][ T5809] BTRFS info (device loop5): using free space tree [ 73.055448][ T5820] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5820) [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x55555613b650) = 5868 [pid 5868] set_robust_list(0x55555613b660, 24) = 0 [pid 5868] chdir("./8") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5068] <... umount2 resumed>) = 0 [ 73.130516][ T5820] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 73.155244][ T5820] BTRFS info (device loop4): doing ref verification [pid 5068] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5809] <... mount resumed>) = 0 [pid 5068] rmdir("./7/bus") = 0 [pid 5068] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.174291][ T5820] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 73.196716][ T5809] BTRFS info (device loop5): auto enabling async discard [ 73.205941][ T5820] BTRFS info (device loop4): force zlib compression, level 3 [ 73.213680][ T5822] BTRFS info (device loop2): auto enabling async discard [pid 5823] <... write resumed>) = 16777216 [pid 5809] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5068] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5809] <... openat resumed>) = 3 [pid 5823] munmap(0x7fefd70e9000, 138412032 [pid 5809] chdir("./bus" [pid 5068] unlink("./7/binderfs" [pid 5809] <... chdir resumed>) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5809] ioctl(4, LOOP_CLR_FD) = 0 [pid 5809] close(4 [pid 5823] <... munmap resumed>) = 0 [pid 5809] <... close resumed>) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./7" [pid 5809] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./8", 0777 [pid 5823] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5809] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5068] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 73.248096][ T5820] BTRFS info (device loop4): allowing degraded mounts [ 73.255392][ T5820] BTRFS info (device loop4): using free space tree [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5823] <... openat resumed>) = 4 [pid 5809] <... write resumed>) = 65228 [pid 5823] ioctl(4, LOOP_SET_FD, 3 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5809] exit_group(0 [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 5892 [pid 5809] <... exit_group resumed>) = ? [pid 5809] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5070] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... mount resumed>) = 0 [pid 5070] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x55555613b660, 24 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5070] getdents64(3, [pid 5892] chdir("./8" [pid 5822] <... openat resumed>) = 3 [pid 5892] <... chdir resumed>) = 0 [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5823] <... ioctl resumed>) = 0 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5822] chdir("./bus" [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] <... chdir resumed>) = 0 [pid 5822] ioctl(4, LOOP_CLR_FD [pid 5892] <... prctl resumed>) = 0 [pid 5823] close(3 [pid 5822] <... ioctl resumed>) = 0 [pid 5892] setpgid(0, 0 [pid 5823] <... close resumed>) = 0 [pid 5822] close(4) = 0 [ 73.319777][ T5823] loop1: detected capacity change from 0 to 32768 [pid 5822] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5892] <... setpgid resumed>) = 0 [pid 5823] mkdir("./bus", 0777 [pid 5822] <... openat resumed>) = 4 [pid 5823] <... mkdir resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5823] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5892] <... openat resumed>) = 3 [pid 5822] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5822] exit_group(0) = ? [pid 5822] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5067] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5892] write(3, "1000", 4 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5892] <... write resumed>) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 73.402091][ T5823] BTRFS: device /dev/loop1 using temp-fsid 6683e293-f0a4-4f71-a31d-d5cbf0a8ce4b [ 73.429040][ T5823] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5823) [ 73.505055][ T5823] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 73.516967][ T5820] BTRFS info (device loop4): auto enabling async discard [pid 5820] <... mount resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./7/bus", [pid 5820] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.598566][ T5823] BTRFS info (device loop1): doing ref verification [ 73.605184][ T5823] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5820] chdir("./bus") = 0 [pid 5820] ioctl(4, LOOP_CLR_FD) = 0 [pid 5820] close(4 [pid 5067] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5820] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5067] newfstatat(4, "", [pid 5820] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5820] <... write resumed>) = 65228 [pid 5067] close(4) = 0 [pid 5067] rmdir("./7/bus") = 0 [pid 5820] exit_group(0 [pid 5067] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... exit_group resumed>) = ? [pid 5067] unlink("./7/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./7") = 0 [pid 5067] mkdir("./8", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [ 73.674830][ T5823] BTRFS info (device loop1): force zlib compression, level 3 [pid 5820] +++ exited with 0 +++ [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5820, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5069] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 5906 [pid 5069] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5906 attached [pid 5906] set_robust_list(0x55555613b660, 24 [pid 5069] newfstatat(3, "", [pid 5906] <... set_robust_list resumed>) = 0 [pid 5906] chdir("./8") = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4 [pid 5069] getdents64(3, [pid 5906] <... write resumed>) = 4 [pid 5906] close(3 [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5906] <... close resumed>) = 0 [ 73.719907][ T5823] BTRFS info (device loop1): allowing degraded mounts [ 73.759630][ T5823] BTRFS info (device loop1): using free space tree [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5069] <... umount2 resumed>) = 0 [ 73.958300][ T5823] BTRFS info (device loop1): auto enabling async discard [pid 5069] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... write resumed>) = 16777216 [pid 5868] munmap(0x7fefd70e9000, 138412032 [pid 5069] newfstatat(AT_FDCWD, "./7/bus", [pid 5868] <... munmap resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./7/bus") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./7/binderfs" [pid 5823] <... mount resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5823] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5823] <... openat resumed>) = 3 [pid 5868] close(3 [pid 5823] chdir("./bus" [pid 5868] <... close resumed>) = 0 [pid 5823] <... chdir resumed>) = 0 [ 74.060267][ T5868] loop0: detected capacity change from 0 to 32768 [pid 5069] close(3 [pid 5868] mkdir("./bus", 0777 [pid 5823] ioctl(4, LOOP_CLR_FD [pid 5069] <... close resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5823] <... ioctl resumed>) = 0 [pid 5069] rmdir("./7" [pid 5868] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5823] close(4 [pid 5069] <... rmdir resumed>) = 0 [pid 5823] <... close resumed>) = 0 [pid 5069] mkdir("./8", 0777 [pid 5823] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5923 [pid 5823] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 ./strace-static-x86_64: Process 5923 attached [pid 5823] exit_group(0) = ? [pid 5923] set_robust_list(0x55555613b660, 24 [pid 5823] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5923] <... set_robust_list resumed>) = 0 [ 74.110179][ T5868] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5868) [pid 5923] chdir("./8") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5923] setpgid(0, 0) = 0 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5923] <... openat resumed>) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5070] <... umount2 resumed>) = 0 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5070] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.221756][ T5868] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.257894][ T5868] BTRFS info (device loop0): doing ref verification [pid 5070] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./7/bus") = 0 [pid 5070] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./7/binderfs") = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./7") = 0 [pid 5070] mkdir("./8", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached [pid 5925] set_robust_list(0x55555613b660, 24) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 5925 [ 74.308083][ T5868] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5925] chdir("./8") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 74.378079][ T5868] BTRFS info (device loop0): force zlib compression, level 3 [ 74.385495][ T5868] BTRFS info (device loop0): allowing degraded mounts [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5892] <... write resumed>) = 16777216 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.450090][ T5868] BTRFS info (device loop0): using free space tree [pid 5066] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 5892] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5892] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] close(4 [pid 5892] <... openat resumed>) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... close resumed>) = 0 [pid 5892] <... ioctl resumed>) = 0 [pid 5066] rmdir("./8/bus") = 0 [pid 5066] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./8/binderfs") = 0 [pid 5892] close(3 [pid 5066] getdents64(3, [pid 5892] <... close resumed>) = 0 [pid 5892] mkdir("./bus", 0777 [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./8" [pid 5892] <... mkdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./9", 0777 [pid 5892] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5066] <... mkdir resumed>) = 0 [ 74.540296][ T5892] loop3: detected capacity change from 0 to 32768 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached , child_tidptr=0x55555613b650) = 5939 [ 74.597972][ T5892] BTRFS: device /dev/loop3 using temp-fsid 2f173f1e-4da9-4532-b51c-f74ee20fe982 [pid 5939] set_robust_list(0x55555613b660, 24) = 0 [pid 5939] chdir("./9") = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5939] memfd_create("syzkaller", 0) = 3 [ 74.660830][ T5892] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5892) [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 74.769498][ T5892] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 74.784945][ T5868] BTRFS info (device loop0): auto enabling async discard [ 74.799435][ T5892] BTRFS info (device loop3): doing ref verification [pid 5868] <... mount resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./bus") = 0 [pid 5868] ioctl(4, LOOP_CLR_FD) = 0 [pid 5868] close(4 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5868] <... close resumed>) = 0 [pid 5868] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 74.843664][ T5892] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5868] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5868] exit_group(0) = ? [pid 5868] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 74.884591][ T5892] BTRFS info (device loop3): force zlib compression, level 3 [pid 5065] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5906] <... write resumed>) = 16777216 [pid 5906] munmap(0x7fefd70e9000, 138412032) = 0 [ 74.925993][ T5892] BTRFS info (device loop3): allowing degraded mounts [ 74.950305][ T5892] BTRFS info (device loop3): using free space tree [pid 5906] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] mkdir("./bus", 0777) = 0 [ 75.045977][ T5906] loop2: detected capacity change from 0 to 32768 [pid 5906] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5923] <... write resumed>) = 16777216 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5923] munmap(0x7fefd70e9000, 138412032 [ 75.088986][ T5906] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (5906) [pid 5065] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5923] <... munmap resumed>) = 0 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./8/bus") = 0 [pid 5065] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5923] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5923] <... openat resumed>) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3 [pid 5065] unlink("./8/binderfs") = 0 [ 75.131013][ T5906] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 75.170499][ T5923] loop4: detected capacity change from 0 to 32768 [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./8") = 0 [pid 5065] mkdir("./9", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5958 ./strace-static-x86_64: Process 5958 attached [pid 5958] set_robust_list(0x55555613b660, 24) = 0 [pid 5958] chdir("./9") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5923] <... ioctl resumed>) = 0 [pid 5923] close(3 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5923] <... close resumed>) = 0 [pid 5923] mkdir("./bus", 0777) = 0 [ 75.178448][ T5906] BTRFS info (device loop2): doing ref verification [ 75.185434][ T5906] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.197392][ T5906] BTRFS info (device loop2): force zlib compression, level 3 [ 75.205598][ T5906] BTRFS info (device loop2): allowing degraded mounts [ 75.211264][ T5892] BTRFS info (device loop3): auto enabling async discard [ 75.213047][ T5906] BTRFS info (device loop2): using free space tree [pid 5923] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5958] <... openat resumed>) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3 [pid 5925] <... write resumed>) = 16777216 [pid 5958] <... close resumed>) = 0 [pid 5925] munmap(0x7fefd70e9000, 138412032 [pid 5958] symlink("/dev/binderfs", "./binderfs" [pid 5925] <... munmap resumed>) = 0 [pid 5958] <... symlink resumed>) = 0 [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5925] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 75.220547][ T5923] BTRFS: device /dev/loop4 using temp-fsid c6bd1b0f-0df4-4f1b-a7df-fa6cd909ad58 [pid 5925] ioctl(4, LOOP_SET_FD, 3 [pid 5892] <... mount resumed>) = 0 [pid 5892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./bus") = 0 [pid 5892] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] close(4) = 0 [pid 5925] <... ioctl resumed>) = 0 [pid 5892] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5925] close(3 [pid 5892] <... openat resumed>) = 4 [pid 5925] <... close resumed>) = 0 [pid 5892] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5925] mkdir("./bus", 0777 [pid 5892] <... write resumed>) = 65228 [pid 5925] <... mkdir resumed>) = 0 [pid 5925] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5892] exit_group(0) = ? [pid 5892] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [ 75.270617][ T5925] loop5: detected capacity change from 0 to 32768 [pid 5068] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5939] <... write resumed>) = 16777216 [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 5939] munmap(0x7fefd70e9000, 138412032 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5068] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] <... munmap resumed>) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 75.322722][ T5923] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (5923) [ 75.362288][ T5925] BTRFS: device /dev/loop5 using temp-fsid 601aac28-48d7-42ea-a865-a543939a58e6 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [ 75.379609][ T5939] loop1: