./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4117347738 <...> Warning: Permanently added '10.128.1.68' (ED25519) to the list of known hosts. execve("./syz-executor4117347738", ["./syz-executor4117347738"], 0x7ffe4578b5b0 /* 10 vars */) = 0 brk(NULL) = 0x555557163000 brk(0x555557163d00) = 0x555557163d00 arch_prctl(ARCH_SET_FS, 0x555557163380) = 0 set_tid_address(0x555557163650) = 5032 set_robust_list(0x555557163660, 24) = 0 rseq(0x555557163ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4117347738", 4096) = 28 getrandom("\xb4\x0b\xc1\xef\x35\xc4\x3b\x93", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557163d00 brk(0x555557184d00) = 0x555557184d00 brk(0x555557185000) = 0x555557185000 mprotect(0x7f5798f3a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.9rbSLq", 0700) = 0 chmod("./syzkaller.9rbSLq", 0777) = 0 chdir("./syzkaller.9rbSLq") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x555557163660, 24) = 0 [pid 5033] chdir("./0") = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1000", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] memfd_create("syzkaller", 0) = 3 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [ 77.374682][ T5033] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5033 'syz-executor411' [pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5033] munmap(0x7f5790a82000, 16777216) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5033] close(3) = 0 [pid 5033] mkdir("./bus", 0777) = 0 [ 77.608180][ T5033] loop0: detected capacity change from 0 to 32768 [ 77.620834][ T5033] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5033) [ 77.641983][ T5033] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.650914][ T5033] BTRFS info (device loop0): doing ref verification [ 77.657709][ T5033] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.668546][ T5033] BTRFS info (device loop0): force zlib compression, level 3 [ 77.676559][ T5033] BTRFS info (device loop0): allowing degraded mounts [ 77.683382][ T5033] BTRFS info (device loop0): using free space tree [pid 5033] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5033] chdir("./bus") = 0 [pid 5033] ioctl(4, LOOP_CLR_FD) = 0 [pid 5033] close(4) = 0 [pid 5033] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5033] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5033] exit_group(0) = ? [pid 5033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 77.709166][ T5033] BTRFS info (device loop0): auto enabling async discard umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5057 ./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x555557163660, 24) = 0 [pid 5057] chdir("./1") = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5057] memfd_create("syzkaller", 0) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5057] munmap(0x7f5790a82000, 16777216) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./bus", 0777) = 0 [ 78.252613][ T5057] loop0: detected capacity change from 0 to 32768 [ 78.264159][ T5057] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5057) [ 78.281349][ T5057] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.290148][ T5057] BTRFS info (device loop0): doing ref verification [pid 5057] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./bus") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5057] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5057] exit_group(0) = ? [pid 5057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [ 78.296832][ T5057] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.307688][ T5057] BTRFS info (device loop0): force zlib compression, level 3 [ 78.315172][ T5057] BTRFS info (device loop0): allowing degraded mounts [ 78.321981][ T5057] BTRFS info (device loop0): using free space tree [ 78.342153][ T5057] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x555557163660, 24) = 0 [pid 5074] chdir("./2") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5074] munmap(0x7f5790a82000, 16777216) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./bus", 0777) = 0 [ 78.831119][ T5074] loop0: detected capacity change from 0 to 32768 [ 78.842363][ T5074] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5074) [ 78.857394][ T5074] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.866409][ T5074] BTRFS info (device loop0): doing ref verification [pid 5074] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./bus") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5074] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 78.873038][ T5074] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.883891][ T5074] BTRFS info (device loop0): force zlib compression, level 3 [ 78.891347][ T5074] BTRFS info (device loop0): allowing degraded mounts [ 78.898196][ T5074] BTRFS info (device loop0): using free space tree [ 78.917070][ T5074] BTRFS info (device loop0): auto enabling async discard umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x555557163660, 24) = 0 [pid 5100] chdir("./3") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5100] munmap(0x7f5790a82000, 16777216) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./bus", 0777) = 0 [ 79.368136][ T5100] loop0: detected capacity change from 0 to 32768 [ 79.378460][ T5100] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5100) [ 79.395696][ T5100] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.404890][ T5100] BTRFS info (device loop0): doing ref verification [pid 5100] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5100] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./bus") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5100] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 79.411861][ T5100] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 79.422909][ T5100] BTRFS info (device loop0): force zlib compression, level 3 [ 79.430530][ T5100] BTRFS info (device loop0): allowing degraded mounts [ 79.437439][ T5100] BTRFS info (device loop0): using free space tree [ 79.457189][ T5100] BTRFS info (device loop0): auto enabling async discard umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x555557163660, 24) = 0 [pid 5117] chdir("./4") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5117] munmap(0x7f5790a82000, 16777216) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./bus", 0777) = 0 [ 79.941979][ T5117] loop0: detected capacity change from 0 to 32768 [ 79.952354][ T5117] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5117) [ 79.970680][ T5117] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.979845][ T5117] BTRFS info (device loop0): doing ref verification [pid 5117] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5117] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./bus") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5117] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5117] exit_group(0) = ? [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 79.987227][ T5117] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 79.998587][ T5117] BTRFS info (device loop0): force zlib compression, level 3 [ 80.006521][ T5117] BTRFS info (device loop0): allowing degraded mounts [ 80.013610][ T5117] BTRFS info (device loop0): using free space tree [ 80.034361][ T5117] BTRFS info (device loop0): auto enabling async discard umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x555557163660, 24) = 0 [pid 5134] chdir("./5") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5134] munmap(0x7f5790a82000, 16777216) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] mkdir("./bus", 0777) = 0 [ 80.519767][ T5134] loop0: detected capacity change from 0 to 32768 [ 80.529902][ T5134] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5134) [ 80.547184][ T5134] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.556018][ T5134] BTRFS info (device loop0): doing ref verification [pid 5134] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5134] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./bus") = 0 [pid 5134] ioctl(4, LOOP_CLR_FD) = 0 [pid 5134] close(4) = 0 [pid 5134] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5134] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5134] exit_group(0) = ? [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 80.563148][ T5134] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.574130][ T5134] BTRFS info (device loop0): force zlib compression, level 3 [ 80.581725][ T5134] BTRFS info (device loop0): allowing degraded mounts [ 80.588747][ T5134] BTRFS info (device loop0): using free space tree [ 80.608698][ T5134] BTRFS info (device loop0): auto enabling async discard umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5151 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x555557163660, 24) = 0 [pid 5151] chdir("./6") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5151] munmap(0x7f5790a82000, 16777216) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./bus", 0777) = 0 [ 81.100170][ T5151] loop0: detected capacity change from 0 to 32768 [ 81.110660][ T5151] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5151) [ 81.127664][ T5151] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.136843][ T5151] BTRFS info (device loop0): doing ref verification [pid 5151] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5151] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./bus") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5151] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5151] exit_group(0) = ? [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 81.143658][ T5151] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.155043][ T5151] BTRFS info (device loop0): force zlib compression, level 3 [ 81.162470][ T5151] BTRFS info (device loop0): allowing degraded mounts [ 81.169622][ T5151] BTRFS info (device loop0): using free space tree [ 81.189563][ T5151] BTRFS info (device loop0): auto enabling async discard umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x555557163660, 24) = 0 [pid 5169] chdir("./7") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] memfd_create("syzkaller", 0) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5169] munmap(0x7f5790a82000, 16777216) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] mkdir("./bus", 0777) = 0 [ 81.683472][ T5169] loop0: detected capacity change from 0 to 32768 [ 81.693309][ T5169] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5169) [ 81.711283][ T5169] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.720413][ T5169] BTRFS info (device loop0): doing ref verification [pid 5169] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5169] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] chdir("./bus") = 0 [pid 5169] ioctl(4, LOOP_CLR_FD) = 0 [pid 5169] close(4) = 0 [pid 5169] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5169] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5169] exit_group(0) = ? [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 81.727580][ T5169] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.738639][ T5169] BTRFS info (device loop0): force zlib compression, level 3 [ 81.746258][ T5169] BTRFS info (device loop0): allowing degraded mounts [ 81.753051][ T5169] BTRFS info (device loop0): using free space tree [ 81.771780][ T5169] BTRFS info (device loop0): auto enabling async discard umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x555557163660, 24) = 0 [pid 5186] chdir("./8") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5186] munmap(0x7f5790a82000, 16777216) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] mkdir("./bus", 0777) = 0 [ 82.256079][ T5186] loop0: detected capacity change from 0 to 32768 [ 82.265871][ T5186] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5186) [ 82.283056][ T5186] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.292012][ T5186] BTRFS info (device loop0): doing ref verification [pid 5186] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5186] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./bus") = 0 [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] close(4) = 0 [pid 5186] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5186] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5186] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 82.298858][ T5186] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.309751][ T5186] BTRFS info (device loop0): force zlib compression, level 3 [ 82.317248][ T5186] BTRFS info (device loop0): allowing degraded mounts [ 82.324056][ T5186] BTRFS info (device loop0): using free space tree [ 82.344549][ T5186] BTRFS info (device loop0): auto enabling async discard umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5203 ./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x555557163660, 24) = 0 [pid 5203] chdir("./9") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5203] munmap(0x7f5790a82000, 16777216) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./bus", 0777) = 0 [ 82.834070][ T5203] loop0: detected capacity change from 0 to 32768 [ 82.844048][ T5203] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5203) [ 82.860046][ T5203] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.869246][ T5203] BTRFS info (device loop0): doing ref verification [pid 5203] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5203] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./bus") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5203] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5203] exit_group(0) = ? [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 82.876321][ T5203] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.887264][ T5203] BTRFS info (device loop0): force zlib compression, level 3 [ 82.894902][ T5203] BTRFS info (device loop0): allowing degraded mounts [ 82.901697][ T5203] BTRFS info (device loop0): using free space tree [ 82.923615][ T5203] BTRFS info (device loop0): auto enabling async discard umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x555557163660, 24) = 0 [pid 5221] chdir("./10") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5221] munmap(0x7f5790a82000, 16777216) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./bus", 0777) = 0 [ 83.425991][ T5221] loop0: detected capacity change from 0 to 32768 [ 83.436159][ T5221] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5221) [ 83.452459][ T5221] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.462218][ T5221] BTRFS info (device loop0): doing ref verification [pid 5221] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5221] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./bus") = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 [pid 5221] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5221] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5221] exit_group(0) = ? [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 83.469259][ T5221] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.480567][ T5221] BTRFS info (device loop0): force zlib compression, level 3 [ 83.488313][ T5221] BTRFS info (device loop0): allowing degraded mounts [ 83.495375][ T5221] BTRFS info (device loop0): using free space tree [ 83.514584][ T5221] BTRFS info (device loop0): auto enabling async discard umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x555557163660, 24) = 0 [pid 5238] chdir("./11") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] memfd_create("syzkaller", 0) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5238] munmap(0x7f5790a82000, 16777216) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./bus", 0777) = 0 [ 83.989309][ T5238] loop0: detected capacity change from 0 to 32768 [ 84.000287][ T5238] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5238) [ 84.015284][ T5238] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.024024][ T5238] BTRFS info (device loop0): doing ref verification [pid 5238] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5238] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./bus") = 0 [pid 5238] ioctl(4, LOOP_CLR_FD) = 0 [pid 5238] close(4) = 0 [pid 5238] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5238] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5238] exit_group(0) = ? [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 84.030759][ T5238] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 84.043203][ T5238] BTRFS info (device loop0): force zlib compression, level 3 [ 84.051309][ T5238] BTRFS info (device loop0): allowing degraded mounts [ 84.058488][ T5238] BTRFS info (device loop0): using free space tree [ 84.078833][ T5238] BTRFS info (device loop0): auto enabling async discard umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5255 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x555557163660, 24) = 0 [pid 5255] chdir("./12") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] memfd_create("syzkaller", 0) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5255] munmap(0x7f5790a82000, 16777216) = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] close(3) = 0 [pid 5255] mkdir("./bus", 0777) = 0 [ 84.584479][ T5255] loop0: detected capacity change from 0 to 32768 [ 84.594086][ T5255] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5255) [ 84.609624][ T5255] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.618655][ T5255] BTRFS info (device loop0): doing ref verification [pid 5255] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5255] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5255] chdir("./bus") = 0 [pid 5255] ioctl(4, LOOP_CLR_FD) = 0 [pid 5255] close(4) = 0 [pid 5255] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5255] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5255] exit_group(0) = ? [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 84.625425][ T5255] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 84.636475][ T5255] BTRFS info (device loop0): force zlib compression, level 3 [ 84.643954][ T5255] BTRFS info (device loop0): allowing degraded mounts [ 84.650916][ T5255] BTRFS info (device loop0): using free space tree [ 84.671490][ T5255] BTRFS info (device loop0): auto enabling async discard umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x555557163660, 24) = 0 [pid 5272] chdir("./13") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] memfd_create("syzkaller", 0) = 3 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5272] munmap(0x7f5790a82000, 16777216) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5272] close(3) = 0 [pid 5272] mkdir("./bus", 0777) = 0 [ 85.140946][ T5272] loop0: detected capacity change from 0 to 32768 [ 85.150321][ T5272] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5272) [ 85.166778][ T5272] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.175585][ T5272] BTRFS info (device loop0): doing ref verification [pid 5272] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5272] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5272] chdir("./bus") = 0 [pid 5272] ioctl(4, LOOP_CLR_FD) = 0 [pid 5272] close(4) = 0 [pid 5272] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5272] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5272] exit_group(0) = ? [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 85.182212][ T5272] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.193086][ T5272] BTRFS info (device loop0): force zlib compression, level 3 [ 85.200660][ T5272] BTRFS info (device loop0): allowing degraded mounts [ 85.207512][ T5272] BTRFS info (device loop0): using free space tree [ 85.227010][ T5272] BTRFS info (device loop0): auto enabling async discard umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5289 ./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x555557163660, 24) = 0 [pid 5289] chdir("./14") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] memfd_create("syzkaller", 0) = 3 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5289] munmap(0x7f5790a82000, 16777216) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5289] close(3) = 0 [pid 5289] mkdir("./bus", 0777) = 0 [ 85.713857][ T5289] loop0: detected capacity change from 0 to 32768 [ 85.724728][ T5289] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5289) [ 85.741451][ T5289] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.750463][ T5289] BTRFS info (device loop0): doing ref verification [pid 5289] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5289] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5289] chdir("./bus") = 0 [pid 5289] ioctl(4, LOOP_CLR_FD) = 0 [pid 5289] close(4) = 0 [pid 5289] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5289] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5289] exit_group(0) = ? [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 85.757241][ T5289] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.768629][ T5289] BTRFS info (device loop0): force zlib compression, level 3 [ 85.776342][ T5289] BTRFS info (device loop0): allowing degraded mounts [ 85.783172][ T5289] BTRFS info (device loop0): using free space tree [ 85.801615][ T5289] BTRFS info (device loop0): auto enabling async discard umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5306 ./strace-static-x86_64: Process 5306 attached [pid 5306] set_robust_list(0x555557163660, 24) = 0 [pid 5306] chdir("./15") = 0 [pid 5306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5306] setpgid(0, 0) = 0 [pid 5306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5306] write(3, "1000", 4) = 4 [pid 5306] close(3) = 0 [pid 5306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5306] munmap(0x7f5790a82000, 16777216) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] mkdir("./bus", 0777) = 0 [ 86.282724][ T5306] loop0: detected capacity change from 0 to 32768 [ 86.293352][ T5306] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5306) [ 86.313593][ T5306] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.322415][ T5306] BTRFS info (device loop0): doing ref verification [pid 5306] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./bus") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5306] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5306] exit_group(0) = ? [pid 5306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5306, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 86.329081][ T5306] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.339957][ T5306] BTRFS info (device loop0): force zlib compression, level 3 [ 86.347459][ T5306] BTRFS info (device loop0): allowing degraded mounts [ 86.354380][ T5306] BTRFS info (device loop0): using free space tree [ 86.374447][ T5306] BTRFS info (device loop0): auto enabling async discard umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5324 ./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x555557163660, 24) = 0 [pid 5324] chdir("./16") = 0 [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5324] setpgid(0, 0) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5324] munmap(0x7f5790a82000, 16777216) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./bus", 0777) = 0 [ 86.895697][ T5324] loop0: detected capacity change from 0 to 32768 [ 86.908546][ T5324] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5324) [ 86.930453][ T5324] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.939457][ T5324] BTRFS info (device loop0): doing ref verification [ 86.946222][ T5324] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.957457][ T5324] BTRFS info (device loop0): force zlib compression, level 3 [ 86.965059][ T5324] BTRFS info (device loop0): allowing degraded mounts [ 86.971935][ T5324] BTRFS info (device loop0): using free space tree [pid 5324] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5324] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./bus") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [ 86.993003][ T5324] BTRFS info (device loop0): auto enabling async discard [pid 5324] close(4) = 0 [pid 5324] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5324] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5324] exit_group(0) = ? [pid 5324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5324, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5341 ./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x555557163660, 24) = 0 [pid 5341] chdir("./17") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] memfd_create("syzkaller", 0) = 3 [pid 5341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5341] munmap(0x7f5790a82000, 16777216) = 0 [pid 5341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5341] close(3) = 0 [pid 5341] mkdir("./bus", 0777) = 0 [ 87.672432][ T5341] loop0: detected capacity change from 0 to 32768 [ 87.683367][ T5341] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5341) [ 87.700505][ T5341] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.709351][ T5341] BTRFS info (device loop0): doing ref verification [pid 5341] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5341] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5341] chdir("./bus") = 0 [pid 5341] ioctl(4, LOOP_CLR_FD) = 0 [pid 5341] close(4) = 0 [pid 5341] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5341] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5341] exit_group(0) = ? [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 87.716065][ T5341] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 87.726941][ T5341] BTRFS info (device loop0): force zlib compression, level 3 [ 87.734475][ T5341] BTRFS info (device loop0): allowing degraded mounts [ 87.741529][ T5341] BTRFS info (device loop0): using free space tree [ 87.760862][ T5341] BTRFS info (device loop0): auto enabling async discard umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x555557163660, 24) = 0 [pid 5359] chdir("./18") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] memfd_create("syzkaller", 0) = 3 [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5359] munmap(0x7f5790a82000, 16777216) = 0 [pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5359] close(3) = 0 [pid 5359] mkdir("./bus", 0777) = 0 [ 88.251093][ T5359] loop0: detected capacity change from 0 to 32768 [ 88.261659][ T5359] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5359) [ 88.279600][ T5359] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.288421][ T5359] BTRFS info (device loop0): doing ref verification [pid 5359] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5359] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./bus") = 0 [pid 5359] ioctl(4, LOOP_CLR_FD) = 0 [pid 5359] close(4) = 0 [pid 5359] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5359] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5359] exit_group(0) = ? [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 88.295105][ T5359] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 88.305948][ T5359] BTRFS info (device loop0): force zlib compression, level 3 [ 88.313374][ T5359] BTRFS info (device loop0): allowing degraded mounts [ 88.320227][ T5359] BTRFS info (device loop0): using free space tree [ 88.340356][ T5359] BTRFS info (device loop0): auto enabling async discard umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5376 ./strace-static-x86_64: Process 5376 attached [pid 5376] set_robust_list(0x555557163660, 24) = 0 [pid 5376] chdir("./19") = 0 [pid 5376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5376] setpgid(0, 0) = 0 [pid 5376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5376] write(3, "1000", 4) = 4 [pid 5376] close(3) = 0 [pid 5376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5376] memfd_create("syzkaller", 0) = 3 [pid 5376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5376] munmap(0x7f5790a82000, 16777216) = 0 [pid 5376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5376] close(3) = 0 [pid 5376] mkdir("./bus", 0777) = 0 [ 88.832314][ T5376] loop0: detected capacity change from 0 to 32768 [ 88.841854][ T5376] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5376) [ 88.858257][ T5376] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.867346][ T5376] BTRFS info (device loop0): doing ref verification [pid 5376] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5376] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5376] chdir("./bus") = 0 [pid 5376] ioctl(4, LOOP_CLR_FD) = 0 [pid 5376] close(4) = 0 [pid 5376] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5376] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5376] exit_group(0) = ? [pid 5376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5376, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 88.874247][ T5376] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 88.885523][ T5376] BTRFS info (device loop0): force zlib compression, level 3 [ 88.893305][ T5376] BTRFS info (device loop0): allowing degraded mounts [ 88.900578][ T5376] BTRFS info (device loop0): using free space tree [ 88.920411][ T5376] BTRFS info (device loop0): auto enabling async discard umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5393 ./strace-static-x86_64: Process 5393 attached [pid 5393] set_robust_list(0x555557163660, 24) = 0 [pid 5393] chdir("./20") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5393] memfd_create("syzkaller", 0) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5393] munmap(0x7f5790a82000, 16777216) = 0 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5393] close(3) = 0 [pid 5393] mkdir("./bus", 0777) = 0 [ 89.553261][ T5393] loop0: detected capacity change from 0 to 32768 [ 89.563735][ T5393] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5393) [ 89.580758][ T5393] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.589902][ T5393] BTRFS info (device loop0): doing ref verification [pid 5393] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5393] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5393] chdir("./bus") = 0 [pid 5393] ioctl(4, LOOP_CLR_FD) = 0 [pid 5393] close(4) = 0 [pid 5393] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5393] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5393] exit_group(0) = ? [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 89.596828][ T5393] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 89.607890][ T5393] BTRFS info (device loop0): force zlib compression, level 3 [ 89.615647][ T5393] BTRFS info (device loop0): allowing degraded mounts [ 89.622449][ T5393] BTRFS info (device loop0): using free space tree [ 89.641794][ T5393] BTRFS info (device loop0): auto enabling async discard umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x555557163660, 24) = 0 [pid 5410] chdir("./21") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] memfd_create("syzkaller", 0) = 3 [pid 5410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5410] munmap(0x7f5790a82000, 16777216) = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5410] close(3) = 0 [pid 5410] mkdir("./bus", 0777) = 0 [ 90.126755][ T5410] loop0: detected capacity change from 0 to 32768 [ 90.137970][ T5410] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5410) [ 90.154616][ T5410] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.163505][ T5410] BTRFS info (device loop0): doing ref verification [pid 5410] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5410] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5410] chdir("./bus") = 0 [pid 5410] ioctl(4, LOOP_CLR_FD) = 0 [pid 5410] close(4) = 0 [pid 5410] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5410] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5410] exit_group(0) = ? [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 90.170263][ T5410] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 90.181099][ T5410] BTRFS info (device loop0): force zlib compression, level 3 [ 90.188753][ T5410] BTRFS info (device loop0): allowing degraded mounts [ 90.195631][ T5410] BTRFS info (device loop0): using free space tree [ 90.215147][ T5410] BTRFS info (device loop0): auto enabling async discard umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5427 ./strace-static-x86_64: Process 5427 attached [pid 5427] set_robust_list(0x555557163660, 24) = 0 [pid 5427] chdir("./22") = 0 [pid 5427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5427] setpgid(0, 0) = 0 [pid 5427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5427] write(3, "1000", 4) = 4 [pid 5427] close(3) = 0 [pid 5427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5427] memfd_create("syzkaller", 0) = 3 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5427] munmap(0x7f5790a82000, 16777216) = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5427] close(3) = 0 [pid 5427] mkdir("./bus", 0777) = 0 [ 90.690541][ T5427] loop0: detected capacity change from 0 to 32768 [ 90.700217][ T5427] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5427) [ 90.716850][ T5427] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.725916][ T5427] BTRFS info (device loop0): doing ref verification [pid 5427] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5427] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5427] chdir("./bus") = 0 [pid 5427] ioctl(4, LOOP_CLR_FD) = 0 [pid 5427] close(4) = 0 [pid 5427] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5427] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5427] exit_group(0) = ? [pid 5427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5427, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 90.732814][ T5427] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 90.743736][ T5427] BTRFS info (device loop0): force zlib compression, level 3 [ 90.751347][ T5427] BTRFS info (device loop0): allowing degraded mounts [ 90.758212][ T5427] BTRFS info (device loop0): using free space tree [ 90.777032][ T5427] BTRFS info (device loop0): auto enabling async discard umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5444 ./strace-static-x86_64: Process 5444 attached [pid 5444] set_robust_list(0x555557163660, 24) = 0 [pid 5444] chdir("./23") = 0 [pid 5444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5444] setpgid(0, 0) = 0 [pid 5444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5444] write(3, "1000", 4) = 4 [pid 5444] close(3) = 0 [pid 5444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5444] memfd_create("syzkaller", 0) = 3 [pid 5444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5444] munmap(0x7f5790a82000, 16777216) = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] close(3) = 0 [pid 5444] mkdir("./bus", 0777) = 0 [ 91.254172][ T5444] loop0: detected capacity change from 0 to 32768 [ 91.264442][ T5444] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5444) [ 91.281307][ T5444] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.290133][ T5444] BTRFS info (device loop0): doing ref verification [pid 5444] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5444] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5444] chdir("./bus") = 0 [pid 5444] ioctl(4, LOOP_CLR_FD) = 0 [pid 5444] close(4) = 0 [pid 5444] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5444] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5444] exit_group(0) = ? [pid 5444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5444, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 91.296909][ T5444] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 91.307738][ T5444] BTRFS info (device loop0): force zlib compression, level 3 [ 91.315202][ T5444] BTRFS info (device loop0): allowing degraded mounts [ 91.322032][ T5444] BTRFS info (device loop0): using free space tree [ 91.341511][ T5444] BTRFS info (device loop0): auto enabling async discard umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5461 ./strace-static-x86_64: Process 5461 attached [pid 5461] set_robust_list(0x555557163660, 24) = 0 [pid 5461] chdir("./24") = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5461] setpgid(0, 0) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] write(3, "1000", 4) = 4 [pid 5461] close(3) = 0 [pid 5461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5461] memfd_create("syzkaller", 0) = 3 [pid 5461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5461] munmap(0x7f5790a82000, 