detected capacity change from 0 to 32768 [ 75.379740][ T5923] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [pid 5939] mkdir("./bus", 0777 [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5939] <... mkdir resumed>) = 0 [ 75.422754][ T5925] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (5925) [ 75.432937][ T5923] BTRFS info (device loop4): doing ref verification [ 75.448454][ T5923] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.457372][ T5906] BTRFS info (device loop2): auto enabling async discard [pid 5939] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5906] <... mount resumed>) = 0 [pid 5906] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./bus") = 0 [pid 5906] ioctl(4, LOOP_CLR_FD) = 0 [pid 5906] close(4) = 0 [pid 5906] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5906] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5906] exit_group(0) = ? [ 75.478256][ T5923] BTRFS info (device loop4): force zlib compression, level 3 [ 75.485749][ T5923] BTRFS info (device loop4): allowing degraded mounts [ 75.493495][ T5923] BTRFS info (device loop4): using free space tree [ 75.509738][ T5939] BTRFS: device /dev/loop1 using temp-fsid aa162e28-0901-4e67-95d1-99433676de19 [ 75.519083][ T5925] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [pid 5906] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [ 75.541140][ T5925] BTRFS info (device loop5): doing ref verification [ 75.547743][ T5925] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.569016][ T5939] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (5939) [pid 5067] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 75.603741][ T5925] BTRFS info (device loop5): force zlib compression, level 3 [ 75.628124][ T5939] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 75.636828][ T5939] BTRFS info (device loop1): doing ref verification [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./8/bus") = 0 [pid 5068] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./8/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./8") = 0 [ 75.644067][ T5939] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.657509][ T5925] BTRFS info (device loop5): allowing degraded mounts [pid 5068] mkdir("./9", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 5986 ./strace-static-x86_64: Process 5986 attached [pid 5986] set_robust_list(0x55555613b660, 24) = 0 [pid 5986] chdir("./9") = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5986] memfd_create("syzkaller", 0) = 3 [ 75.708014][ T5925] BTRFS info (device loop5): using free space tree [ 75.726829][ T5939] BTRFS info (device loop1): force zlib compression, level 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5923] <... mount resumed>) = 0 [pid 5958] <... write resumed>) = 16777216 [pid 5923] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./bus") = 0 [pid 5923] ioctl(4, LOOP_CLR_FD) = 0 [pid 5923] close(4 [pid 5958] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5923] <... close resumed>) = 0 [ 75.767527][ T5939] BTRFS info (device loop1): allowing degraded mounts [ 75.788878][ T5923] BTRFS info (device loop4): auto enabling async discard [ 75.810013][ T5939] BTRFS info (device loop1): using free space tree [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5923] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5958] <... openat resumed>) = 4 [pid 5923] <... openat resumed>) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3 [pid 5923] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5923] exit_group(0) = ? [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5958] <... ioctl resumed>) = 0 [pid 5923] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5958] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5958] <... close resumed>) = 0 [pid 5958] mkdir("./bus", 0777 [pid 5069] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5958] <... mkdir resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./8/bus", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5958] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5069] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./8/bus" [pid 5069] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... rmdir resumed>) = 0 [pid 5067] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./8/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./8") = 0 [ 75.872818][ T5958] loop0: detected capacity change from 0 to 32768 [ 75.908921][ T5958] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (5958) [pid 5067] mkdir("./9", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6017 ./strace-static-x86_64: Process 6017 attached [pid 6017] set_robust_list(0x55555613b660, 24) = 0 [pid 6017] chdir("./9") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 76.004258][ T5958] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5925] <... mount resumed>) = 0 [ 76.050669][ T5925] BTRFS info (device loop5): auto enabling async discard [ 76.070113][ T777] cfg80211: failed to load regulatory.db [ 76.070885][ T5939] BTRFS info (device loop1): auto enabling async discard [ 76.084709][ T5958] BTRFS info (device loop0): doing ref verification [pid 5925] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./bus") = 0 [pid 5925] ioctl(4, LOOP_CLR_FD) = 0 [pid 5925] close(4) = 0 [ 76.130577][ T5958] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5925] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5925] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5925] exit_group(0 [pid 5939] <... mount resumed>) = 0 [pid 5939] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./bus" [pid 5925] <... exit_group resumed>) = ? [pid 5939] <... chdir resumed>) = 0 [pid 5939] ioctl(4, LOOP_CLR_FD) = 0 [pid 5939] close(4) = 0 [pid 5925] +++ exited with 0 +++ [pid 5939] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] <... umount2 resumed>) = 0 [ 76.198060][ T5958] BTRFS info (device loop0): force zlib compression, level 3 [ 76.205657][ T5958] BTRFS info (device loop0): allowing degraded mounts [pid 5069] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] <... write resumed>) = 65228 [pid 5939] exit_group(0) = ? [pid 5939] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [pid 5066] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(AT_FDCWD, "./8/bus", [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... openat resumed>) = 3 [pid 5069] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] newfstatat(3, "", [pid 5069] <... openat resumed>) = 4 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] newfstatat(4, "", [pid 5070] getdents64(3, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] getdents64(4, [pid 5070] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [ 76.278466][ T5958] BTRFS info (device loop0): using free space tree [pid 5069] close(4) = 0 [pid 5069] rmdir("./8/bus") = 0 [pid 5069] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./8/binderfs" [pid 5986] <... write resumed>) = 16777216 [pid 5069] <... unlink resumed>) = 0 [pid 5986] munmap(0x7fefd70e9000, 138412032 [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5986] <... munmap resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] rmdir("./8" [pid 5986] <... openat resumed>) = 4 [pid 5069] <... rmdir resumed>) = 0 [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5069] mkdir("./9", 0777) = 0 [pid 5986] <... ioctl resumed>) = 0 [pid 5986] close(3 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5986] <... close resumed>) = 0 [pid 5986] mkdir("./bus", 0777 [pid 5069] <... openat resumed>) = 3 [pid 5986] <... mkdir resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5986] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x55555613b660, 24) = 0 [pid 6034] chdir("./9") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 6034 [pid 6034] write(3, "1000", 4) = 4 [ 76.418298][ T5986] loop3: detected capacity change from 0 to 32768 [ 76.438213][ T5986] BTRFS: device /dev/loop3 using temp-fsid a9a81d03-90bf-48fb-aa9b-bb5dfdabc015 [ 76.447277][ T5986] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (5986) [pid 6034] close(3) = 0 [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] memfd_create("syzkaller", 0) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 76.550428][ T5986] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 5070] <... umount2 resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./9/bus") = 0 [pid 5066] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./9/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./9") = 0 [pid 5066] mkdir("./10", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5070] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [ 76.631755][ T5958] BTRFS info (device loop0): auto enabling async discard [ 76.640598][ T5986] BTRFS info (device loop3): doing ref verification [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... ioctl resumed>) = 0 [pid 5070] newfstatat(AT_FDCWD, "./8/bus", [pid 5066] close(3 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 6042 [pid 5070] <... openat resumed>) = 4 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6042 attached [pid 6042] set_robust_list(0x55555613b660, 24) = 0 [pid 5070] getdents64(4, [pid 6042] chdir("./10" [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5958] <... mount resumed>) = 0 [pid 5070] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [ 76.681021][ T5986] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 76.712092][ T5986] BTRFS info (device loop3): force zlib compression, level 3 [pid 5958] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] <... chdir resumed>) = 0 [pid 5958] chdir("./bus" [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5958] <... chdir resumed>) = 0 [pid 6042] <... prctl resumed>) = 0 [pid 5958] ioctl(4, LOOP_CLR_FD [pid 5070] close(4 [pid 6042] setpgid(0, 0 [pid 5958] <... ioctl resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 6042] <... setpgid resumed>) = 0 [pid 5958] close(4 [pid 5070] rmdir("./8/bus" [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5958] <... close resumed>) = 0 [pid 6042] <... openat resumed>) = 3 [pid 5958] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] <... rmdir resumed>) = 0 [pid 5958] <... openat resumed>) = 4 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs" [pid 5070] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6042] <... symlink resumed>) = 0 [ 76.729677][ T5986] BTRFS info (device loop3): allowing degraded mounts [ 76.749209][ T5986] BTRFS info (device loop3): using free space tree [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5958] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6042] memfd_create("syzkaller", 0 [pid 5070] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5958] <... write resumed>) = 65228 [pid 5070] unlink("./8/binderfs" [pid 6042] <... memfd_create resumed>) = 3 [pid 5070] <... unlink resumed>) = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5958] exit_group(0 [pid 5070] close(3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5958] <... exit_group resumed>) = ? [pid 5070] <... close resumed>) = 0 [pid 5070] rmdir("./8" [pid 6042] <... mmap resumed>) = 0x7fefd70e9000 [pid 5070] <... rmdir resumed>) = 0 [pid 5958] +++ exited with 0 +++ [pid 5070] mkdir("./9", 0777 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5070] <... mkdir resumed>) = 0 [pid 5065] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x55555613b660, 24) = 0 [pid 6055] chdir("./9") = 0 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6055] setpgid(0, 0) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6055] write(3, "1000", 4) = 4 [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 6055 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] memfd_create("syzkaller", 0) = 3 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 77.073052][ T5986] BTRFS info (device loop3): auto enabling async discard [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5986] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5986] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5986] chdir("./bus") = 0 [pid 5065] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] ioctl(4, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... ioctl resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./9/bus", [pid 5986] close(4) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5986] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5065] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5986] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 5065] rmdir("./9/bus" [pid 5986] exit_group(0) = ? [pid 5065] <... rmdir resumed>) = 0 [pid 5986] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5068] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5068] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] unlink("./9/binderfs" [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] <... unlink resumed>) = 0 [pid 5068] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./9") = 0 [pid 5065] mkdir("./10", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6061 attached [pid 6061] set_robust_list(0x55555613b660, 24) = 0 [pid 6061] chdir("./10") = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6061] setpgid(0, 0 [pid 5065] <... clone resumed>, child_tidptr=0x55555613b650) = 6061 [pid 6061] <... setpgid resumed>) = 0 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6061] write(3, "1000", 4) = 4 [pid 6061] close(3) = 0 [pid 6061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6061] memfd_create("syzkaller", 0) = 3 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6042] <... write resumed>) = 16777216 [pid 6042] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6017] <... write resumed>) = 16777216 [pid 6042] <... openat resumed>) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3 [pid 6017] munmap(0x7fefd70e9000, 138412032 [pid 6042] <... ioctl resumed>) = 0 [pid 6042] close(3) = 0 [pid 6042] mkdir("./bus", 0777) = 0 [pid 6042] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6017] <... munmap resumed>) = 0 [ 77.657630][ T6042] loop1: detected capacity change from 0 to 32768 [ 77.688470][ T6042] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (6042) [pid 6017] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./9/bus", [pid 6017] close(3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6017] <... close resumed>) = 0 [pid 5068] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6017] mkdir("./bus", 0777 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6017] <... mkdir resumed>) = 0 [pid 6017] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5068] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 77.710778][ T6017] loop2: detected capacity change from 0 to 32768 [ 77.745285][ T6042] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 6061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] rmdir("./9/bus") = 0 [pid 5068] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./9/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [ 77.758735][ T6017] BTRFS: device /dev/loop2 using temp-fsid 3be6d020-b3f7-4ff8-8372-094abe3a56ae [ 77.781468][ T6042] BTRFS info (device loop1): doing ref verification [ 77.796733][ T6017] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (6017) [pid 5068] close(3) = 0 [pid 5068] rmdir("./9") = 0 [pid 5068] mkdir("./10", 0777) = 0 [pid 6034] <... write resumed>) = 16777216 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 77.819194][ T6042] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.838308][ T6017] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 