16777216) = 0 [pid 5461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5461] close(3) = 0 [pid 5461] mkdir("./bus", 0777) = 0 [ 91.815448][ T5461] loop0: detected capacity change from 0 to 32768 [ 91.837059][ T917] cfg80211: failed to load regulatory.db [ 91.840732][ T5461] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5461) [ 91.857647][ T5461] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.866564][ T5461] BTRFS info (device loop0): doing ref verification [ 91.873210][ T5461] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 91.884084][ T5461] BTRFS info (device loop0): force zlib compression, level 3 [ 91.891596][ T5461] BTRFS info (device loop0): allowing degraded mounts [ 91.898786][ T5461] BTRFS info (device loop0): using free space tree [pid 5461] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5461] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5461] chdir("./bus") = 0 [pid 5461] ioctl(4, LOOP_CLR_FD) = 0 [pid 5461] close(4) = 0 [pid 5461] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5461] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5461] exit_group(0) = ? [pid 5461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 91.918424][ T5461] BTRFS info (device loop0): auto enabling async discard umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5478 ./strace-static-x86_64: Process 5478 attached [pid 5478] set_robust_list(0x555557163660, 24) = 0 [pid 5478] chdir("./25") = 0 [pid 5478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5478] setpgid(0, 0) = 0 [pid 5478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5478] write(3, "1000", 4) = 4 [pid 5478] close(3) = 0 [pid 5478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5478] memfd_create("syzkaller", 0) = 3 [pid 5478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5478] munmap(0x7f5790a82000, 16777216) = 0 [pid 5478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5478] close(3) = 0 [pid 5478] mkdir("./bus", 0777) = 0 [ 92.395829][ T5478] loop0: detected capacity change from 0 to 32768 [ 92.406024][ T5478] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5478) [ 92.421644][ T5478] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.430530][ T5478] BTRFS info (device loop0): doing ref verification [pid 5478] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5478] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5478] chdir("./bus") = 0 [pid 5478] ioctl(4, LOOP_CLR_FD) = 0 [pid 5478] close(4) = 0 [pid 5478] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5478] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5478] exit_group(0) = ? [pid 5478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5478, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 92.437255][ T5478] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 92.448122][ T5478] BTRFS info (device loop0): force zlib compression, level 3 [ 92.455691][ T5478] BTRFS info (device loop0): allowing degraded mounts [ 92.462593][ T5478] BTRFS info (device loop0): using free space tree [ 92.482428][ T5478] BTRFS info (device loop0): auto enabling async discard umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5496 ./strace-static-x86_64: Process 5496 attached [pid 5496] set_robust_list(0x555557163660, 24) = 0 [pid 5496] chdir("./26") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] memfd_create("syzkaller", 0) = 3 [pid 5496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5496] munmap(0x7f5790a82000, 16777216) = 0 [pid 5496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5496] close(3) = 0 [pid 5496] mkdir("./bus", 0777) = 0 [ 92.963746][ T5496] loop0: detected capacity change from 0 to 32768 [ 92.975062][ T5496] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5496) [ 92.992169][ T5496] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.001002][ T5496] BTRFS info (device loop0): doing ref verification [pid 5496] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5496] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5496] chdir("./bus") = 0 [pid 5496] ioctl(4, LOOP_CLR_FD) = 0 [pid 5496] close(4) = 0 [pid 5496] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5496] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5496] exit_group(0) = ? [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 93.007740][ T5496] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 93.018581][ T5496] BTRFS info (device loop0): force zlib compression, level 3 [ 93.026027][ T5496] BTRFS info (device loop0): allowing degraded mounts [ 93.032837][ T5496] BTRFS info (device loop0): using free space tree [ 93.053330][ T5496] BTRFS info (device loop0): auto enabling async discard umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5513 ./strace-static-x86_64: Process 5513 attached [pid 5513] set_robust_list(0x555557163660, 24) = 0 [pid 5513] chdir("./27") = 0 [pid 5513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5513] setpgid(0, 0) = 0 [pid 5513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5513] write(3, "1000", 4) = 4 [pid 5513] close(3) = 0 [pid 5513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5513] memfd_create("syzkaller", 0) = 3 [pid 5513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5513] munmap(0x7f5790a82000, 16777216) = 0 [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5513] close(3) = 0 [pid 5513] mkdir("./bus", 0777) = 0 [ 93.539329][ T5513] loop0: detected capacity change from 0 to 32768 [ 93.549980][ T5513] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5513) [ 93.567924][ T5513] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.576988][ T5513] BTRFS info (device loop0): doing ref verification [pid 5513] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5513] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5513] chdir("./bus") = 0 [pid 5513] ioctl(4, LOOP_CLR_FD) = 0 [pid 5513] close(4) = 0 [pid 5513] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5513] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5513] exit_group(0) = ? [pid 5513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5513, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.583881][ T5513] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 93.595340][ T5513] BTRFS info (device loop0): force zlib compression, level 3 [ 93.602785][ T5513] BTRFS info (device loop0): allowing degraded mounts [ 93.610114][ T5513] BTRFS info (device loop0): using free space tree [ 93.630722][ T5513] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5530 ./strace-static-x86_64: Process 5530 attached [pid 5530] set_robust_list(0x555557163660, 24) = 0 [pid 5530] chdir("./28") = 0 [pid 5530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5530] setpgid(0, 0) = 0 [pid 5530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5530] write(3, "1000", 4) = 4 [pid 5530] close(3) = 0 [pid 5530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5530] munmap(0x7f5790a82000, 16777216) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] mkdir("./bus", 0777) = 0 [ 94.126810][ T5530] loop0: detected capacity change from 0 to 32768 [ 94.147456][ T5530] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5530) [ 94.163009][ T5530] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.172048][ T5530] BTRFS info (device loop0): doing ref verification [ 94.178906][ T5530] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 94.190380][ T5530] BTRFS info (device loop0): force zlib compression, level 3 [ 94.198230][ T5530] BTRFS info (device loop0): allowing degraded mounts [ 94.205317][ T5530] BTRFS info (device loop0): using free space tree [pid 5530] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5530] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./bus") = 0 [pid 5530] ioctl(4, LOOP_CLR_FD) = 0 [pid 5530] close(4) = 0 [pid 5530] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5530] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5530] exit_group(0) = ? [pid 5530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5530, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 94.224448][ T5530] BTRFS info (device loop0): auto enabling async discard umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5547 ./strace-static-x86_64: Process 5547 attached [pid 5547] set_robust_list(0x555557163660, 24) = 0 [pid 5547] chdir("./29") = 0 [pid 5547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5547] setpgid(0, 0) = 0 [pid 5547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5547] write(3, "1000", 4) = 4 [pid 5547] close(3) = 0 [pid 5547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5547] memfd_create("syzkaller", 0) = 3 [pid 5547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5547] munmap(0x7f5790a82000, 16777216) = 0 [pid 5547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5547] close(3) = 0 [pid 5547] mkdir("./bus", 0777) = 0 [ 94.756690][ T5547] loop0: detected capacity change from 0 to 32768 [ 94.767842][ T5547] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5547) [ 94.783188][ T5547] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.792132][ T5547] BTRFS info (device loop0): doing ref verification [pid 5547] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5547] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5547] chdir("./bus") = 0 [pid 5547] ioctl(4, LOOP_CLR_FD) = 0 [pid 5547] close(4) = 0 [pid 5547] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5547] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5547] exit_group(0) = ? [pid 5547] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5547, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 94.798839][ T5547] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 94.809692][ T5547] BTRFS info (device loop0): force zlib compression, level 3 [ 94.817153][ T5547] BTRFS info (device loop0): allowing degraded mounts [ 94.823969][ T5547] BTRFS info (device loop0): using free space tree [ 94.844042][ T5547] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5564 ./strace-static-x86_64: Process 5564 attached [pid 5564] set_robust_list(0x555557163660, 24) = 0 [pid 5564] chdir("./30") = 0 [pid 5564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5564] setpgid(0, 0) = 0 [pid 5564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5564] write(3, "1000", 4) = 4 [pid 5564] close(3) = 0 [pid 5564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5564] memfd_create("syzkaller", 0) = 3 [pid 5564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5564] munmap(0x7f5790a82000, 16777216) = 0 [pid 5564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5564] close(3) = 0 [pid 5564] mkdir("./bus", 0777) = 0 [ 95.337933][ T5564] loop0: detected capacity change from 0 to 32768 [ 95.349254][ T5564] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5564) [ 95.366144][ T5564] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.375180][ T5564] BTRFS info (device loop0): doing ref verification [pid 5564] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5564] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5564] chdir("./bus") = 0 [pid 5564] ioctl(4, LOOP_CLR_FD) = 0 [pid 5564] close(4) = 0 [pid 5564] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5564] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5564] exit_group(0) = ? [pid 5564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5564, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 95.382027][ T5564] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 95.393306][ T5564] BTRFS info (device loop0): force zlib compression, level 3 [ 95.401185][ T5564] BTRFS info (device loop0): allowing degraded mounts [ 95.408393][ T5564] BTRFS info (device loop0): using free space tree [ 95.428551][ T5564] BTRFS info (device loop0): auto enabling async discard umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5581 ./strace-static-x86_64: Process 5581 attached [pid 5581] set_robust_list(0x555557163660, 24) = 0 [pid 5581] chdir("./31") = 0 [pid 5581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5581] setpgid(0, 0) = 0 [pid 5581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5581] write(3, "1000", 4) = 4 [pid 5581] close(3) = 0 [pid 5581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5581] memfd_create("syzkaller", 0) = 3 [pid 5581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5581] munmap(0x7f5790a82000, 16777216) = 0 [pid 5581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5581] close(3) = 0 [pid 5581] mkdir("./bus", 0777) = 0 [ 95.904869][ T5581] loop0: detected capacity change from 0 to 32768 [ 95.915163][ T5581] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5581) [ 95.930744][ T5581] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.939882][ T5581] BTRFS info (device loop0): doing ref verification [pid 5581] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5581] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5581] chdir("./bus") = 0 [pid 5581] ioctl(4, LOOP_CLR_FD) = 0 [pid 5581] close(4) = 0 [pid 5581] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5581] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5581] exit_group(0) = ? [pid 5581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5581, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 95.946893][ T5581] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 95.958102][ T5581] BTRFS info (device loop0): force zlib compression, level 3 [ 95.965904][ T5581] BTRFS info (device loop0): allowing degraded mounts [ 95.973015][ T5581] BTRFS info (device loop0): using free space tree [ 95.992432][ T5581] BTRFS info (device loop0): auto enabling async discard umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5598 ./strace-static-x86_64: Process 5598 attached [pid 5598] set_robust_list(0x555557163660, 24) = 0 [pid 5598] chdir("./32") = 0 [pid 5598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] setpgid(0, 0) = 0 [pid 5598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5598] write(3, "1000", 4) = 4 [pid 5598] close(3) = 0 [pid 5598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5598] memfd_create("syzkaller", 0) = 3 [pid 5598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5598] munmap(0x7f5790a82000, 16777216) = 0 [pid 5598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5598] close(3) = 0 [pid 5598] mkdir("./bus", 0777) = 0 [ 96.470082][ T5598] loop0: detected capacity change from 0 to 32768 [ 96.480003][ T5598] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5598) [ 96.496901][ T5598] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.505713][ T5598] BTRFS info (device loop0): doing ref verification [pid 5598] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5598] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5598] chdir("./bus") = 0 [pid 5598] ioctl(4, LOOP_CLR_FD) = 0 [pid 5598] close(4) = 0 [pid 5598] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5598] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5598] exit_group(0) = ? [pid 5598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5598, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 96.512341][ T5598] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 96.523198][ T5598] BTRFS info (device loop0): force zlib compression, level 3 [ 96.530882][ T5598] BTRFS info (device loop0): allowing degraded mounts [ 96.537761][ T5598] BTRFS info (device loop0): using free space tree [ 96.557006][ T5598] BTRFS info (device loop0): auto enabling async discard umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5615 ./strace-static-x86_64: Process 5615 attached [pid 5615] set_robust_list(0x555557163660, 24) = 0 [pid 5615] chdir("./33") = 0 [pid 5615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5615] setpgid(0, 0) = 0 [pid 5615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5615] write(3, "1000", 4) = 4 [pid 5615] close(3) = 0 [pid 5615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5615] memfd_create("syzkaller", 0) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5615] munmap(0x7f5790a82000, 16777216) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5615] close(3) = 0 [pid 5615] mkdir("./bus", 0777) = 0 [ 97.035682][ T5615] loop0: detected capacity change from 0 to 32768 [ 97.045429][ T5615] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5615) [ 97.060904][ T5615] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.069746][ T5615] BTRFS info (device loop0): doing ref verification [pid 5615] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5615] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./bus") = 0 [pid 5615] ioctl(4, LOOP_CLR_FD) = 0 [pid 5615] close(4) = 0 [pid 5615] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5615] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5615] exit_group(0) = ? [pid 5615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5615, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 97.076448][ T5615] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 97.087299][ T5615] BTRFS info (device loop0): force zlib compression, level 3 [ 97.094724][ T5615] BTRFS info (device loop0): allowing degraded mounts [ 97.101964][ T5615] BTRFS info (device loop0): using free space tree [ 97.121618][ T5615] BTRFS info (device loop0): auto enabling async discard umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5632 ./strace-static-x86_64: Process 5632 attached [pid 5632] set_robust_list(0x555557163660, 24) = 0 [pid 5632] chdir("./34") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] memfd_create("syzkaller", 0) = 3 [pid 5632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5632] munmap(0x7f5790a82000, 16777216) = 0 [pid 5632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5632] close(3) = 0 [pid 5632] mkdir("./bus", 0777) = 0 [ 97.604967][ T5632] loop0: detected capacity change from 0 to 32768 [ 97.614840][ T5632] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5632) [ 97.630891][ T5632] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.640012][ T5632] BTRFS info (device loop0): doing ref verification [pid 