77.848336][ T6042] BTRFS info (device loop1): force zlib compression, level 3 [ 77.855824][ T6017] BTRFS info (device loop2): doing ref verification [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 6034] munmap(0x7fefd70e9000, 138412032 [pid 5068] close(3 [pid 6034] <... munmap resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached [pid 6034] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6063] set_robust_list(0x55555613b660, 24 [pid 6034] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 6063 [pid 6063] <... set_robust_list resumed>) = 0 [ 77.875201][ T6017] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.888715][ T6042] BTRFS info (device loop1): allowing degraded mounts [ 77.897378][ T6042] BTRFS info (device loop1): using free space tree [ 77.906892][ T6017] BTRFS info (device loop2): force zlib compression, level 3 [ 77.918741][ T6034] loop4: detected capacity change from 0 to 32768 [pid 6063] chdir("./10") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6034] <... ioctl resumed>) = 0 [pid 6034] close(3) = 0 [pid 6034] mkdir("./bus", 0777 [pid 6063] write(3, "1000", 4 [pid 6034] <... mkdir resumed>) = 0 [pid 6063] <... write resumed>) = 4 [pid 6034] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 77.920124][ T6017] BTRFS info (device loop2): allowing degraded mounts [ 77.944260][ T6017] BTRFS info (device loop2): using free space tree [ 77.956977][ T6034] BTRFS: device /dev/loop4 using temp-fsid 30101586-b6cd-44d3-a48e-77ee49a64d22 [ 77.989717][ T6034] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (6034) [pid 6061] <... write resumed>) = 16777216 [pid 6061] munmap(0x7fefd70e9000, 138412032 [pid 6055] <... write resumed>) = 16777216 [pid 6061] <... munmap resumed>) = 0 [ 78.079944][ T6034] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 78.108119][ T6042] BTRFS info (device loop1): auto enabling async discard [ 78.120277][ T6034] BTRFS info (device loop4): doing ref verification [pid 6055] munmap(0x7fefd70e9000, 138412032 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6055] <... munmap resumed>) = 0 [pid 6042] <... mount resumed>) = 0 [pid 6061] ioctl(4, LOOP_SET_FD, 3 [pid 6042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./bus") = 0 [pid 6042] ioctl(4, LOOP_CLR_FD) = 0 [pid 6042] close(4) = 0 [pid 6042] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6042] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [ 78.136815][ T6034] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.148941][ T6017] BTRFS info (device loop2): auto enabling async discard [ 78.162382][ T6061] loop0: detected capacity change from 0 to 32768 [pid 6063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6061] <... ioctl resumed>) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6061] close(3 [pid 6055] <... openat resumed>) = 4 [pid 6061] <... close resumed>) = 0 [pid 6055] ioctl(4, LOOP_SET_FD, 3 [pid 6061] mkdir("./bus", 0777 [pid 6055] <... ioctl resumed>) = 0 [pid 6061] <... mkdir resumed>) = 0 [pid 6055] close(3 [pid 6061] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6055] <... close resumed>) = 0 [pid 6042] exit_group(0 [pid 6055] mkdir("./bus", 0777 [pid 6042] <... exit_group resumed>) = ? [pid 6055] <... mkdir resumed>) = 0 [pid 6042] +++ exited with 0 +++ [pid 6055] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- [pid 5066] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6017] <... mount resumed>) = 0 [pid 6017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./bus") = 0 [pid 6017] ioctl(4, LOOP_CLR_FD) = 0 [pid 6017] close(4) = 0 [pid 6017] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 78.181455][ T6034] BTRFS info (device loop4): force zlib compression, level 3 [ 78.191428][ T6055] loop5: detected capacity change from 0 to 32768 [ 78.203748][ T6061] BTRFS: device /dev/loop0 using temp-fsid 768104d0-c362-4a51-8f1a-3109a8b1c4aa [pid 6017] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6017] exit_group(0) = ? [pid 6017] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 5067] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 78.240758][ T6034] BTRFS info (device loop4): allowing degraded mounts [ 78.247682][ T6034] BTRFS info (device loop4): using free space tree [ 78.268135][ T6061] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (6061) [ 78.318327][ T6055] BTRFS: device /dev/loop5 using temp-fsid 1addde62-b8ca-49e7-979a-2fa94986b167 [pid 5067] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6063] <... write resumed>) = 16777216 [ 78.384739][ T6061] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.394249][ T6055] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (6055) [pid 6063] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 78.428105][ T6061] BTRFS info (device loop0): doing ref verification [ 78.434739][ T6061] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.486559][ T6061] BTRFS info (device loop0): force zlib compression, level 3 [ 78.490201][ T6055] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 78.494325][ T6061] BTRFS info (device loop0): allowing degraded mounts [ 78.510445][ T6063] loop3: detected capacity change from 0 to 32768 [ 78.522059][ T6061] BTRFS info (device loop0): using free space tree [pid 5066] newfstatat(AT_FDCWD, "./10/bus", [pid 6063] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6063] mkdir("./bus", 0777 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 6063] <... mkdir resumed>) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./10/bus") = 0 [pid 5066] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./10/binderfs", [pid 6063] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 78.531943][ T6055] BTRFS info (device loop5): doing ref verification [ 78.540175][ T6055] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.552682][ T6055] BTRFS info (device loop5): force zlib compression, level 3 [ 78.562478][ T6055] BTRFS info (device loop5): allowing degraded mounts [ 78.566324][ T6034] BTRFS info (device loop4): auto enabling async discard [ 78.570116][ T6055] BTRFS info (device loop5): using free space tree [pid 5066] unlink("./10/binderfs") = 0 [pid 5066] getdents64(3, [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 6034] <... mount resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 6034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5067] newfstatat(AT_FDCWD, "./9/bus", [pid 5066] rmdir("./10" [pid 6034] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5067] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6034] chdir("./bus" [pid 5066] mkdir("./11", 0777 [pid 6034] <... chdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... mkdir resumed>) = 0 [pid 6034] ioctl(4, LOOP_CLR_FD [pid 5067] <... openat resumed>) = 4 [pid 6034] <... ioctl resumed>) = 0 [pid 5067] newfstatat(4, "", [pid 6034] close(4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] getdents64(4, [pid 5066] <... openat resumed>) = 3 [pid 6034] <... close resumed>) = 0 [ 78.586094][ T6063] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (6063) [pid 6034] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5067] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 6034] <... openat resumed>) = 4 [pid 5067] getdents64(4, [pid 5066] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5067] close(4 [pid 5066] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] rmdir("./9/bus"./strace-static-x86_64: Process 6135 attached ) = 0 [pid 6034] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5067] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 6135 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./9/binderfs", [pid 6034] <... write resumed>) = 65228 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./9/binderfs" [pid 6034] exit_group(0 [pid 5067] <... unlink resumed>) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 6135] set_robust_list(0x55555613b660, 24 [pid 6034] <... exit_group resumed>) = ? [pid 5067] close(3 [pid 6135] <... set_robust_list resumed>) = 0 [pid 6034] +++ exited with 0 +++ [pid 5067] <... close resumed>) = 0 [ 78.647816][ T6063] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [pid 6135] chdir("./11" [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] rmdir("./9" [pid 6135] <... chdir resumed>) = 0 [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5067] <... rmdir resumed>) = 0 [pid 6135] <... prctl resumed>) = 0 [pid 5069] <... restart_syscall resumed>) = 0 [pid 5067] mkdir("./10", 0777) = 0 [pid 6135] setpgid(0, 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6135] <... setpgid resumed>) = 0 [pid 5069] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 3 [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5069] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5067] close(3) = 0 [pid 6135] <... openat resumed>) = 3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6135] write(3, "1000", 4) = 4 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 6141 ./strace-static-x86_64: Process 6141 attached [pid 6135] close(3 [pid 5069] getdents64(3, [pid 6141] set_robust_list(0x55555613b660, 24 [pid 6135] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 6141] <... set_robust_list resumed>) = 0 [pid 6135] symlink("/dev/binderfs", "./binderfs" [pid 5069] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6141] chdir("./10" [pid 6135] <... symlink resumed>) = 0 [pid 6141] <... chdir resumed>) = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 78.730917][ T6063] BTRFS info (device loop3): doing ref verification [ 78.737541][ T6063] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.757007][ T6061] BTRFS info (device loop0): auto enabling async discard [pid 6135] memfd_create("syzkaller", 0 [pid 6141] setpgid(0, 0 [pid 6135] <... memfd_create resumed>) = 3 [pid 6141] <... setpgid resumed>) = 0 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6061] <... mount resumed>) = 0 [pid 6061] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6061] chdir("./bus") = 0 [pid 6061] ioctl(4, LOOP_CLR_FD) = 0 [pid 6061] close(4) = 0 [pid 6141] <... openat resumed>) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 6061] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6141] close(3) = 0 [pid 6061] <... openat resumed>) = 4 [pid 6141] symlink("/dev/binderfs", "./binderfs" [pid 6061] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6141] <... symlink resumed>) = 0 [pid 6061] <... write resumed>) = 65228 [pid 6141] memfd_create("syzkaller", 0 [pid 6061] exit_group(0 [pid 6141] <... memfd_create resumed>) = 3 [pid 6061] <... exit_group resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6061, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6141] <... mmap resumed>) = 0x7fefd70e9000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 78.790755][ T6055] BTRFS info (device loop5): auto enabling async discard [ 78.822195][ T6063] BTRFS info (device loop3): force zlib compression, level 3 [pid 5065] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6055] <... mount resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 6055] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 6055] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] chdir("./bus") = 0 [pid 6055] ioctl(4, LOOP_CLR_FD) = 0 [pid 6055] close(4) = 0 [ 78.863914][ T6063] BTRFS info (device loop3): allowing degraded mounts [ 78.900359][ T6063] BTRFS info (device loop3): using free space tree [pid 6055] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6055] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6055] exit_group(0) = ? [pid 6055] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5069] <... umount2 resumed>) = 0 [pid 5070] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./9/bus") = 0 [pid 5069] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./9/binderfs") = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./9" [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./10", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 6135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6160 attached [pid 6160] set_robust_list(0x55555613b660, 24) = 0 [pid 6160] chdir("./10") = 0 [pid 6160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6160] setpgid(0, 0) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 6160 [pid 6160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] <... umount2 resumed>) = 0 [pid 6160] write(3, "1000", 4) = 4 [pid 6160] close(3 [pid 5065] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./10/bus", [pid 6160] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6160] symlink("/dev/binderfs", "./binderfs" [pid 5065] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6160] <... symlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [ 79.239857][ T6063] BTRFS info (device loop3): auto enabling async discard [pid 6160] memfd_create("syzkaller", 0 [pid 5065] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 6160] <... memfd_create resumed>) = 3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5065] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./10/bus") = 0 [pid 5065] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./10/binderfs") = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./10") = 0 [pid 5065] mkdir("./11", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6163 ./strace-static-x86_64: Process 6163 attached [pid 6163] set_robust_list(0x55555613b660, 24) = 0 [pid 6163] chdir("./11") = 0 [pid 6163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6163] setpgid(0, 0) = 0 [pid 6163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6163] write(3, "1000", 4) = 4 [pid 6163] close(3) = 0 [pid 6163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6163] memfd_create("syzkaller", 0 [pid 6063] <... mount resumed>) = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] <... memfd_create resumed>) = 3 [pid 6063] chdir("./bus" [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6063] <... chdir resumed>) = 0 [pid 6163] <... mmap resumed>) = 0x7fefd70e9000 [pid 6063] ioctl(4, LOOP_CLR_FD) = 0 [pid 6063] close(4) = 0 [pid 6063] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6063] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6063] exit_group(0) = ? [pid 6063] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- [pid 5068] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5068] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./9/bus") = 0 [pid 5070] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./9/binderfs") = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 6135] <... write resumed>) = 16777216 [pid 5070] close(3 [pid 6135] munmap(0x7fefd70e9000, 138412032 [pid 5070] <... close resumed>) = 0 [pid 6135] <... munmap resumed>) = 0 [pid 5070] rmdir("./9") = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5070] mkdir("./10", 0777 [pid 6135] <... openat resumed>) = 4 [pid 5070] <... mkdir resumed>) = 0 [pid 6135] ioctl(4, LOOP_SET_FD, 3 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6165 attached , child_tidptr=0x55555613b650) = 6165 [pid 6165] set_robust_list(0x55555613b660, 24 [pid 6135] <... ioctl resumed>) = 0 [pid 6165] <... set_robust_list resumed>) = 0 [pid 6135] close(3 [pid 6165] chdir("./10" [pid 6135] <... close resumed>) = 0 [pid 6135] mkdir("./bus", 0777) = 0 [ 79.634448][ T6135] loop1: detected capacity change from 0 to 32768 [pid 6165] <... chdir resumed>) = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6135] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6165] <... prctl resumed>) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6165] write(3, "1000", 