5632] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5632] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5632] chdir("./bus") = 0 [pid 5632] ioctl(4, LOOP_CLR_FD) = 0 [pid 5632] close(4) = 0 [pid 5632] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5632] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5632] exit_group(0) = ? [pid 5632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5632, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 97.646912][ T5632] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 97.658189][ T5632] BTRFS info (device loop0): force zlib compression, level 3 [ 97.665895][ T5632] BTRFS info (device loop0): allowing degraded mounts [ 97.672739][ T5632] BTRFS info (device loop0): using free space tree [ 97.693008][ T5632] BTRFS info (device loop0): auto enabling async discard umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5649 ./strace-static-x86_64: Process 5649 attached [pid 5649] set_robust_list(0x555557163660, 24) = 0 [pid 5649] chdir("./35") = 0 [pid 5649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5649] setpgid(0, 0) = 0 [pid 5649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5649] write(3, "1000", 4) = 4 [pid 5649] close(3) = 0 [pid 5649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5649] memfd_create("syzkaller", 0) = 3 [pid 5649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5649] munmap(0x7f5790a82000, 16777216) = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5649] close(3) = 0 [pid 5649] mkdir("./bus", 0777) = 0 [ 98.182343][ T5649] loop0: detected capacity change from 0 to 32768 [ 98.193050][ T5649] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5649) [ 98.210596][ T5649] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.219423][ T5649] BTRFS info (device loop0): doing ref verification [pid 5649] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5649] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5649] chdir("./bus") = 0 [pid 5649] ioctl(4, LOOP_CLR_FD) = 0 [pid 5649] close(4) = 0 [pid 5649] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5649] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5649] exit_group(0) = ? [pid 5649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5649, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 98.226109][ T5649] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 98.237577][ T5649] BTRFS info (device loop0): force zlib compression, level 3 [ 98.245630][ T5649] BTRFS info (device loop0): allowing degraded mounts [ 98.252780][ T5649] BTRFS info (device loop0): using free space tree [ 98.272498][ T5649] BTRFS info (device loop0): auto enabling async discard umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5666 ./strace-static-x86_64: Process 5666 attached [pid 5666] set_robust_list(0x555557163660, 24) = 0 [pid 5666] chdir("./36") = 0 [pid 5666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5666] setpgid(0, 0) = 0 [pid 5666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5666] write(3, "1000", 4) = 4 [pid 5666] close(3) = 0 [pid 5666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5666] memfd_create("syzkaller", 0) = 3 [pid 5666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5666] munmap(0x7f5790a82000, 16777216) = 0 [pid 5666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5666] close(3) = 0 [pid 5666] mkdir("./bus", 0777) = 0 [ 98.747654][ T5666] loop0: detected capacity change from 0 to 32768 [ 98.757931][ T5666] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5666) [ 98.774033][ T5666] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.783214][ T5666] BTRFS info (device loop0): doing ref verification [pid 5666] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5666] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5666] chdir("./bus") = 0 [pid 5666] ioctl(4, LOOP_CLR_FD) = 0 [pid 5666] close(4) = 0 [pid 5666] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5666] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5666] exit_group(0) = ? [pid 5666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5666, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 98.790113][ T5666] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 98.801309][ T5666] BTRFS info (device loop0): force zlib compression, level 3 [ 98.808774][ T5666] BTRFS info (device loop0): allowing degraded mounts [ 98.815627][ T5666] BTRFS info (device loop0): using free space tree [ 98.835366][ T5666] BTRFS info (device loop0): auto enabling async discard umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5683 ./strace-static-x86_64: Process 5683 attached [pid 5683] set_robust_list(0x555557163660, 24) = 0 [pid 5683] chdir("./37") = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] memfd_create("syzkaller", 0) = 3 [pid 5683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5683] munmap(0x7f5790a82000, 16777216) = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5683] close(3) = 0 [pid 5683] mkdir("./bus", 0777) = 0 [ 99.308745][ T5683] loop0: detected capacity change from 0 to 32768 [ 99.319292][ T5683] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5683) [ 99.336005][ T5683] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.344756][ T5683] BTRFS info (device loop0): doing ref verification [pid 5683] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5683] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5683] chdir("./bus") = 0 [pid 5683] ioctl(4, LOOP_CLR_FD) = 0 [pid 5683] close(4) = 0 [pid 5683] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5683] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5683] exit_group(0) = ? [pid 5683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5683, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 99.351591][ T5683] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 99.362477][ T5683] BTRFS info (device loop0): force zlib compression, level 3 [ 99.369954][ T5683] BTRFS info (device loop0): allowing degraded mounts [ 99.376846][ T5683] BTRFS info (device loop0): using free space tree [ 99.396946][ T5683] BTRFS info (device loop0): auto enabling async discard umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5700 ./strace-static-x86_64: Process 5700 attached [pid 5700] set_robust_list(0x555557163660, 24) = 0 [pid 5700] chdir("./38") = 0 [pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5700] setpgid(0, 0) = 0 [pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5700] write(3, "1000", 4) = 4 [pid 5700] close(3) = 0 [pid 5700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5700] memfd_create("syzkaller", 0) = 3 [pid 5700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5700] munmap(0x7f5790a82000, 16777216) = 0 [pid 5700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5700] close(3) = 0 [pid 5700] mkdir("./bus", 0777) = 0 [ 99.892865][ T5700] loop0: detected capacity change from 0 to 32768 [ 99.902909][ T5700] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5700) [ 99.919839][ T5700] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.928965][ T5700] BTRFS info (device loop0): doing ref verification [pid 5700] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5700] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5700] chdir("./bus") = 0 [pid 5700] ioctl(4, LOOP_CLR_FD) = 0 [pid 5700] close(4) = 0 [pid 5700] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5700] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5700] exit_group(0) = ? [pid 5700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5700, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 99.936124][ T5700] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 99.947068][ T5700] BTRFS info (device loop0): force zlib compression, level 3 [ 99.954907][ T5700] BTRFS info (device loop0): allowing degraded mounts [ 99.961714][ T5700] BTRFS info (device loop0): using free space tree [ 99.980702][ T5700] BTRFS info (device loop0): auto enabling async discard umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5717 ./strace-static-x86_64: Process 5717 attached [pid 5717] set_robust_list(0x555557163660, 24) = 0 [pid 5717] chdir("./39") = 0 [pid 5717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5717] setpgid(0, 0) = 0 [pid 5717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5717] write(3, "1000", 4) = 4 [pid 5717] close(3) = 0 [pid 5717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5717] memfd_create("syzkaller", 0) = 3 [pid 5717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5717] munmap(0x7f5790a82000, 16777216) = 0 [pid 5717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5717] close(3) = 0 [pid 5717] mkdir("./bus", 0777) = 0 [ 100.479072][ T5717] loop0: detected capacity change from 0 to 32768 [ 100.489262][ T5717] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5717) [ 100.507638][ T5717] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.516417][ T5717] BTRFS info (device loop0): doing ref verification [pid 5717] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5717] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5717] chdir("./bus") = 0 [pid 5717] ioctl(4, LOOP_CLR_FD) = 0 [pid 5717] close(4) = 0 [pid 5717] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5717] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5717] exit_group(0) = ? [pid 5717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5717, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 100.523038][ T5717] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 100.534204][ T5717] BTRFS info (device loop0): force zlib compression, level 3 [ 100.542010][ T5717] BTRFS info (device loop0): allowing degraded mounts [ 100.549237][ T5717] BTRFS info (device loop0): using free space tree [ 100.569407][ T5717] BTRFS info (device loop0): auto enabling async discard umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5734 ./strace-static-x86_64: Process 5734 attached [pid 5734] set_robust_list(0x555557163660, 24) = 0 [pid 5734] chdir("./40") = 0 [pid 5734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5734] setpgid(0, 0) = 0 [pid 5734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5734] write(3, "1000", 4) = 4 [pid 5734] close(3) = 0 [pid 5734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5734] memfd_create("syzkaller", 0) = 3 [pid 5734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5734] munmap(0x7f5790a82000, 16777216) = 0 [pid 5734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5734] close(3) = 0 [pid 5734] mkdir("./bus", 0777) = 0 [ 101.041666][ T5734] loop0: detected capacity change from 0 to 32768 [ 101.051566][ T5734] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5734) [ 101.067783][ T5734] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.076588][ T5734] BTRFS info (device loop0): doing ref verification [pid 5734] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5734] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5734] chdir("./bus") = 0 [pid 5734] ioctl(4, LOOP_CLR_FD) = 0 [pid 5734] close(4) = 0 [pid 5734] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5734] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5734] exit_group(0) = ? [pid 5734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5734, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 101.083229][ T5734] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 101.094433][ T5734] BTRFS info (device loop0): force zlib compression, level 3 [ 101.102112][ T5734] BTRFS info (device loop0): allowing degraded mounts [ 101.109070][ T5734] BTRFS info (device loop0): using free space tree [ 101.129047][ T5734] BTRFS info (device loop0): auto enabling async discard umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5751 ./strace-static-x86_64: Process 5751 attached [pid 5751] set_robust_list(0x555557163660, 24) = 0 [pid 5751] chdir("./41") = 0 [pid 5751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5751] setpgid(0, 0) = 0 [pid 5751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5751] write(3, "1000", 4) = 4 [pid 5751] close(3) = 0 [pid 5751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5751] memfd_create("syzkaller", 0) = 3 [pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5751] munmap(0x7f5790a82000, 16777216) = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5751] close(3) = 0 [pid 5751] mkdir("./bus", 0777) = 0 [ 101.598777][ T5751] loop0: detected capacity change from 0 to 32768 [ 101.618577][ T5751] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5751) [ 101.635476][ T5751] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.644209][ T5751] BTRFS info (device loop0): doing ref verification [ 101.650921][ T5751] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 101.661881][ T5751] BTRFS info (device loop0): force zlib compression, level 3 [ 101.669473][ T5751] BTRFS info (device loop0): allowing degraded mounts [ 101.676292][ T5751] BTRFS info (device loop0): using free space tree [pid 5751] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5751] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5751] chdir("./bus") = 0 [pid 5751] ioctl(4, LOOP_CLR_FD) = 0 [pid 5751] close(4) = 0 [pid 5751] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5751] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5751] exit_group(0) = ? [pid 5751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5751, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 101.696685][ T5751] BTRFS info (device loop0): auto enabling async discard umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5768 ./strace-static-x86_64: Process 5768 attached [pid 5768] set_robust_list(0x555557163660, 24) = 0 [pid 5768] chdir("./42") = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5768] memfd_create("syzkaller", 0) = 3 [pid 5768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5768] munmap(0x7f5790a82000, 16777216) = 0 [pid 5768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5768] close(3) = 0 [pid 5768] mkdir("./bus", 0777) = 0 [ 102.176164][ T5768] loop0: detected capacity change from 0 to 32768 [ 102.186842][ T5768] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5768) [ 102.201825][ T5768] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.210841][ T5768] BTRFS info (device loop0): doing ref verification [pid 5768] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5768] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5768] chdir("./bus") = 0 [pid 5768] ioctl(4, LOOP_CLR_FD) = 0 [pid 5768] close(4) = 0 [pid 5768] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5768] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5768] exit_group(0) = ? [pid 5768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5768, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 102.217702][ T5768] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 102.228913][ T5768] BTRFS info (device loop0): force zlib compression, level 3 [ 102.236667][ T5768] BTRFS info (device loop0): allowing degraded mounts [ 102.243494][ T5768] BTRFS info (device loop0): using free space tree [ 102.262862][ T5768] BTRFS info (device loop0): auto enabling async discard umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5785 ./strace-static-x86_64: Process 5785 attached [pid 5785] set_robust_list(0x555557163660, 24) = 0 [pid 5785] chdir("./43") = 0 [pid 5785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5785] setpgid(0, 0) = 0 [pid 5785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5785] write(3, "1000", 4) = 4 [pid 5785] close(3) = 0 [pid 5785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5785] memfd_create("syzkaller", 0) = 3 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5785] munmap(0x7f5790a82000, 16777216) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5785] close(3) = 0 [pid 5785] mkdir("./bus", 0777) = 0 [ 102.736834][ T5785] loop0: detected capacity change from 0 to 32768 [ 102.746615][ T5785] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5785) [ 102.761434][ T5785] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.770550][ T5785] BTRFS info (device loop0): doing ref verification [pid 5785] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5785] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5785] chdir("./bus") = 0 [pid 5785] ioctl(4, LOOP_CLR_FD) = 0 [pid 5785] close(4) = 0 [pid 5785] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5785] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5785] exit_group(0) = ? [pid 5785] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5785, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 102.777347][ T5785] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 102.788272][ T5785] BTRFS info (device loop0): force zlib compression, level 3 [ 102.795809][ T5785] BTRFS info (device loop0): allowing degraded mounts [ 102.802622][ T5785] BTRFS info (device loop0): using free space tree [ 102.822444][ T5785] BTRFS info (device loop0): auto enabling async discard umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5802 ./strace-static-x86_64: Process 5802 attached [pid 5802] set_robust_list(0x555557163660, 24) = 0 [pid 5802] chdir("./44") = 0 [pid 5802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5802] setpgid(0, 0) = 0 [pid 5802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5802] write(3, "1000", 4) = 4 [pid 5802] close(3) = 0 [pid 5802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5802] memfd_create("syzkaller", 0) = 3 [pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5802] munmap(0x7f5790a82000, 16777216) = 0 [pid 5802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5802] close(3) = 0 [pid 5802] mkdir("./bus", 0777) = 0 [ 103.302702][ T5802] loop0: detected capacity change from 0 to 32768 [ 103.312477][ T5802] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5802) [ 103.330120][ T5802] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.339380][ T5802] BTRFS info (device loop0): doing ref verification [pid 5802] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5802] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5802] chdir("./bus") = 