4) = 4 [pid 6165] close(3) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs") = 0 [ 79.738464][ T6135] BTRFS: device /dev/loop1 using temp-fsid c4cf569d-ad59-4fb5-a898-5e326d595603 [pid 6165] memfd_create("syzkaller", 0) = 3 [pid 6165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 79.786301][ T6135] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (6135) [pid 6160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6141] <... write resumed>) = 16777216 [ 79.892554][ T6135] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [pid 6141] munmap(0x7fefd70e9000, 138412032) = 0 [ 79.948419][ T6135] BTRFS info (device loop1): doing ref verification [ 79.955120][ T6135] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 6141] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6141] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [ 79.998142][ T6135] BTRFS info (device loop1): force zlib compression, level 3 [ 80.005534][ T6135] BTRFS info (device loop1): allowing degraded mounts [ 80.031361][ T6141] loop2: detected capacity change from 0 to 32768 [pid 5068] rmdir("./10/bus" [pid 6141] <... ioctl resumed>) = 0 [pid 6141] close(3) = 0 [pid 6141] mkdir("./bus", 0777 [pid 5068] <... rmdir resumed>) = 0 [pid 6141] <... mkdir resumed>) = 0 [pid 5068] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6141] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./10/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./10") = 0 [ 80.074144][ T6135] BTRFS info (device loop1): using free space tree [ 80.097259][ T6141] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (6141) [pid 5068] mkdir("./11", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6172 ./strace-static-x86_64: Process 6172 attached [pid 6172] set_robust_list(0x55555613b660, 24) = 0 [pid 6172] chdir("./11") = 0 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6172] <... openat resumed>) = 3 [pid 6172] write(3, "1000", 4) = 4 [pid 6172] close(3) = 0 [pid 6172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6172] memfd_create("syzkaller", 0) = 3 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 80.241311][ T6141] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 80.322186][ T6141] BTRFS info (device loop2): doing ref verification [ 80.357844][ T6135] BTRFS info (device loop1): auto enabling async discard [ 80.366105][ T6141] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 6160] <... write resumed>) = 16777216 [pid 6160] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6160] ioctl(4, LOOP_SET_FD, 3 [pid 6135] <... mount resumed>) = 0 [pid 6135] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6135] chdir("./bus") = 0 [pid 6135] ioctl(4, LOOP_CLR_FD) = 0 [pid 6135] close(4) = 0 [pid 6135] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6135] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6135] exit_group(0) = ? [pid 6160] <... ioctl resumed>) = 0 [pid 6135] +++ exited with 0 +++ [pid 6160] close(3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6135, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 6160] <... close resumed>) = 0 [pid 5066] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6160] mkdir("./bus", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6160] <... mkdir resumed>) = 0 [ 80.445275][ T6141] BTRFS info (device loop2): force zlib compression, level 3 [ 80.453339][ T6141] BTRFS info (device loop2): allowing degraded mounts [ 80.463734][ T6141] BTRFS info (device loop2): using free space tree [ 80.471186][ T6160] loop4: detected capacity change from 0 to 32768 [pid 6160] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6163] <... write resumed>) = 16777216 [ 80.520277][ T6160] BTRFS: device /dev/loop4 using temp-fsid df64682e-7088-4456-b288-2275866e1ff0 [ 80.545270][ T6160] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (6160) [pid 6163] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6163] <... openat resumed>) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = 0 [pid 6163] <... ioctl resumed>) = 0 [pid 5066] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6163] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./11/bus", [pid 6163] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6163] mkdir("./bus", 0777 [pid 5066] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6163] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [ 80.633706][ T6160] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 80.660627][ T6163] loop0: detected capacity change from 0 to 32768 [ 80.675699][ T6160] BTRFS info (device loop4): doing ref verification [pid 5066] rmdir("./11/bus" [pid 6163] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5066] <... rmdir resumed>) = 0 [pid 5066] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./11/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./11") = 0 [pid 5066] mkdir("./12", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6199 [ 80.709537][ T6160] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.731321][ T6141] BTRFS info (device loop2): auto enabling async discard [ 80.731358][ T6163] BTRFS: device /dev/loop0 using temp-fsid 734c89c1-aaa6-49d3-a7f6-3ba578fe6fdf [ 80.739343][ T6160] BTRFS info (device loop4): force zlib compression, level 3 ./strace-static-x86_64: Process 6199 attached [pid 6141] <... mount resumed>) = 0 [pid 6141] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6199] set_robust_list(0x55555613b660, 24 [pid 6141] <... openat resumed>) = 3 [pid 6199] <... set_robust_list resumed>) = 0 [pid 6141] chdir("./bus") = 0 [pid 6199] chdir("./12" [pid 6141] ioctl(4, LOOP_CLR_FD) = 0 [pid 6141] close(4) = 0 [pid 6141] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6199] <... chdir resumed>) = 0 [pid 6141] <... openat resumed>) = 4 [pid 6199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6199] setpgid(0, 0) = 0 [pid 6141] <... write resumed>) = 65228 [pid 6199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6141] exit_group(0 [pid 6199] <... openat resumed>) = 3 [pid 6141] <... exit_group resumed>) = ? [pid 6199] write(3, "1000", 4) = 4 [pid 6199] close(3) = 0 [pid 6199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 5067] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.756214][ T6160] BTRFS info (device loop4): allowing degraded mounts [ 80.770171][ T6163] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (6163) [pid 6199] memfd_create("syzkaller", 0 [pid 5067] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6199] <... memfd_create resumed>) = 3 [pid 5067] <... openat resumed>) = 3 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6165] <... write resumed>) = 16777216 [ 80.808479][ T6163] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.817354][ T6163] BTRFS info (device loop0): doing ref verification [ 80.828846][ T6160] BTRFS info (device loop4): using free space tree [ 80.838244][ T6163] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 6165] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6165] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6165] close(3) = 0 [pid 6165] mkdir("./bus", 0777) = 0 [ 80.875995][ T6163] BTRFS info (device loop0): force zlib compression, level 3 [ 80.899988][ T6165] loop5: detected capacity change from 0 to 32768 [ 80.908860][ T6163] BTRFS info (device loop0): allowing degraded mounts [ 80.916281][ T6163] BTRFS info (device loop0): using free space tree [ 80.963759][ T6165] BTRFS: device /dev/loop5 using temp-fsid 16d7ccbd-9ca7-4543-824b-fe7cc11cadfa [pid 6165] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 81.021177][ T6165] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (6165) [pid 6199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6172] <... write resumed>) = 16777216 [pid 6172] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] close(3) = 0 [pid 6172] mkdir("./bus", 0777) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6172] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [ 81.101143][ T6172] loop3: detected capacity change from 0 to 32768 [ 81.110709][ T6165] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 81.132947][ T6165] BTRFS info (device loop5): doing ref verification [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./10/bus") = 0 [pid 5067] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./10/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./10") = 0 [pid 5067] mkdir("./11", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6231 ./strace-static-x86_64: Process 6231 attached [ 81.140569][ T6172] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (6172) [ 81.159823][ T6165] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.162421][ T6163] BTRFS info (device loop0): auto enabling async discard [ 81.180349][ T6160] BTRFS info (device loop4): auto enabling async discard [pid 6231] set_robust_list(0x55555613b660, 24) = 0 [pid 6231] chdir("./11") = 0 [pid 6231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6231] setpgid(0, 0) = 0 [pid 6231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6231] write(3, "1000", 4) = 4 [pid 6231] close(3) = 0 [pid 6231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6231] memfd_create("syzkaller", 0) = 3 [pid 6231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6160] <... mount resumed>) = 0 [pid 6160] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6160] chdir("./bus") = 0 [ 81.205938][ T6165] BTRFS info (device loop5): force zlib compression, level 3 [ 81.229805][ T6172] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 81.238771][ T6165] BTRFS info (device loop5): allowing degraded mounts [pid 6160] ioctl(4, LOOP_CLR_FD [pid 6163] <... mount resumed>) = 0 [pid 6163] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6160] <... ioctl resumed>) = 0 [pid 6163] <... openat resumed>) = 3 [pid 6160] close(4) = 0 [ 81.254355][ T6165] BTRFS info (device loop5): using free space tree [pid 6160] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6163] chdir("./bus" [pid 6160] <... openat resumed>) = 4 [pid 6163] <... chdir resumed>) = 0 [pid 6163] ioctl(4, LOOP_CLR_FD) = 0 [pid 6160] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6163] close(4) = 0 [pid 6160] <... write resumed>) = 65228 [pid 6163] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6160] exit_group(0 [pid 6163] <... openat resumed>) = 4 [pid 6160] <... exit_group resumed>) = ? [pid 6160] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6160, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 6163] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5069] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6163] <... write resumed>) = 65228 [ 81.288149][ T6172] BTRFS info (device loop3): doing ref verification [ 81.294916][ T6172] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.351530][ T6172] BTRFS info (device loop3): force zlib compression, level 3 [pid 6163] exit_group(0) = ? [pid 6163] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6163, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- [pid 5065] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 81.438594][ T6172] BTRFS info (device loop3): allowing degraded mounts [ 81.445453][ T6172] BTRFS info (device loop3): using free space tree [pid 5065] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6199] <... write resumed>) = 16777216 [ 81.578110][ T6165] BTRFS info (device loop5): auto enabling async discard [pid 6199] munmap(0x7fefd70e9000, 138412032 [pid 6165] <... mount resumed>) = 0 [pid 6165] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6165] chdir("./bus") = 0 [pid 6165] ioctl(4, LOOP_CLR_FD) = 0 [pid 6165] close(4) = 0 [pid 6165] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6199] <... munmap resumed>) = 0 [pid 6165] <... openat resumed>) = 4 [pid 6199] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6199] ioctl(4, LOOP_SET_FD, 3 [pid 6165] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6165] exit_group(0) = ? [pid 6165] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5070] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5070] <... openat resumed>) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6199] <... ioctl resumed>) = 0 [pid 6199] close(3 [pid 5069] <... openat resumed>) = 4 [pid 6199] <... close resumed>) = 0 [ 81.673602][ T6199] loop1: detected capacity change from 0 to 32768 [ 81.708466][ T6172] BTRFS info (device loop3): auto enabling async discard [pid 6199] mkdir("./bus", 0777) = 0 [pid 5069] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] newfstatat(AT_FDCWD, "./11/bus", [pid 5069] getdents64(4, [pid 6199] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5069] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] close(4) = 0 [pid 5065] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] rmdir("./10/bus" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... rmdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(4, "", [pid 5069] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] unlink("./10/binderfs" [pid 5065] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] <... unlink resumed>) = 0 [pid 5065] getdents64(4, [pid 5069] getdents64(3, [pid 6172] <... mount resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 6172] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6172] chdir("./bus") = 0 [pid 6172] ioctl(4, LOOP_CLR_FD) = 0 [pid 6172] close(4) = 0 [pid 5065] close(4 [pid 6172] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5069] close(3 [pid 5065] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5065] rmdir("./11/bus" [pid 5069] rmdir("./10" [pid 6172] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5069] <... rmdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5069] mkdir("./11", 0777 [ 81.762910][ T6199] BTRFS: device /dev/loop1 using temp-fsid c0e85c94-84d3-4e56-969b-ffe41328ee58 [pid 5065] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6172] <... write resumed>) = 65228 [pid 5069] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./11/binderfs", [pid 6172] exit_group(0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5065] unlink("./11/binderfs" [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] <... unlink resumed>) = 0 [pid 6172] <... exit_group resumed>) = ? [pid 5069] close(3 [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 6172] +++ exited with 0 +++ [pid 5069] <... close resumed>) = 0 [pid 5065] close(3 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... close resumed>) = 0 [pid 5068] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5068] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./11"./strace-static-x86_64: Process 6264 attached [pid 6264] set_robust_list(0x55555613b660, 24 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 6264 [pid 5065] <... rmdir resumed>) = 0 [pid 6264] <... set_robust_list resumed>) = 0 [pid 5065] mkdir("./12", 0777 [pid 6264] chdir("./11" [pid 5065] <... mkdir resumed>) = 0 [pid 6264] <... chdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6264] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... openat resumed>) = 3 [pid 6264] <... prctl resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 6264] setpgid(0, 0 [pid 5065] <... ioctl resumed>) = 0 [pid 6264] <... setpgid resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6265 attached , child_tidptr=0x55555613b650) = 6265 [ 81.832719][ T6199] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (6199) [pid 6265] set_robust_list(0x55555613b660, 24) = 0 [pid 6264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6265] chdir("./12" [pid 6264] <... openat