0 [pid 5802] ioctl(4, LOOP_CLR_FD) = 0 [pid 5802] close(4) = 0 [pid 5802] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5802] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5802] exit_group(0) = ? [pid 5802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5802, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 103.346177][ T5802] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 103.357395][ T5802] BTRFS info (device loop0): force zlib compression, level 3 [ 103.365226][ T5802] BTRFS info (device loop0): allowing degraded mounts [ 103.372072][ T5802] BTRFS info (device loop0): using free space tree [ 103.392731][ T5802] BTRFS info (device loop0): auto enabling async discard umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5819 ./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x555557163660, 24) = 0 [pid 5819] chdir("./45") = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] memfd_create("syzkaller", 0) = 3 [pid 5819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5819] munmap(0x7f5790a82000, 16777216) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5819] close(3) = 0 [pid 5819] mkdir("./bus", 0777) = 0 [ 103.872236][ T5819] loop0: detected capacity change from 0 to 32768 [ 103.882309][ T5819] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5819) [ 103.898160][ T5819] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.907415][ T5819] BTRFS info (device loop0): doing ref verification [pid 5819] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5819] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5819] chdir("./bus") = 0 [pid 5819] ioctl(4, LOOP_CLR_FD) = 0 [pid 5819] close(4) = 0 [pid 5819] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5819] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5819] exit_group(0) = ? [pid 5819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 103.914328][ T5819] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 103.925823][ T5819] BTRFS info (device loop0): force zlib compression, level 3 [ 103.933596][ T5819] BTRFS info (device loop0): allowing degraded mounts [ 103.940980][ T5819] BTRFS info (device loop0): using free space tree [ 103.960638][ T5819] BTRFS info (device loop0): auto enabling async discard umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5836 ./strace-static-x86_64: Process 5836 attached [pid 5836] set_robust_list(0x555557163660, 24) = 0 [pid 5836] chdir("./46") = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] memfd_create("syzkaller", 0) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5836] munmap(0x7f5790a82000, 16777216) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] mkdir("./bus", 0777) = 0 [ 104.461389][ T5836] loop0: detected capacity change from 0 to 32768 [ 104.470921][ T5836] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5836) [ 104.488155][ T5836] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.496939][ T5836] BTRFS info (device loop0): doing ref verification [pid 5836] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5836] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./bus") = 0 [pid 5836] ioctl(4, LOOP_CLR_FD) = 0 [pid 5836] close(4) = 0 [pid 5836] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5836] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 104.503589][ T5836] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 104.514478][ T5836] BTRFS info (device loop0): force zlib compression, level 3 [ 104.521926][ T5836] BTRFS info (device loop0): allowing degraded mounts [ 104.528753][ T5836] BTRFS info (device loop0): using free space tree [ 104.548148][ T5836] BTRFS info (device loop0): auto enabling async discard umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5853 ./strace-static-x86_64: Process 5853 attached [pid 5853] set_robust_list(0x555557163660, 24) = 0 [pid 5853] chdir("./47") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5853] munmap(0x7f5790a82000, 16777216) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] mkdir("./bus", 0777) = 0 [ 105.022011][ T5853] loop0: detected capacity change from 0 to 32768 [ 105.032669][ T5853] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5853) [ 105.047931][ T5853] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.057165][ T5853] BTRFS info (device loop0): doing ref verification [pid 5853] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5853] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./bus") = 0 [pid 5853] ioctl(4, LOOP_CLR_FD) = 0 [pid 5853] close(4) = 0 [pid 5853] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5853] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5853] exit_group(0) = ? [pid 5853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 105.064068][ T5853] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 105.075287][ T5853] BTRFS info (device loop0): force zlib compression, level 3 [ 105.082715][ T5853] BTRFS info (device loop0): allowing degraded mounts [ 105.089598][ T5853] BTRFS info (device loop0): using free space tree [ 105.108351][ T5853] BTRFS info (device loop0): auto enabling async discard umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5870 ./strace-static-x86_64: Process 5870 attached [pid 5870] set_robust_list(0x555557163660, 24) = 0 [pid 5870] chdir("./48") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5870] munmap(0x7f5790a82000, 16777216) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] close(3) = 0 [pid 5870] mkdir("./bus", 0777) = 0 [ 105.589066][ T5870] loop0: detected capacity change from 0 to 32768 [ 105.600345][ T5870] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5870) [ 105.618191][ T5870] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.627540][ T5870] BTRFS info (device loop0): doing ref verification [pid 5870] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5870] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./bus") = 0 [pid 5870] ioctl(4, LOOP_CLR_FD) = 0 [pid 5870] close(4) = 0 [pid 5870] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5870] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5870] exit_group(0) = ? [pid 5870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 105.634500][ T5870] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 105.645819][ T5870] BTRFS info (device loop0): force zlib compression, level 3 [ 105.653554][ T5870] BTRFS info (device loop0): allowing degraded mounts [ 105.660831][ T5870] BTRFS info (device loop0): using free space tree [ 105.681231][ T5870] BTRFS info (device loop0): auto enabling async discard umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5887 ./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x555557163660, 24) = 0 [pid 5887] chdir("./49") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5887] munmap(0x7f5790a82000, 16777216) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] mkdir("./bus", 0777) = 0 [ 106.180445][ T5887] loop0: detected capacity change from 0 to 32768 [ 106.190052][ T5887] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5887) [ 106.205053][ T5887] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.213802][ T5887] BTRFS info (device loop0): doing ref verification [pid 5887] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5887] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./bus") = 0 [pid 5887] ioctl(4, LOOP_CLR_FD) = 0 [pid 5887] close(4) = 0 [pid 5887] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5887] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5887] exit_group(0) = ? [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 106.220702][ T5887] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 106.231581][ T5887] BTRFS info (device loop0): force zlib compression, level 3 [ 106.239156][ T5887] BTRFS info (device loop0): allowing degraded mounts [ 106.246063][ T5887] BTRFS info (device loop0): using free space tree [ 106.266093][ T5887] BTRFS info (device loop0): auto enabling async discard umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5904 ./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x555557163660, 24) = 0 [pid 5904] chdir("./50") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5904] munmap(0x7f5790a82000, 16777216) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] close(3) = 0 [pid 5904] mkdir("./bus", 0777) = 0 [ 106.765177][ T5904] loop0: detected capacity change from 0 to 32768 [ 106.775461][ T5904] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5904) [ 106.791608][ T5904] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.800759][ T5904] BTRFS info (device loop0): doing ref verification [pid 5904] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5904] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./bus") = 0 [pid 5904] ioctl(4, LOOP_CLR_FD) = 0 [pid 5904] close(4) = 0 [pid 5904] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5904] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5904] exit_group(0) = ? [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 106.807736][ T5904] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 106.818777][ T5904] BTRFS info (device loop0): force zlib compression, level 3 [ 106.826265][ T5904] BTRFS info (device loop0): allowing degraded mounts [ 106.833070][ T5904] BTRFS info (device loop0): using free space tree [ 106.852793][ T5904] BTRFS info (device loop0): auto enabling async discard umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5921 ./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x555557163660, 24) = 0 [pid 5921] chdir("./51") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5921] munmap(0x7f5790a82000, 16777216) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] mkdir("./bus", 0777) = 0 [ 107.343028][ T5921] loop0: detected capacity change from 0 to 32768 [ 107.352456][ T5921] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5921) [ 107.367911][ T5921] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.376777][ T5921] BTRFS info (device loop0): doing ref verification [pid 5921] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./bus") = 0 [pid 5921] ioctl(4, LOOP_CLR_FD) = 0 [pid 5921] close(4) = 0 [pid 5921] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5921] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5921] exit_group(0) = ? [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 107.385960][ T5921] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 107.396860][ T5921] BTRFS info (device loop0): force zlib compression, level 3 [ 107.404298][ T5921] BTRFS info (device loop0): allowing degraded mounts [ 107.411199][ T5921] BTRFS info (device loop0): using free space tree [ 107.430594][ T5921] BTRFS info (device loop0): auto enabling async discard umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5938 ./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x555557163660, 24) = 0 [pid 5938] chdir("./52") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] memfd_create("syzkaller", 0) = 3 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5938] munmap(0x7f5790a82000, 16777216) = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5938] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5938] close(3) = 0 [pid 5938] mkdir("./bus", 0777) = 0 [ 107.910359][ T5938] loop0: detected capacity change from 0 to 32768 [ 107.919585][ T5938] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5938) [ 107.936683][ T5938] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.945809][ T5938] BTRFS info (device loop0): doing ref verification [pid 5938] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5938] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5938] chdir("./bus") = 0 [pid 5938] ioctl(4, LOOP_CLR_FD) = 0 [pid 5938] close(4) = 0 [pid 5938] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5938] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5938] exit_group(0) = ? [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 107.952714][ T5938] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 107.963991][ T5938] BTRFS info (device loop0): force zlib compression, level 3 [ 107.971540][ T5938] BTRFS info (device loop0): allowing degraded mounts [ 107.978455][ T5938] BTRFS info (device loop0): using free space tree [ 107.997552][ T5938] BTRFS info (device loop0): auto enabling async discard umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5955 ./strace-static-x86_64: Process 5955 attached [pid 5955] set_robust_list(0x555557163660, 24) = 0 [pid 5955] chdir("./53") = 0 [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5955] setpgid(0, 0) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5955] write(3, "1000", 4) = 4 [pid 5955] close(3) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5955] munmap(0x7f5790a82000, 16777216) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] mkdir("./bus", 0777) = 0 [ 108.489860][ T5955] loop0: detected capacity change from 0 to 32768 [ 108.499413][ T5955] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5955) [ 108.514625][ T5955] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.523507][ T5955] BTRFS info (device loop0): doing ref verification [pid 5955] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5955] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./bus") = 0 [pid 5955] ioctl(4, LOOP_CLR_FD) = 0 [pid 5955] close(4) = 0 [pid 5955] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5955] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5955] exit_group(0) = ? [pid 5955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 108.530190][ T5955] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 108.541013][ T5955] BTRFS info (device loop0): force zlib compression, level 3 [ 108.548653][ T5955] BTRFS info (device loop0): allowing degraded mounts [ 108.555545][ T5955] BTRFS info (device loop0): using free space tree [ 108.575449][ T5955] BTRFS info (device loop0): auto enabling async discard umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5972 ./strace-static-x86_64: Process 5972 attached [pid 5972] set_robust_list(0x555557163660, 24) = 0 [pid 5972] chdir("./54") = 0 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5972] setpgid(0, 0) = 0 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5972] write(3, "1000", 4) = 4 [pid 5972] close(3) = 0 [pid 5972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5972] memfd_create("syzkaller", 0) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5972] munmap(0x7f5790a82000, 16777216) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] mkdir("./bus", 0777) = 0 [ 109.053199][ T5972] loop0: detected capacity change from 0 to 32768 [ 109.063241][ T5972] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5972) [ 109.078706][ T5972] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.087637][ T5972] BTRFS info (device loop0): doing ref verification [pid 5972] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5972] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./bus") = 0 [pid 5972] ioctl(4, LOOP_CLR_FD) = 0 [pid 5972] close(4) = 0 [pid 5972] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5972] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5972] exit_group(0) = ? [pid 5972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 109.094270][ T5972] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 109.105233][ T5972] BTRFS info (device loop0): force zlib compression, level 3 [ 109.113002][ T5972] BTRFS info (device loop0): allowing degraded mounts [ 109.120305][ T5972] BTRFS info (device loop0): using free space tree [ 109.140013][ T5972] BTRFS info (device loop0): auto enabling async discard umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 5989 ./strace-static-x86_64: Process 5989 attached [pid 5989] set_robust_list(0x555557163660, 24) = 0 [pid 5989] chdir("./55") = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5989] setpgid(0, 0) = 0 [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5989] close(3) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5989] memfd_create("syzkaller", 0) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 5989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5989] munmap(0x7f5790a82000, 16777216) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] mkdir("./bus", 0777) = 0 [ 109.635760][ T5989] loop0: detected capacity change from 0 to 32768 [ 109.645183][ T5989] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (5989) [ 109.661240][ T5989] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.670092][ T5989] BTRFS info (device loop0): doing ref verification [pid 5989] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5989] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./bus") = 0 [pid 5989] ioctl(4, LOOP_CLR_FD) = 0 [pid 5989] close(4) = 0 [pid 5989] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5989] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5989] exit_group(0) = ? [pid 5989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 109.676789][ T5989] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 109.687663][ T5989] BTRFS info (device loop0): force zlib compression, level 3 [ 109.695163][ T5989] BTRFS info (device loop0): allowing degraded mounts [ 109.701971][ T5989] BTRFS info (device loop0): using free space tree [ 109.721857][ T5989] BTRFS info (device loop0): auto enabling async discard umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6007 ./strace-static-x86_64: Process 6007 attached [pid 6007] set_robust_list(0x555557163660, 24) = 0 [pid 6007] chdir("./56") = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6007] setpgid(0, 0) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6007] write(3, "1000", 4) = 4 [pid 6007] close(3) = 0 [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6007] munmap(0x7f5790a82000, 16777216) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] mkdir("./bus", 0777) = 0 [ 110.208761][ T6007] loop0: detected capacity change from 0 to 32768 [ 110.219147][ T6007] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6007) [ 110.236222][ T6007] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.245149][ T6007] BTRFS info (device loop0): doing ref verification [pid 6007] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6007] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("./bus") = 0 [pid 6007] ioctl(4, LOOP_CLR_FD) = 0 [pid 6007] close(4) = 0 [pid 6007] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6007] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6007] exit_group(0) = ? [pid 6007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 110.251760][ T6007] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 110.263207][ T6007] BTRFS info (device loop0): force zlib compression, level 3 [ 110.270783][ T6007] BTRFS info (device loop0): allowing degraded mounts [ 110.278035][ T6007] BTRFS info (device loop0): using free space tree [ 110.298867][ T6007] BTRFS info (device loop0): auto enabling async discard umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6024 ./strace-static-x86_64: Process 6024 attached [pid 6024] set_robust_list(0x555557163660, 24) = 0 [pid 6024] chdir("./57") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6024] munmap(0x7f5790a82000, 16777216) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] mkdir("./bus", 0777) = 0 [ 110.769345][ T6024] loop0: detected capacity change from 0 to 32768 [ 110.780634][ T6024] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6024) [ 110.797538][ T6024] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.806581][ T6024] BTRFS info (device loop0): doing ref verification [pid 6024] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./bus") = 0 [pid 6024] ioctl(4, LOOP_CLR_FD) = 0 [pid 6024] close(4) = 0 [pid 6024] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6024] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6024] exit_group(0) = ? [pid 6024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 110.813460][ T6024] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 110.824484][ T6024] BTRFS info (device loop0): force zlib compression, level 3 [ 110.832318][ T6024] BTRFS info (device loop0): allowing degraded mounts [ 110.839161][ T6024] BTRFS info (device loop0): using free space tree [ 110.858084][ T6024] BTRFS info (device loop0): auto enabling async discard umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6041 ./strace-static-x86_64: Process 6041 attached [pid 6041] set_robust_list(0x555557163660, 24) = 0 [pid 6041] chdir("./58") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] memfd_create("syzkaller", 0) = 3 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6041] munmap(0x7f5790a82000, 16777216) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6041] close(3) = 0 [pid 6041] mkdir("./bus", 0777) = 0 [ 111.346898][ T6041] loop0: detected capacity change from 0 to 32768 [ 111.356971][ T6041] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6041) [ 111.373715][ T6041] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.382773][ T6041] BTRFS info (device loop0): doing ref verification [pid 6041] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./bus") = 0 [pid 6041] ioctl(4, LOOP_CLR_FD) = 0 [pid 6041] close(4) = 0 [pid 6041] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6041] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6041] exit_group(0) = ? [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 111.389738][ T6041] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 111.400961][ T6041] BTRFS info (device loop0): force zlib compression, level 3 [ 111.408698][ T6041] BTRFS info (device loop0): allowing degraded mounts [ 111.415569][ T6041] BTRFS info (device loop0): using free space tree [ 111.434273][ T6041] BTRFS info (device loop0): auto enabling async discard umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6059 ./strace-static-x86_64: Process 6059 attached [pid 6059] set_robust_list(0x555557163660, 24) = 0 [pid 6059] chdir("./59") = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6059] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6059] memfd_create("syzkaller", 0) = 3 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6059] munmap(0x7f5790a82000, 16777216) = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6059] close(3) = 0 [pid 6059] mkdir("./bus", 0777) = 0 [ 111.921952][ T6059] loop0: detected capacity change from 0 to 32768 [ 111.931875][ T6059] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6059) [ 111.948819][ T6059] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.957672][ T6059] BTRFS info (device loop0): doing ref verification [pid 6059] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6059] chdir("./bus") = 0 [pid 6059] ioctl(4, LOOP_CLR_FD) = 0 [pid 6059] close(4) = 0 [pid 6059] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6059] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6059] exit_group(0) = ? [pid 6059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 111.964309][ T6059] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 111.975216][ T6059] BTRFS info (device loop0): force zlib compression, level 3 [ 111.982724][ T6059] BTRFS info (device loop0): allowing degraded mounts [ 111.989782][ T6059] BTRFS info (device loop0): using free space tree [ 112.010156][ T6059] BTRFS info (device loop0): auto enabling async discard umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6077 ./strace-static-x86_64: Process 6077 attached [pid 6077] set_robust_list(0x555557163660, 24) = 0 [pid 6077] chdir("./60") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6077] memfd_create("syzkaller", 0) = 3 [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6077] munmap(0x7f5790a82000, 16777216) = 0 [pid 6077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6077] close(3) = 0 [pid 6077] mkdir("./bus", 0777) = 0 [ 112.487958][ T6077] loop0: detected capacity change from 0 to 32768 [ 112.498279][ T6077] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6077) [ 112.514025][ T6077] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.523208][ T6077] BTRFS info (device loop0): doing ref verification [pid 6077] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6077] chdir("./bus") = 0 [pid 6077] ioctl(4, LOOP_CLR_FD) = 0 [pid 6077] close(4) = 0 [pid 6077] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6077] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6077] exit_group(0) = ? [pid 6077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 112.530283][ T6077] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 112.541448][ T6077] BTRFS info (device loop0): force zlib compression, level 3 [ 112.549038][ T6077] BTRFS info (device loop0): allowing degraded mounts [ 112.556028][ T6077] BTRFS info (device loop0): using free space tree [ 112.575984][ T6077] BTRFS info (device loop0): auto enabling async discard umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6094 ./strace-static-x86_64: Process 6094 attached [pid 6094] set_robust_list(0x555557163660, 24) = 0 [pid 6094] chdir("./61") = 0 [pid 6094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6094] setpgid(0, 0) = 0 [pid 6094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6094] write(3, "1000", 4) = 4 [pid 6094] close(3) = 0 [pid 6094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6094] memfd_create("syzkaller", 0) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6094] munmap(0x7f5790a82000, 16777216) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] mkdir("./bus", 0777) = 0 [ 113.057483][ T6094] loop0: detected capacity change from 0 to 32768 [ 113.068171][ T6094] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6094) [ 113.084247][ T6094] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.093661][ T6094] BTRFS info (device loop0): doing ref verification [pid 6094] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./bus") = 0 [pid 6094] ioctl(4, LOOP_CLR_FD) = 0 [pid 6094] close(4) = 0 [pid 6094] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6094] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [ 113.100661][ T6094] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 113.111676][ T6094] BTRFS info (device loop0): force zlib compression, level 3 [ 113.119282][ T6094] BTRFS info (device loop0): allowing degraded mounts [ 113.126138][ T6094] BTRFS info (device loop0): using free space tree [ 113.147067][ T6094] BTRFS info (device loop0): auto enabling async discard [pid 6094] exit_group(0) = ? [pid 6094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6094, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6114 ./strace-static-x86_64: Process 6114 attached [pid 6114] set_robust_list(0x555557163660, 24) = 0 [pid 6114] chdir("./62") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] memfd_create("syzkaller", 0) = 3 [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6114] munmap(0x7f5790a82000, 16777216) = 0 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6114] close(3) = 0 [pid 6114] mkdir("./bus", 0777) = 0 [ 113.644474][ T6114] loop0: detected capacity change from 0 to 32768 [ 113.655983][ T6114] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6114) [ 113.672017][ T6114] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.680905][ T6114] BTRFS info (device loop0): doing ref verification [pid 6114] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6114] chdir("./bus") = 0 [pid 6114] ioctl(4, LOOP_CLR_FD) = 0 [pid 6114] close(4) = 0 [pid 6114] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6114] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6114] exit_group(0) = ? [pid 6114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 113.687716][ T6114] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 113.698612][ T6114] BTRFS info (device loop0): force zlib compression, level 3 [ 113.706094][ T6114] BTRFS info (device loop0): allowing degraded mounts [ 113.712905][ T6114] BTRFS info (device loop0): using free space tree [ 113.731994][ T6114] BTRFS info (device loop0): auto enabling async discard umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6132 ./strace-static-x86_64: Process 6132 attached [pid 6132] set_robust_list(0x555557163660, 24) = 0 [pid 6132] chdir("./63") = 0 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6132] setpgid(0, 0) = 0 [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6132] write(3, "1000", 4) = 4 [pid 6132] close(3) = 0 [pid 6132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6132] memfd_create("syzkaller", 0) = 3 [pid 6132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6132] munmap(0x7f5790a82000, 16777216) = 0 [pid 6132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6132] close(3) = 0 [pid 6132] mkdir("./bus", 0777) = 0 [ 114.228177][ T6132] loop0: detected capacity change from 0 to 32768 [ 114.241320][ T6132] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6132) [ 114.258759][ T6132] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.267715][ T6132] BTRFS info (device loop0): doing ref verification [ 114.274348][ T6132] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 114.285703][ T6132] BTRFS info (device loop0): force zlib compression, level 3 [ 114.293148][ T6132] BTRFS info (device loop0): allowing degraded mounts [ 114.300054][ T6132] BTRFS info (device loop0): using free space tree [pid 6132] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6132] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6132] chdir("./bus") = 0 [pid 6132] ioctl(4, LOOP_CLR_FD) = 0 [pid 6132] close(4) = 0 [pid 6132] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6132] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6132] exit_group(0) = ? [pid 6132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6132, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 114.322408][ T6132] BTRFS info (device loop0): auto enabling async discard umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6150 ./strace-static-x86_64: Process 6150 attached [pid 6150] set_robust_list(0x555557163660, 24) = 0 [pid 6150] chdir("./64") = 0 [pid 6150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6150] setpgid(0, 0) = 0 [pid 6150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6150] write(3, "1000", 4) = 4 [pid 6150] close(3) = 0 [pid 6150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6150] memfd_create("syzkaller", 0) = 3 [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6150] munmap(0x7f5790a82000, 16777216) = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6150] close(3) = 0 [pid 6150] mkdir("./bus", 0777) = 0 [ 114.846546][ T6150] loop0: detected capacity change from 0 to 32768 [ 114.856274][ T6150] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6150) [ 114.871693][ T6150] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.880645][ T6150] BTRFS info (device loop0): doing ref verification [pid 6150] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6150] chdir("./bus") = 0 [pid 6150] ioctl(4, LOOP_CLR_FD) = 0 [pid 6150] close(4) = 0 [pid 6150] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6150] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6150] exit_group(0) = ? [pid 6150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6150, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 114.887331][ T6150] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 114.898199][ T6150] BTRFS info (device loop0): force zlib compression, level 3 [ 114.905637][ T6150] BTRFS info (device loop0): allowing degraded mounts [ 114.912424][ T6150] BTRFS info (device loop0): using free space tree [ 114.933010][ T6150] BTRFS info (device loop0): auto enabling async discard umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6167 ./strace-static-x86_64: Process 6167 attached [pid 6167] set_robust_list(0x555557163660, 24) = 0 [pid 6167] chdir("./65") = 0 [pid 6167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6167] setpgid(0, 0) = 0 [pid 6167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6167] write(3, "1000", 4) = 4 [pid 6167] close(3) = 0 [pid 6167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6167] memfd_create("syzkaller", 0) = 3 [pid 6167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6167] munmap(0x7f5790a82000, 16777216) = 0 [pid 6167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6167] close(3) = 0 [pid 6167] mkdir("./bus", 0777) = 0 [ 115.411176][ T6167] loop0: detected capacity change from 0 to 32768 [ 115.420863][ T6167] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6167) [ 115.438203][ T6167] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.447129][ T6167] BTRFS info (device loop0): doing ref verification [pid 6167] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6167] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6167] chdir("./bus") = 0 [pid 6167] ioctl(4, LOOP_CLR_FD) = 0 [pid 6167] close(4) = 0 [pid 6167] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6167] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6167] exit_group(0) = ? [pid 6167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6167, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 115.453765][ T6167] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 115.464681][ T6167] BTRFS info (device loop0): force zlib compression, level 3 [ 115.472133][ T6167] BTRFS info (device loop0): allowing degraded mounts [ 115.478961][ T6167] BTRFS info (device loop0): using free space tree [ 115.498667][ T6167] BTRFS info (device loop0): auto enabling async discard umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6184 ./strace-static-x86_64: Process 6184 attached [pid 6184] set_robust_list(0x555557163660, 24) = 0 [pid 6184] chdir("./66") = 0 [pid 6184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6184] setpgid(0, 0) = 0 [pid 6184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6184] write(3, "1000", 4) = 4 [pid 6184] close(3) = 0 [pid 6184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6184] memfd_create("syzkaller", 0) = 3 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6184] munmap(0x7f5790a82000, 16777216) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6184] close(3) = 0 [pid 6184] mkdir("./bus", 0777) = 0 [ 115.974736][ T6184] loop0: detected capacity change from 0 to 32768 [ 115.985386][ T6184] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6184) [ 116.001194][ T6184] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.010356][ T6184] BTRFS info (device loop0): doing ref verification [pid 6184] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6184] chdir("./bus") = 0 [pid 6184] ioctl(4, LOOP_CLR_FD) = 0 [pid 6184] close(4) = 0 [pid 6184] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6184] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6184] exit_group(0) = ? [pid 6184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6184, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 116.017383][ T6184] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 116.028590][ T6184] BTRFS info (device loop0): force zlib compression, level 3 [ 116.036249][ T6184] BTRFS info (device loop0): allowing degraded mounts [ 116.043125][ T6184] BTRFS info (device loop0): using free space tree [ 116.062923][ T6184] BTRFS info (device loop0): auto enabling async discard umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6201 ./strace-static-x86_64: Process 6201 attached [pid 6201] set_robust_list(0x555557163660, 24) = 0 [pid 6201] chdir("./67") = 0 [pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6201] setpgid(0, 0) = 0 [pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6201] write(3, "1000", 4) = 4 [pid 6201] close(3) = 0 [pid 6201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6201] memfd_create("syzkaller", 0) = 3 [pid 6201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6201] munmap(0x7f5790a82000, 16777216) = 0 [pid 6201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6201] close(3) = 0 [pid 6201] mkdir("./bus", 0777) = 0 [ 116.538838][ T6201] loop0: detected capacity change from 0 to 32768 [ 116.549207][ T6201] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6201) [ 116.565357][ T6201] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.574464][ T6201] BTRFS info (device loop0): doing ref verification [pid 6201] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6201] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6201] chdir("./bus") = 0 [pid 6201] ioctl(4, LOOP_CLR_FD) = 0 [pid 6201] close(4) = 0 [pid 6201] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6201] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6201] exit_group(0) = ? [pid 6201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6201, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 116.581481][ T6201] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 116.592652][ T6201] BTRFS info (device loop0): force zlib compression, level 3 [ 116.600299][ T6201] BTRFS info (device loop0): allowing degraded mounts [ 116.607138][ T6201] BTRFS info (device loop0): using free space tree [ 116.626926][ T6201] BTRFS info (device loop0): auto enabling async discard umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6218 ./strace-static-x86_64: Process 6218 attached [pid 6218] set_robust_list(0x555557163660, 24) = 0 [pid 6218] chdir("./68") = 0 [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6218] setpgid(0, 0) = 0 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6218] write(3, "1000", 4) = 4 [pid 6218] close(3) = 0 [pid 6218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6218] memfd_create("syzkaller", 0) = 3 [pid 6218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6218] munmap(0x7f5790a82000, 16777216) = 0 [pid 6218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6218] close(3) = 0 [pid 6218] mkdir("./bus", 0777) = 0 [ 117.107141][ T6218] loop0: detected capacity change from 0 to 32768 [ 117.117473][ T6218] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6218) [ 117.133013][ T6218] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.142247][ T6218] BTRFS info (device loop0): doing ref verification [pid 6218] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6218] chdir("./bus") = 0 [pid 6218] ioctl(4, LOOP_CLR_FD) = 0 [pid 6218] close(4) = 0 [pid 6218] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6218] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6218] exit_group(0) = ? [pid 6218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 117.149162][ T6218] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 117.160310][ T6218] BTRFS info (device loop0): force zlib compression, level 3 [ 117.168056][ T6218] BTRFS info (device loop0): allowing degraded mounts [ 117.175024][ T6218] BTRFS info (device loop0): using free space tree [ 117.194083][ T6218] BTRFS info (device loop0): auto enabling async discard umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6235 ./strace-static-x86_64: Process 6235 attached [pid 6235] set_robust_list(0x555557163660, 24) = 0 [pid 6235] chdir("./69") = 0 [pid 6235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6235] setpgid(0, 0) = 0 [pid 6235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6235] write(3, "1000", 4) = 4 [pid 6235] close(3) = 0 [pid 6235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6235] memfd_create("syzkaller", 0) = 3 [pid 6235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6235] munmap(0x7f5790a82000, 16777216) = 0 [pid 6235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6235] close(3) = 0 [pid 6235] mkdir("./bus", 0777) = 0 [ 117.666724][ T6235] loop0: detected capacity change from 0 to 32768 [ 117.676266][ T6235] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6235) [ 117.691121][ T6235] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.699916][ T6235] BTRFS info (device loop0): doing ref verification [pid 6235] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6235] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6235] chdir("./bus") = 0 [pid 6235] ioctl(4, LOOP_CLR_FD) = 0 [pid 6235] close(4) = 0 [pid 6235] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6235] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6235] exit_group(0) = ? [pid 6235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6235, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 117.706620][ T6235] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 117.717467][ T6235] BTRFS info (device loop0): force zlib compression, level 3 [ 117.724925][ T6235] BTRFS info (device loop0): allowing degraded mounts [ 117.731711][ T6235] BTRFS info (device loop0): using free space tree [ 117.750428][ T6235] BTRFS info (device loop0): auto enabling async discard umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6252 ./strace-static-x86_64: Process 6252 attached [pid 6252] set_robust_list(0x555557163660, 24) = 0 [pid 6252] chdir("./70") = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6252] setpgid(0, 0) = 0 [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6252] write(3, "1000", 4) = 4 [pid 6252] close(3) = 0 [pid 6252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6252] memfd_create("syzkaller", 0) = 3 [pid 6252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6252] munmap(0x7f5790a82000, 16777216) = 0 [pid 6252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6252] close(3) = 0 [pid 6252] mkdir("./bus", 0777) = 0 [ 118.220028][ T6252] loop0: detected capacity change from 0 to 32768 [ 118.230375][ T6252] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6252) [ 118.247454][ T6252] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.256274][ T6252] BTRFS info (device loop0): doing ref verification [pid 6252] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6252] chdir("./bus") = 0 [pid 6252] ioctl(4, LOOP_CLR_FD) = 0 [pid 6252] close(4) = 0 [pid 6252] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6252] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6252] exit_group(0) = ? [pid 6252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 118.262892][ T6252] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 118.273778][ T6252] BTRFS info (device loop0): force zlib compression, level 3 [ 118.281267][ T6252] BTRFS info (device loop0): allowing degraded mounts [ 118.288117][ T6252] BTRFS info (device loop0): using free space tree [ 118.308298][ T6252] BTRFS info (device loop0): auto enabling async discard umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6269 ./strace-static-x86_64: Process 6269 attached [pid 6269] set_robust_list(0x555557163660, 24) = 0 [pid 6269] chdir("./71") = 0 [pid 6269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6269] setpgid(0, 0) = 0 [pid 6269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6269] write(3, "1000", 4) = 4 [pid 6269] close(3) = 0 [pid 6269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6269] memfd_create("syzkaller", 0) = 3 [pid 6269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6269] munmap(0x7f5790a82000, 16777216) = 0 [pid 6269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6269] close(3) = 0 [pid 6269] mkdir("./bus", 0777) = 0 [ 118.799519][ T6269] loop0: detected capacity change from 0 to 32768 [ 118.810192][ T6269] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6269) [ 118.825566][ T6269] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.834679][ T6269] BTRFS info (device loop0): doing ref verification [pid 6269] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6269] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6269] chdir("./bus") = 0 [pid 6269] ioctl(4, LOOP_CLR_FD) = 0 [pid 6269] close(4) = 0 [pid 6269] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6269] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6269] exit_group(0) = ? [pid 6269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6269, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 118.841664][ T6269] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 118.852718][ T6269] BTRFS info (device loop0): force zlib compression, level 3 [ 118.860165][ T6269] BTRFS info (device loop0): allowing degraded mounts [ 118.867020][ T6269] BTRFS info (device loop0): using free space tree [ 118.886400][ T6269] BTRFS info (device loop0): auto enabling async discard umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6286 attached , child_tidptr=0x555557163650) = 6286 [pid 6286] set_robust_list(0x555557163660, 24) = 0 [pid 6286] chdir("./72") = 0 [pid 6286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6286] setpgid(0, 0) = 0 [pid 6286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6286] write(3, "1000", 4) = 4 [pid 6286] close(3) = 0 [pid 6286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6286] memfd_create("syzkaller", 0) = 3 [pid 6286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6286] munmap(0x7f5790a82000, 16777216) = 0 [pid 6286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6286] close(3) = 0 [pid 6286] mkdir("./bus", 0777) = 0 [ 119.389667][ T6286] loop0: detected capacity change from 0 to 32768 [ 119.399415][ T6286] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6286) [ 119.415514][ T6286] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.424569][ T6286] BTRFS info (device loop0): doing ref verification [pid 6286] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6286] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6286] chdir("./bus") = 0 [pid 6286] ioctl(4, LOOP_CLR_FD) = 0 [pid 6286] close(4) = 0 [pid 6286] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6286] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6286] exit_group(0) = ? [pid 6286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6286, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 119.431681][ T6286] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 119.442788][ T6286] BTRFS info (device loop0): force zlib compression, level 3 [ 119.450599][ T6286] BTRFS info (device loop0): allowing degraded mounts [ 119.457615][ T6286] BTRFS info (device loop0): using free space tree [ 119.477611][ T6286] BTRFS info (device loop0): auto enabling async discard umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6303 ./strace-static-x86_64: Process 6303 attached [pid 6303] set_robust_list(0x555557163660, 24) = 0 [pid 6303] chdir("./73") = 0 [pid 6303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6303] setpgid(0, 0) = 0 [pid 6303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6303] write(3, "1000", 4) = 4 [pid 6303] close(3) = 0 [pid 6303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6303] memfd_create("syzkaller", 0) = 3 [pid 6303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6303] munmap(0x7f5790a82000, 16777216) = 0 [pid 6303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6303] close(3) = 0 [pid 6303] mkdir("./bus", 0777) = 0 [ 119.950734][ T6303] loop0: detected capacity change from 0 to 32768 [ 119.961008][ T6303] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6303) [ 119.978024][ T6303] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.987010][ T6303] BTRFS info (device loop0): doing ref verification [pid 6303] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6303] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6303] chdir("./bus") = 0 [pid 6303] ioctl(4, LOOP_CLR_FD) = 0 [pid 6303] close(4) = 0 [pid 6303] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6303] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6303] exit_group(0) = ? [pid 6303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6303, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 119.993724][ T6303] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 120.004601][ T6303] BTRFS info (device loop0): force zlib compression, level 3 [ 120.012126][ T6303] BTRFS info (device loop0): allowing degraded mounts [ 120.018951][ T6303] BTRFS info (device loop0): using free space tree [ 120.039541][ T6303] BTRFS info (device loop0): auto enabling async discard umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6320 ./strace-static-x86_64: Process 6320 attached [pid 6320] set_robust_list(0x555557163660, 24) = 0 [pid 6320] chdir("./74") = 0 [pid 6320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6320] setpgid(0, 0) = 0 [pid 6320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6320] write(3, "1000", 4) = 4 [pid 6320] close(3) = 0 [pid 6320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6320] memfd_create("syzkaller", 0) = 3 [pid 6320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6320] munmap(0x7f5790a82000, 16777216) = 0 [pid 6320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6320] close(3) = 0 [pid 6320] mkdir("./bus", 0777) = 0 [ 120.512055][ T6320] loop0: detected capacity change from 0 to 32768 [ 120.522783][ T6320] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6320) [ 120.538183][ T6320] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.547015][ T6320] BTRFS info (device loop0): doing ref verification [pid 6320] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6320] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6320] chdir("./bus") = 0 [pid 6320] ioctl(4, LOOP_CLR_FD) = 0 [pid 6320] close(4) = 0 [pid 6320] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6320] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6320] exit_group(0) = ? [pid 6320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6320, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 120.553627][ T6320] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 120.564487][ T6320] BTRFS info (device loop0): force zlib compression, level 3 [ 120.571975][ T6320] BTRFS info (device loop0): allowing degraded mounts [ 120.578788][ T6320] BTRFS info (device loop0): using free space tree [ 120.597499][ T6320] BTRFS info (device loop0): auto enabling async discard umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6337 ./strace-static-x86_64: Process 6337 attached [pid 6337] set_robust_list(0x555557163660, 24) = 0 [pid 6337] chdir("./75") = 0 [pid 6337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6337] setpgid(0, 0) = 0 [pid 6337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6337] write(3, "1000", 4) = 4 [pid 6337] close(3) = 0 [pid 6337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6337] memfd_create("syzkaller", 0) = 3 [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6337] munmap(0x7f5790a82000, 16777216) = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6337] close(3) = 0 [pid 6337] mkdir("./bus", 0777) = 0 [ 121.063853][ T6337] loop0: detected capacity change from 0 to 32768 [ 121.073496][ T6337] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6337) [ 121.089618][ T6337] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.098933][ T6337] BTRFS info (device loop0): doing ref verification [pid 6337] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6337] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6337] chdir("./bus") = 0 [pid 6337] ioctl(4, LOOP_CLR_FD) = 0 [pid 6337] close(4) = 0 [pid 6337] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6337] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6337] exit_group(0) = ? [pid 6337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6337, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 121.105699][ T6337] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 121.116845][ T6337] BTRFS info (device loop0): force zlib compression, level 3 [ 121.124528][ T6337] BTRFS info (device loop0): allowing degraded mounts [ 121.131810][ T6337] BTRFS info (device loop0): using free space tree [ 121.151836][ T6337] BTRFS info (device loop0): auto enabling async discard umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6354 ./strace-static-x86_64: Process 6354 attached [pid 6354] set_robust_list(0x555557163660, 24) = 0 [pid 6354] chdir("./76") = 0 [pid 6354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6354] setpgid(0, 0) = 0 [pid 6354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6354] write(3, "1000", 4) = 4 [pid 6354] close(3) = 0 [pid 6354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6354] memfd_create("syzkaller", 0) = 3 [pid 6354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6354] munmap(0x7f5790a82000, 16777216) = 0 [pid 6354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6354] close(3) = 0 [pid 6354] mkdir("./bus", 0777) = 0 [ 121.630541][ T6354] loop0: detected capacity change from 0 to 32768 [ 121.640500][ T6354] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6354) [ 121.657487][ T6354] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.666543][ T6354] BTRFS info (device loop0): doing ref verification [pid 6354] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6354] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6354] chdir("./bus") = 0 [pid 6354] ioctl(4, LOOP_CLR_FD) = 0 [pid 6354] close(4) = 0 [pid 6354] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6354] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6354] exit_group(0) = ? [pid 6354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6354, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 121.673186][ T6354] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 121.684081][ T6354] BTRFS info (device loop0): force zlib compression, level 3 [ 121.691798][ T6354] BTRFS info (device loop0): allowing degraded mounts [ 121.698661][ T6354] BTRFS info (device loop0): using free space tree [ 121.716767][ T6354] BTRFS info (device loop0): auto enabling async discard umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6371 ./strace-static-x86_64: Process 6371 attached [pid 6371] set_robust_list(0x555557163660, 24) = 0 [pid 6371] chdir("./77") = 0 [pid 6371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6371] setpgid(0, 0) = 0 [pid 6371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6371] write(3, "1000", 4) = 4 [pid 6371] close(3) = 0 [pid 6371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6371] memfd_create("syzkaller", 0) = 3 [pid 6371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6371] munmap(0x7f5790a82000, 16777216) = 0 [pid 6371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6371] close(3) = 0 [pid 6371] mkdir("./bus", 0777) = 0 [ 