resumed>) = 3 [pid 6265] <... chdir resumed>) = 0 [pid 6264] write(3, "1000", 4 [pid 6265] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6264] <... write resumed>) = 4 [pid 6264] close(3 [pid 6265] <... prctl resumed>) = 0 [pid 6264] <... close resumed>) = 0 [pid 6264] symlink("/dev/binderfs", "./binderfs" [pid 6265] setpgid(0, 0 [pid 6264] <... symlink resumed>) = 0 [ 81.929265][ T6199] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 81.937990][ T6199] BTRFS info (device loop1): doing ref verification [pid 6264] memfd_create("syzkaller", 0 [pid 6265] <... setpgid resumed>) = 0 [pid 6264] <... memfd_create resumed>) = 3 [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] newfstatat(4, "", [pid 6265] <... openat resumed>) = 3 [pid 6264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6265] write(3, "1000", 4 [pid 6264] <... mmap resumed>) = 0x7fefd70e9000 [pid 6265] <... write resumed>) = 4 [pid 6265] close(3 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 6265] <... close resumed>) = 0 [pid 5070] getdents64(4, [pid 6265] symlink("/dev/binderfs", "./binderfs" [pid 5070] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./10/bus") = 0 [pid 6265] <... symlink resumed>) = 0 [pid 5070] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./10/binderfs") = 0 [ 81.975649][ T6199] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5070] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./10") = 0 [pid 6265] memfd_create("syzkaller", 0 [pid 5070] mkdir("./11", 0777 [pid 6265] <... memfd_create resumed>) = 3 [pid 6265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5070] <... mkdir resumed>) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [ 82.021320][ T6199] BTRFS info (device loop1): force zlib compression, level 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6268 ./strace-static-x86_64: Process 6268 attached [pid 6268] set_robust_list(0x55555613b660, 24) = 0 [ 82.075312][ T6199] BTRFS info (device loop1): allowing degraded mounts [pid 6268] chdir("./11" [pid 5068] <... umount2 resumed>) = 0 [pid 6268] <... chdir resumed>) = 0 [pid 5068] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./11/bus", [pid 6268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6268] setpgid(0, 0 [pid 5068] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6268] <... setpgid resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6268] <... openat resumed>) = 3 [pid 5068] getdents64(4, [pid 6268] write(3, "1000", 4 [pid 5068] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 6268] <... write resumed>) = 4 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [ 82.128079][ T6199] BTRFS info (device loop1): using free space tree [pid 6268] close(3) = 0 [pid 5068] close(4) = 0 [pid 6268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] rmdir("./11/bus") = 0 [pid 6268] memfd_create("syzkaller", 0 [pid 5068] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6268] <... memfd_create resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6268] <... mmap resumed>) = 0x7fefd70e9000 [pid 5068] unlink("./11/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./11") = 0 [pid 5068] mkdir("./12", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6275 attached , child_tidptr=0x55555613b650) = 6275 [pid 6275] set_robust_list(0x55555613b660, 24) = 0 [pid 6275] chdir("./12") = 0 [pid 6275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6275] setpgid(0, 0) = 0 [pid 6275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6275] write(3, "1000", 4) = 4 [pid 6275] close(3) = 0 [pid 6275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6275] memfd_create("syzkaller", 0) = 3 [pid 6275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6231] <... write resumed>) = 16777216 [pid 6231] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6231] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 82.399326][ T6199] BTRFS info (device loop1): auto enabling async discard [pid 6231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6231] close(3) = 0 [pid 6199] <... mount resumed>) = 0 [pid 6231] mkdir("./bus", 0777) = 0 [pid 6199] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6231] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6199] <... openat resumed>) = 3 [pid 6199] chdir("./bus") = 0 [pid 6199] ioctl(4, LOOP_CLR_FD) = 0 [pid 6199] close(4) = 0 [pid 6264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6199] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6199] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [ 82.451537][ T6231] loop2: detected capacity change from 0 to 32768 [ 82.469825][ T6231] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (6231) [pid 6199] exit_group(0) = ? [pid 6199] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6199, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- [pid 5066] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 82.551943][ T6231] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 82.591998][ T6231] BTRFS info (device loop2): doing ref verification [pid 5066] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 82.622130][ T6231] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.661767][ T6231] BTRFS info (device loop2): force zlib compression, level 3 [ 82.718097][ T6231] BTRFS info (device loop2): allowing degraded mounts [ 82.750197][ T6231] BTRFS info (device loop2): using free space tree [pid 6275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./12/bus") = 0 [pid 5066] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./12/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./12") = 0 [pid 5066] mkdir("./13", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6268] <... write resumed>) = 16777216 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 83.014430][ T6231] BTRFS info (device loop2): auto enabling async discard [pid 5066] close(3 [pid 6268] munmap(0x7fefd70e9000, 138412032 [pid 6231] <... mount resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 6231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6231] <... openat resumed>) = 3 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 6301 [pid 6231] chdir("./bus" [pid 6268] <... munmap resumed>) = 0 [pid 6231] <... chdir resumed>) = 0 [pid 6268] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6231] ioctl(4, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 6301 attached [pid 6268] <... openat resumed>) = 4 [pid 6265] <... write resumed>) = 16777216 [pid 6264] <... write resumed>) = 16777216 [pid 6231] close(4 [pid 6301] set_robust_list(0x55555613b660, 24 [pid 6268] ioctl(4, LOOP_SET_FD, 3 [pid 6264] munmap(0x7fefd70e9000, 138412032 [pid 6231] <... close resumed>) = 0 [pid 6301] <... set_robust_list resumed>) = 0 [pid 6301] chdir("./13") = 0 [pid 6268] <... ioctl resumed>) = 0 [pid 6231] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6265] munmap(0x7fefd70e9000, 138412032 [pid 6301] <... prctl resumed>) = 0 [pid 6268] close(3 [pid 6264] <... munmap resumed>) = 0 [pid 6231] <... openat resumed>) = 4 [pid 6268] <... close resumed>) = 0 [pid 6268] mkdir("./bus", 0777 [pid 6301] setpgid(0, 0 [pid 6268] <... mkdir resumed>) = 0 [ 83.108437][ T6268] loop5: detected capacity change from 0 to 32768 [ 83.145654][ T6268] BTRFS: device /dev/loop5 using temp-fsid f3bcc869-f7e9-46d0-9511-8e305cf2c4ae [pid 6268] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6301] <... setpgid resumed>) = 0 [pid 6265] <... munmap resumed>) = 0 [pid 6264] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6231] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6301] write(3, "1000", 4 [pid 6265] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6301] <... write resumed>) = 4 [pid 6265] <... openat resumed>) = 4 [pid 6301] close(3 [pid 6265] ioctl(4, LOOP_SET_FD, 3 [pid 6301] <... close resumed>) = 0 [pid 6264] <... openat resumed>) = 4 [pid 6231] <... write resumed>) = 65228 [pid 6264] ioctl(4, LOOP_SET_FD, 3 [pid 6301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6301] memfd_create("syzkaller", 0) = 3 [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6264] <... ioctl resumed>) = 0 [pid 6231] exit_group(0 [pid 6264] close(3 [pid 6231] <... exit_group resumed>) = ? [pid 6264] <... close resumed>) = 0 [pid 6264] mkdir("./bus", 0777 [pid 6231] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6231, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- [pid 6264] <... mkdir resumed>) = 0 [pid 6264] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 83.149740][ T6265] loop0: detected capacity change from 0 to 32768 [ 83.162047][ T6264] loop4: detected capacity change from 0 to 32768 [ 83.178113][ T6268] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (6268) [pid 6265] <... ioctl resumed>) = 0 [pid 6265] close(3) = 0 [pid 6265] mkdir("./bus", 0777) = 0 [pid 6265] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 83.208334][ T6264] BTRFS: device /dev/loop4 using temp-fsid 43466ff4-6cca-43b9-8c87-d150a3383096 [ 83.232264][ T6268] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 83.258105][ T6268] BTRFS info (device loop5): doing ref verification [ 83.264890][ T6264] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (6264) [ 83.273392][ T6268] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.303638][ T6268] BTRFS info (device loop5): force zlib compression, level 3 [ 83.329116][ T6268] BTRFS info (device loop5): allowing degraded mounts [ 83.336517][ T6268] BTRFS info (device loop5): using free space tree [ 83.344259][ T6264] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [pid 5067] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6275] <... write resumed>) = 16777216 [pid 6301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6275] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6275] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 83.363895][ T6265] BTRFS: device /dev/loop0 using temp-fsid 18e566e9-a8ca-459d-a05e-8b7a3aed10af [ 83.385038][ T6264] BTRFS info (device loop4): doing ref verification [pid 6275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6275] close(3) = 0 [pid 6275] mkdir("./bus", 0777) = 0 [ 83.408114][ T6264] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.408978][ T6275] loop3: detected capacity change from 0 to 32768 [ 83.429761][ T6264] BTRFS info (device loop4): force zlib compression, level 3 [ 83.435698][ T6265] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (6265) [ 83.448113][ T6264] BTRFS info (device loop4): allowing degraded mounts [ 83.456913][ T6264] BTRFS info (device loop4): using free space tree [pid 6275] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [ 83.489244][ T6265] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.511238][ T6275] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (6275) [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./11/bus") = 0 [ 83.538003][ T6265] BTRFS info (device loop0): doing ref verification [ 83.544715][ T6265] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.568184][ T6265] BTRFS info (device loop0): force zlib compression, level 3 [ 83.576178][ T6265] BTRFS info (device loop0): allowing degraded mounts [pid 5067] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./11/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./11") = 0 [pid 5067] mkdir("./12", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6331 ./strace-static-x86_64: Process 6331 attached [pid 6301] <... write resumed>) = 16777216 [pid 6331] set_robust_list(0x55555613b660, 24) = 0 [ 83.583121][ T6275] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 83.607243][ T6268] BTRFS info (device loop5): auto enabling async discard [ 83.623735][ T6275] BTRFS info (device loop3): doing ref verification [ 83.626706][ T6264] BTRFS info (device loop4): auto enabling async discard [pid 6331] chdir("./12") = 0 [pid 6301] munmap(0x7fefd70e9000, 138412032 [pid 6268] <... mount resumed>) = 0 [pid 6331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6331] setpgid(0, 0) = 0 [pid 6268] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6268] <... openat resumed>) = 3 [pid 6331] <... openat resumed>) = 3 [pid 6268] chdir("./bus" [pid 6331] write(3, "1000", 4 [pid 6268] <... chdir resumed>) = 0 [pid 6331] <... write resumed>) = 4 [pid 6268] ioctl(4, LOOP_CLR_FD [pid 6331] close(3 [pid 6268] <... ioctl resumed>) = 0 [pid 6331] <... close resumed>) = 0 [pid 6268] close(4 [pid 6331] symlink("/dev/binderfs", "./binderfs" [pid 6301] <... munmap resumed>) = 0 [pid 6268] <... close resumed>) = 0 [pid 6331] <... symlink resumed>) = 0 [pid 6268] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6331] memfd_create("syzkaller", 0 [pid 6268] <... openat resumed>) = 4 [pid 6331] <... memfd_create resumed>) = 3 [pid 6301] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6264] <... mount resumed>) = 0 [pid 6331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6264] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6331] <... mmap resumed>) = 0x7fefd70e9000 [pid 6264] <... openat resumed>) = 3 [pid 6301] <... openat resumed>) = 4 [pid 6268] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6264] chdir("./bus" [pid 6301] ioctl(4, LOOP_SET_FD, 3 [pid 6268] <... write resumed>) = 65228 [pid 6264] <... chdir resumed>) = 0 [pid 6301] <... ioctl resumed>) = 0 [pid 6268] exit_group(0 [pid 6264] ioctl(4, LOOP_CLR_FD [pid 6268] <... exit_group resumed>) = ? [pid 6264] <... ioctl resumed>) = 0 [pid 6268] +++ exited with 0 +++ [pid 6264] close(4) = 0 [pid 6264] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6268, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- [pid 6264] <... openat resumed>) = 4 [pid 5070] restart_syscall(<... resuming interrupted clone ...> [pid 6264] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] <... restart_syscall resumed>) = 0 [pid 6264] <... write resumed>) = 65228 [pid 6301] close(3) = 0 [pid 5070] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6301] mkdir("./bus", 0777 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6301] <... mkdir resumed>) = 0 [pid 5070] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 6301] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6264] exit_group(0 [pid 5070] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6264] <... exit_group resumed>) = ? [pid 6264] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6264, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [ 83.633242][ T6265] BTRFS info (device loop0): using free space tree [ 83.653699][ T6275] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.665249][ T6275] BTRFS info (device loop3): force zlib compression, level 3 [ 83.678793][ T6301] loop1: detected capacity change from 0 to 32768 [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 83.720097][ T6301] BTRFS: device /dev/loop1 using temp-fsid 40a9d2c2-ef1b-49d9-ab31-7a1d147dfc30 [ 83.756399][ T6275] BTRFS info (device loop3): allowing degraded mounts [pid 5069] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 83.763821][ T6301] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (6301) [ 83.786469][ T6275] BTRFS info (device loop3): using free space tree [ 83.841914][ T6301] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 83.878739][ T6301] BTRFS info (device loop1): doing ref verification [ 83.908532][ T6301] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.928291][ T6265] BTRFS info (device loop0): auto enabling async discard [pid 5069] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6265] <... mount resumed>) = 0 [pid 6265] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] <... umount2 resumed>) = 0 [pid 6265] chdir("./bus") = 0 [pid 6265] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./11/bus", [pid 6265] close(4 [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 6265] <... close resumed>) = 0 [ 83.961843][ T6301] BTRFS info (device loop1): force zlib compression, level 3 [ 83.969368][ T6301] BTRFS info (device loop1): allowing degraded mounts [ 83.976266][ T6301] BTRFS info (device loop1): using free space tree [pid 6265] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5070] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6265] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5070] <... openat resumed>) = 4 [pid 5069] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6265] <... write resumed>) = 65228 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", [pid 6265] exit_group(0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6265] <... exit_group resumed>) = ? [pid 5070] newfstatat(4, "", [pid 5069] getdents64(4, [pid 6265] +++ exited with 0 +++ [pid 5070] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6265, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5069] close(4 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5070] getdents64(4, [pid 5069] <... close resumed>) = 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 5070] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] rmdir("./11/bus" [pid 5070] getdents64(4, [pid 5069] <... rmdir resumed>) = 0 [pid 5070] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... close resumed>) = 0 [pid 5069] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 5069] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5065] newfstatat(3, "", [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] unlink("./11/binderfs" [pid 5065] getdents64(3, [pid 5069] <... unlink resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] getdents64(3, [pid 5065] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5070] rmdir("./11/bus" [pid 5069] <... close resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [ 84.063284][ T6275] BTRFS info (device loop3): auto enabling async discard [pid 5069] rmdir("./11") = 0 [pid 5070] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./11/binderfs") = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] mkdir("./12", 0777 [pid 5070] close(3 [pid 5069] <... mkdir resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5070] rmdir("./11" [pid 5069] <... openat resumed>) = 3 [pid 5070] <... rmdir resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5070] mkdir("./12", 0777 [pid 5069] <... ioctl resumed>) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR./strace-static-x86_64: Process 6380 attached ) = 3 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 6380 [pid 6380] set_robust_list(0x55555613b660, 24) = 0 [pid 6380] chdir("./12") = 0 [pid 6380] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] ioctl(3, LOOP_CLR_FD [pid 6380] <... prctl resumed>) = 0 [pid 6380] setpgid(0, 0 [pid 6331] <... write resumed>) = 16777216 [pid 5070] <... ioctl resumed>) = 0 [pid 6380] <... setpgid resumed>) = 0 [pid 6331] munmap(0x7fefd70e9000, 138412032 [pid 6380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6331] <... munmap resumed>) = 0 [pid 5070] close(3 [pid 6380] <... openat resumed>) = 3 [pid 6331] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5070] <... close resumed>) = 0 [pid 6380] write(3, "1000", 4 [pid 6331] <... openat resumed>) = 4 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6380] <... write resumed>) = 4 [pid 6331] ioctl(4, LOOP_SET_FD, 3 [pid 6380] close(3./strace-static-x86_64: Process 6382 attached [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 6382 [pid 6382] set_robust_list(0x55555613b660, 24) = 0 [pid 6380] <... close resumed>) = 0 [pid 6380] symlink("/dev/binderfs", "./binderfs" [pid 6331] <... ioctl resumed>) = 0 [pid 6380] <... symlink resumed>) = 0 [pid 6331] close(3 [pid 6380] memfd_create("syzkaller", 0 [pid 6331] <... close resumed>) = 0 [pid 6382] chdir("./12" [pid 6380] <... memfd_create resumed>) = 3 [pid 6331] mkdir("./bus", 0777 [pid 6275] <... mount resumed>) = 0 [pid 6382] <... chdir resumed>) = 0 [pid 6380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6331] <... mkdir resumed>) = 0 [pid 6301] <... mount resumed>) = 0 [pid 6275] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6382] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6380] <... mmap resumed>) = 0x7fefd70e9000 [pid 6331] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6301] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6275] <... openat resumed>) = 3 [pid 6382] <... prctl resumed>) = 0 [pid 6301] <... openat resumed>) = 3 [ 84.179515][ T6301] BTRFS info (device loop1): auto enabling async discard [ 84.206671][ T6331] loop2: detected capacity change from 0 to 32768 [pid 6382] setpgid(0, 0 [pid 6301] chdir("./bus" [pid 6382] <... setpgid resumed>) = 0 [pid 6301] <... chdir resumed>) = 0 [pid 6382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6301] ioctl(4, LOOP_CLR_FD [pid 6382] <... openat resumed>) = 3 [pid 6301] <... ioctl resumed>) = 0 [pid 6382] write(3, "1000", 4 [pid 6301] close(4 [pid 6382] <... write resumed>) = 4 [pid 6301] <... close resumed>) = 0 [pid 6301] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6382] close(3) = 0 [pid 6382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6301] <... openat resumed>) = 4 [pid 6275] chdir("./bus" [pid 6382] memfd_create("syzkaller", 0 [pid 6275] <... chdir resumed>) = 0 [pid 6382] <... memfd_create resumed>) = 3 [pid 6275] ioctl(4, LOOP_CLR_FD) = 0 [pid 6275] close(4 [pid 6382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6301] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6275] <... close resumed>) = 0 [pid 6382] <... mmap resumed>) = 0x7fefd70e9000 [pid 6301] <... write resumed>) = 65228 [pid 6301] exit_group(0 [pid 6275] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6301] <... exit_group resumed>) = ? [pid 6301] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6301, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6275] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6275] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5066] newfstatat(3, "", [pid 6275] <... write resumed>) = 65228 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 84.229654][ T6331] BTRFS: device /dev/loop2 using temp-fsid bdf86e93-765f-42be-a60a-3ba0dd77ba2e [pid 5066] getdents64(3, [pid 6275] exit_group(0 [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5066] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6275] <... exit_group resumed>) = ? [pid 6275] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6275, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5068] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 84.301678][ T6331] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (6331) [pid 5068] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [ 84.417100][ T6331] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 84.447889][ T6331] BTRFS info (device loop2): doing ref verification [pid 5065] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./12/bus") = 0 [pid 5065] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 84.484072][ T6331] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5065] unlink("./12/binderfs") = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./12") = 0 [pid 5065] mkdir("./13", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6385 ./strace-static-x86_64: Process 6385 attached [pid 6385] set_robust_list(0x55555613b660, 24) = 0 [ 84.550619][ T6331] BTRFS info (device loop2): force zlib compression, level 3 [pid 6385] chdir("./13") = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6385] <... prctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6385] setpgid(0, 0 [pid 6380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 6385] <... setpgid resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./13/bus") = 0 [ 84.591937][ T6331] BTRFS info (device loop2): allowing degraded mounts [pid 5066] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./13/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 6385] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./13") = 0 [pid 5066] mkdir("./14", 0777 [pid 6385] write(3, "1000", 4 [pid 5066] <... mkdir resumed>) = 0 [pid 6385] <... write resumed>) = 4 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6385] close(3 [pid 5066] <... openat resumed>) = 3 [pid 6385] <... close resumed>) = 0 [ 84.634621][ T6331] BTRFS info (device loop2): using free space tree [pid 5066] ioctl(3, LOOP_CLR_FD [pid 6385] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... ioctl resumed>) = 0 [pid 6385] <... symlink resumed>) = 0 [pid 6385] memfd_create("syzkaller", 0 [pid 5066] close(3 [pid 6385] <... memfd_create resumed>) = 3 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 6385] <... mmap resumed>) = 0x7fefd70e9000 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... clone resumed>, child_tidptr=0x55555613b650) = 6388 ./strace-static-x86_64: Process 6388 attached [pid 6388] set_robust_list(0x55555613b660, 24) = 0 [pid 6388] chdir("./14") = 0 [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6388] setpgid(0, 0) = 0 [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3) = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6388] memfd_create("syzkaller", 0) = 3 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./12/bus" [pid 6385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 84.999184][ T6331] BTRFS info (device loop2): auto enabling async discard [pid 5068] unlink("./12/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./12") = 0 [pid 5068] mkdir("./13", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6404 ./strace-static-x86_64: Process 6404 attached [pid 6404] set_robust_list(0x55555613b660, 24) = 0 [pid 6404] chdir("./13") = 0 [pid 6404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6404] setpgid(0, 0) = 0 [pid 6404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6404] write(3, "1000", 4) = 4 [pid 6404] close(3) = 0 [pid 6404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6404] memfd_create("syzkaller", 0) = 3 [pid 6404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6331] <... mount resumed>) = 0 [pid 6331] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6331] chdir("./bus") = 0 [pid 6331] ioctl(4, LOOP_CLR_FD) = 0 [pid 6331] close(4) = 0 [pid 6331] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6331] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6331] exit_group(0) = ? [pid 6331] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6331, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6380] <... write resumed>) = 16777216 [pid 6380] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6380] close(3) = 0 [pid 6380] mkdir("./bus", 0777) = 0 [pid 6380] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 85.543086][ T6380] loop4: detected capacity change from 0 to 32768 [ 85.575833][ T6380] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (6380) [pid 6404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6382] <... write resumed>) = 16777216 [pid 6382] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6382] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5067] <... umount2 resumed>) = 0 [pid 6382] ioctl(4, LOOP_SET_FD, 3 [pid 5067] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.670738][ T6380] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 85.702423][ T6382] loop5: detected capacity change from 0 to 32768 [pid 5067] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6382] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6382] close(3 [pid 5067] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6382] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", [pid 6382] mkdir("./bus", 0777 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6382] <... mkdir resumed>) = 0 [pid 5067] getdents64(4, [pid 6382] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] <... getdents64 resumed>0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./12/bus") = 0 [pid 5067] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6388] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./12/binderfs", [pid 6388] munmap(0x7fefd70e9000, 138412032 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6385] <... write resumed>) = 16777216 [pid 6385] munmap(0x7fefd70e9000, 138412032 [ 85.728513][ T6380] BTRFS info (device loop4): doing ref verification [ 85.745917][ T6382] BTRFS: device /dev/loop5 using temp-fsid 3d2e3dfe-cdcd-48c1-acb4-8534376acf2a [ 85.761159][ T6380] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5067] unlink("./12/binderfs" [pid 6388] <... munmap resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 6385] <... munmap resumed>) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6385] ioctl(4, LOOP_SET_FD, 3 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 6385] <... ioctl resumed>) = 0 [pid 6385] close(3) = 0 [pid 6385] mkdir("./bus", 0777) = 0 [pid 6385] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] <... close resumed>) = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] rmdir("./12" [pid 6388] <... openat resumed>) = 4 [pid 6388] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... rmdir resumed>) = 0 [ 85.793752][ T6382] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (6382) [ 85.804432][ T6385] loop0: detected capacity change from 0 to 32768 [ 85.818133][ T6380] BTRFS info (device loop4): force zlib compression, level 3 [ 85.825613][ T6380] BTRFS info (device loop4): allowing degraded mounts [ 85.837553][ T6388] loop1: detected capacity change from 0 to 32768 [pid 5067] mkdir("./13", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6388] <... ioctl resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 6388] close(3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 6388] <... close resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 6388] mkdir("./bus", 0777 [pid 5067] close(3 [pid 6388] <... mkdir resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6406 attached [pid 6406] set_robust_list(0x55555613b660, 24 [pid 6388] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] <... clone resumed>, child_tidptr=0x55555613b650) = 6406 [pid 6406] <... set_robust_list resumed>) = 0 [pid 6406] chdir("./13") = 0 [pid 6406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 85.851933][ T6385] BTRFS: device /dev/loop0 using temp-fsid bad1e012-d207-4402-b8ae-13b42211ea7f [ 85.865821][ T6382] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 85.879302][ T6380] BTRFS info (device loop4): using free space tree [ 85.887771][ T6385] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (6385) [pid 6406] setpgid(0, 0) = 0 [pid 6406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6406] write(3, "1000", 4) = 4 [pid 6406] close(3) = 0 [pid 6406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6406] memfd_create("syzkaller", 0) = 3 [pid 6406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [ 85.912728][ T6382] BTRFS info (device loop5): doing ref verification [ 85.937384][ T6388] BTRFS: device /dev/loop1 using temp-fsid 6f007e5c-844c-4eb4-86a6-29ca9fa17701 [ 85.944979][ T6385] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.956736][ T6382] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.968793][ T6385] BTRFS info (device loop0): doing ref verification [ 85.975399][ T6385] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.987807][ T6388] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (6388) [ 86.008189][ T6385] BTRFS info (device loop0): force zlib compression, level 3 [ 86.008846][ T6382] BTRFS info (device loop5): force zlib compression, level 3 [ 86.015686][ T6385] BTRFS info (device loop0): allowing degraded mounts [ 86.023566][ T6382] BTRFS info (device loop5): allowing degraded mounts [ 86.037489][ T6382] BTRFS info (device loop5): using free space tree [ 86.060356][ T6385] BTRFS info (device loop0): using free space tree [ 86.081632][ T6388] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [pid 6404] <... write resumed>) = 16777216 [ 86.119331][ T6380] BTRFS info (device loop4): auto enabling async discard [ 86.149670][ T6388] BTRFS info (device loop1): doing ref verification [pid 6404] munmap(0x7fefd70e9000, 138412032 [pid 6406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6404] <... munmap resumed>) = 0 [pid 6404] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6404] ioctl(4, LOOP_SET_FD, 3 [pid 6380] <... mount resumed>) = 0 [pid 6380] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6380] chdir("./bus") = 0 [pid 6380] ioctl(4, LOOP_CLR_FD) = 0 [pid 6380] close(4) = 0 [pid 6380] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6380] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6380] exit_group(0) = ? [pid 6380] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6380, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5069] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 86.189964][ T6388] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.209987][ T6404] loop3: detected capacity change from 0 to 32768 [ 86.218098][ T6388] BTRFS info (device loop1): force zlib compression, level 3 [pid 5069] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5069] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6404] <... ioctl resumed>) = 0 [pid 6404] close(3) = 0 [pid 6404] mkdir("./bus", 0777) = 0 [ 86.250006][ T6388] BTRFS info (device loop1): allowing degraded mounts [ 86.256927][ T6388] BTRFS info (device loop1): using free space tree [ 86.289237][ T6404] BTRFS: device /dev/loop3 using temp-fsid 5f2d20d1-e8bb-4212-89fa-1765057cf46f [ 86.290559][ T6382] BTRFS info (device loop5): auto enabling async discard [pid 6404] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6382] <... mount resumed>) = 0 [pid 6382] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6382] chdir("./bus") = 0 [pid 6382] ioctl(4, LOOP_CLR_FD) = 0 [pid 6382] close(4) = 0 [pid 6382] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6382] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6382] exit_group(0) = ? [pid 6382] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6382, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 86.327618][ T6404] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (6404) [ 86.396492][ T6404] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 86.422359][ T6404] BTRFS info (device loop3): doing ref verification [ 86.429659][ T6404] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.441099][ T6388] BTRFS info (device loop1): auto enabling async discard [ 86.451024][ T6404] BTRFS info (device loop3): force zlib compression, level 3 [ 86.469715][ T6385] BTRFS info (device loop0): auto enabling async discard [ 86.471568][ T6404] BTRFS info (device loop3): allowing degraded mounts [pid 5070] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./12/bus") = 0 [pid 5069] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./12/binderfs") = 0 [pid 5069] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./12") = 0 [pid 6388] <... mount resumed>) = 0 [pid 6388] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6385] <... mount resumed>) = 0 [pid 6388] chdir("./bus") = 0 [pid 5069] mkdir("./13", 0777 [pid 6388] ioctl(4, LOOP_CLR_FD [pid 6385] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6388] <... ioctl resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [ 86.496012][ T6404] BTRFS info (device loop3): using free space tree [pid 6388] close(4 [pid 6385] <... openat resumed>) = 3 [pid 6388] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6388] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5069] <... openat resumed>) = 3 [pid 6388] <... openat resumed>) = 4 [pid 6385] chdir("./bus" [pid 5069] ioctl(3, LOOP_CLR_FD [pid 6385] <... chdir resumed>) = 0 [pid 6385] ioctl(4, LOOP_CLR_FD [pid 5069] <... ioctl resumed>) = 0 [pid 6385] <... ioctl resumed>) = 0 [pid 6385] close(4 [pid 5069] close(3 [pid 6385] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6385] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 6475 attached ) = 4 [pid 6475] set_robust_list(0x55555613b660, 24) = 0 [pid 6475] chdir("./13") = 0 [pid 6385] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6475] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6388] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 5069] <... clone resumed>, child_tidptr=0x55555613b650) = 6475 [pid 6475] <... prctl resumed>) = 0 [pid 6388] <... write resumed>) = 65228 [pid 6385] <... write resumed>) = 65228 [pid 6475] setpgid(0, 0 [pid 6388] exit_group(0 [pid 6385] exit_group(0 [pid 6475] <... setpgid resumed>) = 0 [pid 6475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6388] <... exit_group resumed>) = ? [pid 6385] <... exit_group resumed>) = ? [pid 6475] <... openat resumed>) = 3 [pid 6388] +++ exited with 0 +++ [pid 6475] write(3, "1000", 4) = 4 [pid 6475] close(3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 6475] <... close resumed>) = 0 [pid 5066] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6385] +++ exited with 0 +++ [pid 6475] symlink("/dev/binderfs", "./binderfs" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6475] <... symlink resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6475] memfd_create("syzkaller", 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 5065] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6475] <... memfd_create resumed>) = 3 [pid 5066] getdents64(3, [pid 5065] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] <... openat resumed>) = 3 [pid 6475] <... mmap resumed>) = 0x7fefd70e9000 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./12/bus") = 0 [pid 5070] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./12/binderfs", [pid 6406] <... write resumed>) = 16777216 [pid 5070] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./12/binderfs" [pid 6406] munmap(0x7fefd70e9000, 138412032) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5070] getdents64(3, [pid 6406] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 6406] <... openat resumed>) = 4 [pid 5070] close(3 [pid 6406] ioctl(4, LOOP_SET_FD, 3 [pid 5070] <... close resumed>) = 0 [pid 6406] <... ioctl resumed>) = 0 [pid 5070] rmdir("./12" [pid 6406] close(3 [pid 5070] <... rmdir resumed>) = 0 [pid 6406] <... close resumed>) = 0 [pid 5070] mkdir("./13", 0777 [pid 6406] mkdir("./bus", 0777) = 0 [pid 6406] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5070] <... mkdir resumed>) = 0 [ 86.760584][ T6404] BTRFS info (device loop3): auto enabling async discard [ 86.793352][ T6406] loop2: detected capacity change from 0 to 32768 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = 0 [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6404] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6488 attached [pid 5070] <... clone resumed>, child_tidptr=0x55555613b650) = 6488 [pid 6488] set_robust_list(0x55555613b660, 24 [pid 6404] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6488] <... set_robust_list resumed>) = 0 [pid 6488] chdir("./13" [pid 6404] <... openat resumed>) = 3 [pid 6488] <... chdir resumed>) = 0 [pid 6488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 86.811419][ T6406] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (6406) [pid 6488] setpgid(0, 0 [pid 6404] chdir("./bus") = 0 [pid 6488] <... setpgid resumed>) = 0 [pid 6404] ioctl(4, LOOP_CLR_FD [pid 6488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6404] <... ioctl resumed>) = 0 [pid 6404] close(4) = 0 [pid 6404] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6488] <... openat resumed>) = 3 [ 86.867878][ T6406] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [pid 6404] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6488] write(3, "1000", 4 [pid 6404] <... write resumed>) = 65228 [pid 6404] exit_group(0) = ? [pid 6404] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6404, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 6488] <... write resumed>) = 4 [pid 6488] close(3 [pid 5068] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6488] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 6488] memfd_create("syzkaller", 0 [pid 5068] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] <... umount2 resumed>) = 0 [pid 5068] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6488] <... memfd_create resumed>) = 3 [ 86.918225][ T6406] BTRFS info (device loop2): doing ref verification [ 86.928678][ T6406] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.947289][ T6406] BTRFS info (device loop2): force zlib compression, level 3 [pid 5065] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6488] <... mmap resumed>) = 0x7fefd70e9000 [pid 5065] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./13/bus") = 0 [pid 5065] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./13/binderfs") = 0 [pid 5065] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./13") = 0 [pid 5065] mkdir("./14", 0777) = 0 [ 86.963863][ T6406] BTRFS info (device loop2): allowing degraded mounts [ 86.975966][ T6406] BTRFS info (device loop2): using free space tree [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5066] <... umount2 resumed>) = 0 [pid 6475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6490 ./strace-static-x86_64: Process 6490 attached [pid 6490] set_robust_list(0x55555613b660, 24) = 0 [pid 6490] chdir("./14") = 0 [pid 6490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6490] setpgid(0, 0) = 0 [pid 6490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6490] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6490] write(3, "1000", 4 [pid 5066] newfstatat(AT_FDCWD, "./14/bus", [pid 6490] <... write resumed>) = 4 [pid 6490] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6490] <... close resumed>) = 0 [pid 6490] symlink("/dev/binderfs", "./binderfs" [pid 5066] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6490] <... symlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 6490] memfd_create("syzkaller", 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6490] <... memfd_create resumed>) = 3 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 6490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... getdents64 resumed>0x555556144730 /* 0 entries */, 32768) = 0 [pid 6490] <... mmap resumed>) = 0x7fefd70e9000 [pid 5066] close(4) = 0 [pid 5066] rmdir("./14/bus") = 0 [pid 5066] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./14/binderfs") = 0 [pid 5066] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./14") = 0 [pid 5066] mkdir("./15", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6499 attached , child_tidptr=0x55555613b650) = 6499 [pid 6499] set_robust_list(0x55555613b660, 24) = 0 [pid 6499] chdir("./15") = 0 [pid 6499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6499] setpgid(0, 0) = 0 [pid 6499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6499] write(3, "1000", 4) = 4 [pid 6499] close(3) = 0 [pid 6499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6499] memfd_create("syzkaller", 0) = 3 [pid 6499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 5068] <... umount2 resumed>) = 0 [pid 6488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", [pid 6490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./13/bus") = 0 [ 87.428092][ T6406] BTRFS info (device loop2): auto enabling async discard [pid 5068] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6406] <... mount resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./13/binderfs") = 0 [pid 5068] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 6406] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5068] close(3 [pid 6406] <... openat resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./13" [pid 6406] chdir("./bus" [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./14", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6406] <... chdir resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 6406] ioctl(4, LOOP_CLR_FD [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6507 attached [pid 6507] set_robust_list(0x55555613b660, 24) = 0 [pid 6406] <... ioctl resumed>) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x55555613b650) = 6507 [pid 6406] close(4 [pid 6507] chdir("./14") = 0 [pid 6507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6507] setpgid(0, 0) = 0 [pid 6507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6507] write(3, "1000", 4) = 4 [pid 6507] close(3) = 0 [pid 6507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6406] <... close resumed>) = 0 [pid 6507] memfd_create("syzkaller", 0) = 3 [pid 6507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6406] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6406] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6406] exit_group(0) = ? [pid 6406] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6406, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5067] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6475] <... write resumed>) = 16777216 [pid 6475] munmap(0x7fefd70e9000, 138412032) = 0 [pid 6475] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6475] ioctl(4, LOOP_SET_FD, 3 [pid 6488] <... write resumed>) = 16777216 [pid 6475] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 6488] munmap(0x7fefd70e9000, 138412032 [pid 6475] close(3 [pid 6488] <... munmap resumed>) = 0 [pid 5067] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6475] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6475] mkdir("./bus", 0777 [pid 5067] newfstatat(AT_FDCWD, "./13/bus", [pid 6475] <... mkdir resumed>) = 0 [ 87.995807][ T6475] loop4: detected capacity change from 0 to 32768 [pid 6475] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6488] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] newfstatat(4, "", [pid 6488] <... openat resumed>) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6488] ioctl(4, LOOP_SET_FD, 3 [pid 5067] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 6507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] rmdir("./13/bus") = 0 [pid 5067] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./13/binderfs") = 0 [pid 5067] getdents64(3, 0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./13") = 0 [pid 5067] mkdir("./14", 0777 [pid 6488] <... ioctl resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 6488] close(3) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6488] mkdir("./bus", 0777 [pid 5067] <... openat resumed>) = 3 [pid 6488] <... mkdir resumed>) = 0 [pid 6488] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [ 88.047894][ T6475] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor139 (6475) [ 88.082626][ T6488] loop5: detected capacity change from 0 to 32768 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6509 ./strace-static-x86_64: Process 6509 attached [pid 6509] set_robust_list(0x55555613b660, 24) = 0 [ 88.122635][ T6488] BTRFS: device /dev/loop5 using temp-fsid cf90b319-30e7-4edc-8a98-516f6edd645e [ 88.138270][ T6475] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 88.146967][ T6475] BTRFS info (device loop4): doing ref verification [pid 6509] chdir("./14") = 0 [pid 6509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6509] setpgid(0, 0) = 0 [pid 6509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6509] write(3, "1000", 4 [pid 6490] <... write resumed>) = 16777216 [pid 6509] <... write resumed>) = 4 [pid 6490] munmap(0x7fefd70e9000, 138412032 [pid 6509] close(3) = 0 [pid 6509] symlink("/dev/binderfs", "./binderfs") = 0 [ 88.169384][ T6488] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor139 (6488) [ 88.199363][ T6475] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 6509] memfd_create("syzkaller", 0 [pid 6490] <... munmap resumed>) = 0 [pid 6509] <... memfd_create resumed>) = 3 [pid 6509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fefd70e9000 [pid 6490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 88.225191][ T6488] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 88.237004][ T6475] BTRFS info (device loop4): force zlib compression, level 3 [ 88.258738][ T6488] BTRFS info (device loop5): doing ref verification [ 88.266023][ T6475] BTRFS info (device loop4): allowing degraded mounts [pid 6490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6490] close(3) = 0 [pid 6490] mkdir("./bus", 0777) = 0 [ 88.274039][ T6490] loop0: detected capacity change from 0 to 32768 [ 88.282584][ T6488] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 88.299704][ T6475] BTRFS info (device loop4): using free space tree [pid 6499] <... write resumed>) = 16777216 [pid 6490] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6499] munmap(0x7fefd70e9000, 138412032) = 0 [ 88.321184][ T6488] BTRFS info (device loop5): force zlib compression, level 3 [ 88.330706][ T6490] BTRFS: device /dev/loop0 using temp-fsid fef726f4-2f26-41ce-a4be-591259cb2fcc [ 88.338828][ T6488] BTRFS info (device loop5): allowing degraded mounts [ 88.362344][ T6490] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor139 (6490) [pid 6499] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 88.364716][ T6488] BTRFS info (device loop5): using free space tree [ 88.385374][ T6499] loop1: detected capacity change from 0 to 32768 [pid 6499] close(3) = 0 [pid 6499] mkdir("./bus", 0777) = 0 [ 88.438742][ T6490] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.445359][ T6499] BTRFS: device /dev/loop1 using temp-fsid 075084c3-7323-4d57-b9dc-937331f34987 [ 88.468140][ T6490] BTRFS info (device loop0): doing ref verification [ 88.474753][ T6490] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 88.489503][ T6499] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor139 (6499) [ 88.503970][ T6490] BTRFS info (device loop0): force zlib compression, level 3 [ 88.515298][ T6475] BTRFS info (device loop4): auto enabling async discard [pid 6499] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6475] <... mount resumed>) = 0 [pid 6475] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6475] chdir("./bus") = 0 [pid 6475] ioctl(4, LOOP_CLR_FD [pid 6507] <... write resumed>) = 16777216 [pid 6475] <... ioctl resumed>) = 0 [pid 6475] close(4) = 0 [pid 6475] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 88.555139][ T6499] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 88.564456][ T6490] BTRFS info (device loop0): allowing degraded mounts [ 88.591272][ T6490] BTRFS info (device loop0): using free space tree [pid 6507] munmap(0x7fefd70e9000, 138412032 [pid 6475] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6507] <... munmap resumed>) = 0 [pid 6475] exit_group(0) = ? [pid 6475] +++ exited with 0 +++ [pid 6507] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6475, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- [ 88.601676][ T6488] BTRFS info (device loop5): auto enabling async discard [ 88.608912][ T6499] BTRFS info (device loop1): doing ref verification [ 88.615512][ T6499] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 6507] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... restart_syscall resumed>) = 0 [pid 6488] <... mount resumed>) = 0 [pid 6488] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6488] chdir("./bus") = 0 [pid 6488] ioctl(4, LOOP_CLR_FD [pid 5069] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6488] <... ioctl resumed>) = 0 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 6488] close(4 [pid 5069] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 6488] <... close resumed>) = 0 [pid 5069] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6488] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6507] <... ioctl resumed>) = 0 [pid 6507] close(3) = 0 [pid 6507] mkdir("./bus", 0777) = 0 [ 88.651409][ T6507] loop3: detected capacity change from 0 to 32768 [ 88.669759][ T6499] BTRFS info (device loop1): force zlib compression, level 3 [ 88.677150][ T6499] BTRFS info (device loop1): allowing degraded mounts [ 88.684521][ T6499] BTRFS info (device loop1): using free space tree [pid 6507] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6488] <... openat resumed>) = 4 [pid 6488] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6488] exit_group(0) = ? [pid 6488] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6488, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [pid 5070] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 88.695984][ T6507] BTRFS: device /dev/loop3 using temp-fsid bd7c3a11-a381-4d62-90a5-1bc99bed0445 [pid 5070] getdents64(3, 0x55555613c6f0 /* 4 entries */, 32768) = 104 [ 88.753682][ T6507] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor139 (6507) [ 88.788775][ T5069] assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4343 [pid 5070] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6499] <... mount resumed>) = 0 [pid 6499] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6499] chdir("./bus" [pid 6509] <... write resumed>) = 16777216 [ 88.837083][ T6490] BTRFS info (device loop0): auto enabling async discard [ 88.840837][ T5069] ------------[ cut here ]------------ [ 88.849658][ T5069] kernel BUG at fs/btrfs/disk-io.c:4343! [ 88.853459][ T6499] BTRFS info (device loop1): auto enabling async discard [ 88.856594][ T6507] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [pid 6509] munmap(0x7fefd70e9000, 138412032 [pid 6499] <... chdir resumed>) = 0 [pid 6509] <... munmap resumed>) = 0 [pid 6509] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6509] ioctl(4, LOOP_SET_FD, 3) = 0 [ 88.885081][ T5069] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 88.891154][ T5069] CPU: 1 PID: 5069 Comm: syz-executor139 Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 [ 88.901564][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 88.909218][ T6509] loop2: detected capacity change from 0 to 32768 [ 88.911614][ T5069] RIP: 0010:close_ctree+0xd6f/0xf90 [pid 6509] close(3) = 0 [ 88.923260][ T5069] Code: e9 b0 fb ff ff e8 01 ba 0f fe b9 f7 10 00 00 48 c7 c2 e0 85 16 8b 48 c7 c6 a0 c0 16 8b 48 c7 c7 60 86 16 8b e8 32 93 f2 fd 90 <0f> 0b e8 da b9 0f fe b9 00 11 00 00 48 c7 c2 e0 85 16 8b 48 c7 c6 [ 88.941421][ T6509] BTRFS: device /dev/loop2 using temp-fsid 2620ac2a-30cc-47e0-b368-2ddc64936681 [ 88.942864][ T5069] RSP: 0018:ffffc90003a37bd0 EFLAGS: 00010282 [ 88.942885][ T5069] RAX: 0000000000000051 RBX: ffff888025838d50 RCX: ffffffff816a80d9 [ 88.963265][ T6509] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor139 (6509) [ 88.965867][ T5069] RDX: 0000000000000000 RSI: ffffffff816b0582 RDI: 0000000000000005 [ 88.965885][ T5069] RBP: ffff888025838010 R08: 0000000000000005 R09: 0000000000000000 [ 88.965896][ T5069] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000 [ 89.002337][ T5069] R13: ffff888079944758 R14: ffff888025838000 R15: ffff8880791eb840 [ 89.010298][ T5069] FS: 000055555613b380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 89.019214][ T5069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.025783][ T5069] CR2: 00007fb824ac2723 CR3: 000000007bf71000 CR4: 0000000000350ef0 [ 89.033765][ T5069] Call Trace: [ 89.037035][ T5069] [ 89.039954][ T5069] ? show_regs+0x8f/0xa0 [ 89.044189][ T5069] ? die+0x36/0xa0 [ 89.047902][ T5069] ? do_trap+0x22b/0x420 [ 89.052139][ T5069] ? close_ctree+0xd6f/0xf90 [ 89.056719][ T5069] ? close_ctree+0xd6f/0xf90 [ 89.061295][ T5069] ? do_error_trap+0xf4/0x230 [ 89.065968][ T5069] ? close_ctree+0xd6f/0xf90 [ 89.070548][ T5069] ? handle_invalid_op+0x34/0x40 [ 89.075475][ T5069] ? close_ctree+0xd6f/0xf90 [ 89.080054][ T5069] ? exc_invalid_op+0x2e/0x40 [ 89.084719][ T5069] ? asm_exc_invalid_op+0x1a/0x20 [ 89.089738][ T5069] ? __wake_up_klogd.part.0+0x99/0xf0 [ 89.095103][ T5069] ? vprintk+0x82/0x90 [ 89.099159][ T5069] ? close_ctree+0xd6f/0xf90 [ 89.103738][ T5069] ? btrfs_cleanup_transaction.isra.0+0x13a0/0x13a0 [ 89.110315][ T5069] ? collect_domain_accesses+0x290/0x290 [ 89.115939][ T5069] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 89.121658][ T5069] ? dispose_list+0x1e0/0x1e0 [ 89.126326][ T5069] ? fscrypt_destroy_keyring+0x1e/0x3d0 [ 89.131865][ T5069] ? btrfs_set_super+0x70/0x70 [ 89.136626][ T5069] generic_shutdown_super+0x161/0x3d0 [ 89.141991][ T5069] kill_anon_super+0x3a/0x60 [ 89.146571][ T5069] btrfs_kill_super+0x3b/0x50 [ 89.151243][ T5069] deactivate_locked_super+0xbc/0x1a0 [ 89.156604][ T5069] deactivate_super+0xde/0x100 [ 89.161366][ T5069] cleanup_mnt+0x222/0x450 [ 89.165782][ T5069] task_work_run+0x14d/0x240 [ 89.170362][ T5069] ? task_work_cancel+0x30/0x30 [ 89.175202][ T5069] ptrace_notify+0x10d/0x130 [ 89.179785][ T5069] syscall_exit_to_user_mode_prepare+0x126/0x230 [ 89.186102][ T5069] syscall_exit_to_user_mode+0xe/0x60 [ 89.191466][ T5069] do_syscall_64+0x4d/0x110 [ 89.195956][ T5069] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 89.201929][ T5069] RIP: 0033:0x7fefdf529577 [ 89.206331][ T5069] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 89.225926][ T5069] RSP: 002b:00007ffe3507e7b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [pid 6509] mkdir("./bus", 0777) = 0 [ 89.234324][ T5069] RAX: 0000000000000000 RBX: 0000000000015218 RCX: 00007fefdf529577 [ 89.242284][ T5069] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe3507e870 [ 89.250241][ T5069] RBP: 00007ffe3507e870 R08: 0000000000000000 R09: 0000000000000000 [ 89.258196][ T5069] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe3507f8e0 [ 89.266155][ T5069] R13: 000055555613c6c0 R14: 431bde82d7b634db R15: 00007ffe3507f900 [ 89.274121][ T5069] [ 89.277130][ T5069] Modules linked in: [ 89.281078][ T6507] BTRFS info (device loop3): doing ref verification [pid 6509] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 6499] ioctl(4, LOOP_CLR_FD) = 0 [pid 6490] <... mount resumed>) = 0 [pid 6499] close(4 [pid 6490] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6499] <... close resumed>) = 0 [pid 6490] chdir("./bus" [pid 6499] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6490] <... chdir resumed>) = 0 [pid 6490] ioctl(4, LOOP_CLR_FD) = 0 [pid 6499] <... openat resumed>) = 4 [pid 6490] close(4 [pid 6499] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228 [pid 6490] <... close resumed>) = 0 [pid 6490] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6499] <... write resumed>) = 65228 [pid 6490] <... openat resumed>) = 4 [pid 6490] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65228) = 65228 [pid 6490] exit_group(0 [pid 6499] exit_group(0 [pid 6490] <... exit_group resumed>) = ? [pid 6490] +++ exited with 0 +++ [ 89.287677][ T6507] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 89.299131][ T6507] BTRFS info (device loop3): force zlib compression, level 3 [ 89.306542][ T6507] BTRFS info (device loop3): allowing degraded mounts [ 89.318595][ T6507] BTRFS info (device loop3): using free space tree [ 89.319990][ T6509] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [pid 6499] <... exit_group resumed>) = ? [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6490, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- [pid 6499] +++ exited with 0 +++ [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6499, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [pid 5070] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] rmdir("./13/bus") = 0 [pid 5070] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5070] unlink("./13/binderfs") = 0 [pid 5066] <... openat resumed>) = 3 [pid 5070] getdents64(3, [pid 5065] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 5065] newfstatat(3, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5070] <... getdents64 resumed>0x55555613c6f0 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5070] close(3) = 0 [pid 5066] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5065] getdents64(3, [pid 5066] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] rmdir("./13" [pid 5065] <... getdents64 resumed>0x55555613c6f0 /* 4 entries */, 32768) = 104 [pid 5070] <... rmdir resumed>) = 0 [pid 5065] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] mkdir("./14", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [ 89.352495][ T5069] ---[ end trace 0000000000000000 ]--- [ 89.364044][ T5069] RIP: 0010:close_ctree+0xd6f/0xf90 [pid 5070] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555613b650) = 6578 ./strace-static-x86_64: Process 6578 attached [pid 6578] set_robust_list(0x55555613b660, 24) = 0 [pid 6578] chdir("./14") = 0 [pid 6578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] setpgid(0, 0) = 0 [pid 6578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6578] write(3, "1000", 4) = 4 [pid 6578] close(3) = 0 [pid 6578] symlink("/dev/binderfs", "./binderfs") = 0 [ 89.384231][ T5069] Code: e9 b0 fb ff ff e8 01 ba 0f fe b9 f7 10 00 00 48 c7 c2 e0 85 16 8b 48 c7 c6 a0 c0 16 8b 48 c7 c7 60 86 16 8b e8 32 93 f2 fd 90 <0f> 0b e8 da b9 0f fe b9 00 11 00 00 48 c7 c2 e0 85 16 8b 48 c7 c6 [ 89.393823][ T6509] BTRFS info (device loop2): doing ref verification [pid 6578] memfd_create("syzkaller", 0) = 3 [pid 6578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... umount2 resumed>) = 0 [pid 6578] <... mmap resumed>) = 0x7fefd70e9000 [pid 5066] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 89.443831][ T6509] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 89.467409][ T6509] BTRFS info (device loop2): force zlib compression, level 3 [ 89.478347][ T5069] RSP: 0018:ffffc90003a37bd0 EFLAGS: 00010282 [ 89.484928][ T5069] RAX: 0000000000000051 RBX: ffff888025838d50 RCX: ffffffff816a80d9 [pid 5066] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 89.493935][ T5069] RDX: 0000000000000000 RSI: ffffffff816b0582 RDI: 0000000000000005 [ 89.502269][ T5069] RBP: ffff888025838010 R08: 0000000000000005 R09: 0000000000000000 [ 89.510992][ T5069] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000 [ 89.516592][ T6509] BTRFS info (device loop2): allowing degraded mounts [ 89.520502][ T5069] R13: ffff888079944758 R14: ffff888025838000 R15: ffff8880791eb840 [ 89.534602][ T5069] FS: 000055555613b380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [pid 5066] getdents64(4, 0x555556144730 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556144730 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [ 89.543887][ T5069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.550710][ T5069] CR2: 00007f85603b68e5 CR3: 000000007bf71000 CR4: 0000000000350ef0 [ 89.560122][ T6507] BTRFS info (device loop3): auto enabling async discard [ 89.562604][ T6509] BTRFS info (device loop2): using free space tree [ 89.567883][ T5069] Kernel panic - not syncing: Fatal exception [ 89.573886][ T5069] Kernel Offset: disabled