122.186108][ T6371] loop0: detected capacity change from 0 to 32768 [ 122.197159][ T6371] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6371) [ 122.214039][ T6371] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.222871][ T6371] BTRFS info (device loop0): doing ref verification [pid 6371] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6371] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6371] chdir("./bus") = 0 [pid 6371] ioctl(4, LOOP_CLR_FD) = 0 [pid 6371] close(4) = 0 [pid 6371] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6371] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6371] exit_group(0) = ? [pid 6371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6371, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 122.229624][ T6371] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 122.240530][ T6371] BTRFS info (device loop0): force zlib compression, level 3 [ 122.248319][ T6371] BTRFS info (device loop0): allowing degraded mounts [ 122.255681][ T6371] BTRFS info (device loop0): using free space tree [ 122.275341][ T6371] BTRFS info (device loop0): auto enabling async discard umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6388 ./strace-static-x86_64: Process 6388 attached [pid 6388] set_robust_list(0x555557163660, 24) = 0 [pid 6388] chdir("./78") = 0 [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6388] setpgid(0, 0) = 0 [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3) = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6388] memfd_create("syzkaller", 0) = 3 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6388] munmap(0x7f5790a82000, 16777216) = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6388] close(3) = 0 [pid 6388] mkdir("./bus", 0777) = 0 [ 122.759285][ T6388] loop0: detected capacity change from 0 to 32768 [ 122.768873][ T6388] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6388) [ 122.785116][ T6388] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.794171][ T6388] BTRFS info (device loop0): doing ref verification [pid 6388] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6388] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6388] chdir("./bus") = 0 [pid 6388] ioctl(4, LOOP_CLR_FD) = 0 [pid 6388] close(4) = 0 [pid 6388] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6388] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6388] exit_group(0) = ? [pid 6388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 122.801432][ T6388] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 122.812367][ T6388] BTRFS info (device loop0): force zlib compression, level 3 [ 122.819948][ T6388] BTRFS info (device loop0): allowing degraded mounts [ 122.826803][ T6388] BTRFS info (device loop0): using free space tree [ 122.845379][ T6388] BTRFS info (device loop0): auto enabling async discard umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6405 ./strace-static-x86_64: Process 6405 attached [pid 6405] set_robust_list(0x555557163660, 24) = 0 [pid 6405] chdir("./79") = 0 [pid 6405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6405] setpgid(0, 0) = 0 [pid 6405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6405] write(3, "1000", 4) = 4 [pid 6405] close(3) = 0 [pid 6405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6405] memfd_create("syzkaller", 0) = 3 [pid 6405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6405] munmap(0x7f5790a82000, 16777216) = 0 [pid 6405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6405] close(3) = 0 [pid 6405] mkdir("./bus", 0777) = 0 [ 123.328961][ T6405] loop0: detected capacity change from 0 to 32768 [ 123.339240][ T6405] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6405) [ 123.356766][ T6405] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.365565][ T6405] BTRFS info (device loop0): doing ref verification [pid 6405] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6405] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6405] chdir("./bus") = 0 [pid 6405] ioctl(4, LOOP_CLR_FD) = 0 [pid 6405] close(4) = 0 [pid 6405] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6405] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6405] exit_group(0) = ? [pid 6405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6405, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 123.372202][ T6405] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 123.383066][ T6405] BTRFS info (device loop0): force zlib compression, level 3 [ 123.390573][ T6405] BTRFS info (device loop0): allowing degraded mounts [ 123.397474][ T6405] BTRFS info (device loop0): using free space tree [ 123.416827][ T6405] BTRFS info (device loop0): auto enabling async discard umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6422 ./strace-static-x86_64: Process 6422 attached [pid 6422] set_robust_list(0x555557163660, 24) = 0 [pid 6422] chdir("./80") = 0 [pid 6422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6422] setpgid(0, 0) = 0 [pid 6422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6422] write(3, "1000", 4) = 4 [pid 6422] close(3) = 0 [pid 6422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6422] memfd_create("syzkaller", 0) = 3 [pid 6422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6422] munmap(0x7f5790a82000, 16777216) = 0 [pid 6422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6422] close(3) = 0 [pid 6422] mkdir("./bus", 0777) = 0 [ 123.893872][ T6422] loop0: detected capacity change from 0 to 32768 [ 123.903897][ T6422] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6422) [ 123.921090][ T6422] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.930054][ T6422] BTRFS info (device loop0): doing ref verification [pid 6422] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6422] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6422] chdir("./bus") = 0 [pid 6422] ioctl(4, LOOP_CLR_FD) = 0 [pid 6422] close(4) = 0 [pid 6422] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6422] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6422] exit_group(0) = ? [pid 6422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6422, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 123.936763][ T6422] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 123.947585][ T6422] BTRFS info (device loop0): force zlib compression, level 3 [ 123.955358][ T6422] BTRFS info (device loop0): allowing degraded mounts [ 123.962166][ T6422] BTRFS info (device loop0): using free space tree [ 123.983448][ T6422] BTRFS info (device loop0): auto enabling async discard umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6439 ./strace-static-x86_64: Process 6439 attached [pid 6439] set_robust_list(0x555557163660, 24) = 0 [pid 6439] chdir("./81") = 0 [pid 6439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6439] setpgid(0, 0) = 0 [pid 6439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6439] write(3, "1000", 4) = 4 [pid 6439] close(3) = 0 [pid 6439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6439] memfd_create("syzkaller", 0) = 3 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6439] munmap(0x7f5790a82000, 16777216) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6439] close(3) = 0 [pid 6439] mkdir("./bus", 0777) = 0 [ 124.472697][ T6439] loop0: detected capacity change from 0 to 32768 [ 124.483356][ T6439] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6439) [ 124.500004][ T6439] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.508818][ T6439] BTRFS info (device loop0): doing ref verification [pid 6439] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6439] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6439] chdir("./bus") = 0 [pid 6439] ioctl(4, LOOP_CLR_FD) = 0 [pid 6439] close(4) = 0 [pid 6439] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6439] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6439] exit_group(0) = ? [pid 6439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6439, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 124.515572][ T6439] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 124.526859][ T6439] BTRFS info (device loop0): force zlib compression, level 3 [ 124.534546][ T6439] BTRFS info (device loop0): allowing degraded mounts [ 124.541876][ T6439] BTRFS info (device loop0): using free space tree [ 124.561276][ T6439] BTRFS info (device loop0): auto enabling async discard umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6456 ./strace-static-x86_64: Process 6456 attached [pid 6456] set_robust_list(0x555557163660, 24) = 0 [pid 6456] chdir("./82") = 0 [pid 6456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6456] setpgid(0, 0) = 0 [pid 6456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6456] write(3, "1000", 4) = 4 [pid 6456] close(3) = 0 [pid 6456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6456] memfd_create("syzkaller", 0) = 3 [pid 6456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6456] munmap(0x7f5790a82000, 16777216) = 0 [pid 6456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6456] close(3) = 0 [pid 6456] mkdir("./bus", 0777) = 0 [ 125.034202][ T6456] loop0: detected capacity change from 0 to 32768 [ 125.043928][ T6456] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6456) [ 125.060749][ T6456] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.069846][ T6456] BTRFS info (device loop0): doing ref verification [pid 6456] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6456] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6456] chdir("./bus") = 0 [pid 6456] ioctl(4, LOOP_CLR_FD) = 0 [pid 6456] close(4) = 0 [pid 6456] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6456] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6456] exit_group(0) = ? [pid 6456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6456, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 125.076851][ T6456] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 125.087877][ T6456] BTRFS info (device loop0): force zlib compression, level 3 [ 125.095412][ T6456] BTRFS info (device loop0): allowing degraded mounts [ 125.102211][ T6456] BTRFS info (device loop0): using free space tree [ 125.121408][ T6456] BTRFS info (device loop0): auto enabling async discard umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6473 ./strace-static-x86_64: Process 6473 attached [pid 6473] set_robust_list(0x555557163660, 24) = 0 [pid 6473] chdir("./83") = 0 [pid 6473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6473] setpgid(0, 0) = 0 [pid 6473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6473] write(3, "1000", 4) = 4 [pid 6473] close(3) = 0 [pid 6473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6473] memfd_create("syzkaller", 0) = 3 [pid 6473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6473] munmap(0x7f5790a82000, 16777216) = 0 [pid 6473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6473] close(3) = 0 [pid 6473] mkdir("./bus", 0777) = 0 [ 125.582912][ T6473] loop0: detected capacity change from 0 to 32768 [ 125.592713][ T6473] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6473) [ 125.610061][ T6473] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.618861][ T6473] BTRFS info (device loop0): doing ref verification [pid 6473] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6473] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6473] chdir("./bus") = 0 [pid 6473] ioctl(4, LOOP_CLR_FD) = 0 [pid 6473] close(4) = 0 [pid 6473] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6473] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6473] exit_group(0) = ? [pid 6473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6473, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 125.625523][ T6473] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 125.636339][ T6473] BTRFS info (device loop0): force zlib compression, level 3 [ 125.643739][ T6473] BTRFS info (device loop0): allowing degraded mounts [ 125.650561][ T6473] BTRFS info (device loop0): using free space tree [ 125.668173][ T6473] BTRFS info (device loop0): auto enabling async discard umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6490 ./strace-static-x86_64: Process 6490 attached [pid 6490] set_robust_list(0x555557163660, 24) = 0 [pid 6490] chdir("./84") = 0 [pid 6490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6490] setpgid(0, 0) = 0 [pid 6490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6490] write(3, "1000", 4) = 4 [pid 6490] close(3) = 0 [pid 6490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6490] memfd_create("syzkaller", 0) = 3 [pid 6490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6490] munmap(0x7f5790a82000, 16777216) = 0 [pid 6490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6490] close(3) = 0 [pid 6490] mkdir("./bus", 0777) = 0 [ 126.138703][ T6490] loop0: detected capacity change from 0 to 32768 [ 126.148820][ T6490] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6490) [ 126.165740][ T6490] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 126.174460][ T6490] BTRFS info (device loop0): doing ref verification [pid 6490] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6490] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6490] chdir("./bus") = 0 [pid 6490] ioctl(4, LOOP_CLR_FD) = 0 [pid 6490] close(4) = 0 [pid 6490] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6490] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6490] exit_group(0) = ? [pid 6490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6490, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 126.181142][ T6490] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 126.191957][ T6490] BTRFS info (device loop0): force zlib compression, level 3 [ 126.199432][ T6490] BTRFS info (device loop0): allowing degraded mounts [ 126.206264][ T6490] BTRFS info (device loop0): using free space tree [ 126.225973][ T6490] BTRFS info (device loop0): auto enabling async discard umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6507 ./strace-static-x86_64: Process 6507 attached [pid 6507] set_robust_list(0x555557163660, 24) = 0 [pid 6507] chdir("./85") = 0 [pid 6507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6507] setpgid(0, 0) = 0 [pid 6507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6507] write(3, "1000", 4) = 4 [pid 6507] close(3) = 0 [pid 6507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6507] memfd_create("syzkaller", 0) = 3 [pid 6507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6507] munmap(0x7f5790a82000, 16777216) = 0 [pid 6507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6507] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6507] close(3) = 0 [pid 6507] mkdir("./bus", 0777) = 0 [ 126.716298][ T6507] loop0: detected capacity change from 0 to 32768 [ 126.726350][ T6507] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6507) [ 126.742905][ T6507] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 126.752080][ T6507] BTRFS info (device loop0): doing ref verification [pid 6507] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6507] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6507] chdir("./bus") = 0 [pid 6507] ioctl(4, LOOP_CLR_FD) = 0 [pid 6507] close(4) = 0 [pid 6507] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6507] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6507] exit_group(0) = ? [pid 6507] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6507, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 126.759017][ T6507] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 126.770150][ T6507] BTRFS info (device loop0): force zlib compression, level 3 [ 126.777939][ T6507] BTRFS info (device loop0): allowing degraded mounts [ 126.784749][ T6507] BTRFS info (device loop0): using free space tree [ 126.805026][ T6507] BTRFS info (device loop0): auto enabling async discard umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6524 ./strace-static-x86_64: Process 6524 attached [pid 6524] set_robust_list(0x555557163660, 24) = 0 [pid 6524] chdir("./86") = 0 [pid 6524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6524] setpgid(0, 0) = 0 [pid 6524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6524] write(3, "1000", 4) = 4 [pid 6524] close(3) = 0 [pid 6524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6524] memfd_create("syzkaller", 0) = 3 [pid 6524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6524] munmap(0x7f5790a82000, 16777216) = 0 [pid 6524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6524] close(3) = 0 [pid 6524] mkdir("./bus", 0777) = 0 [ 127.274087][ T6524] loop0: detected capacity change from 0 to 32768 [ 127.283872][ T6524] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6524) [ 127.301546][ T6524] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 127.310436][ T6524] BTRFS info (device loop0): doing ref verification [pid 6524] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6524] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6524] chdir("./bus") = 0 [pid 6524] ioctl(4, LOOP_CLR_FD) = 0 [pid 6524] close(4) = 0 [pid 6524] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6524] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6524] exit_group(0) = ? [pid 6524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6524, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 127.317169][ T6524] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 127.328049][ T6524] BTRFS info (device loop0): force zlib compression, level 3 [ 127.335933][ T6524] BTRFS info (device loop0): allowing degraded mounts [ 127.342709][ T6524] BTRFS info (device loop0): using free space tree [ 127.361530][ T6524] BTRFS info (device loop0): auto enabling async discard umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6541 ./strace-static-x86_64: Process 6541 attached [pid 6541] set_robust_list(0x555557163660, 24) = 0 [pid 6541] chdir("./87") = 0 [pid 6541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6541] setpgid(0, 0) = 0 [pid 6541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6541] write(3, "1000", 4) = 4 [pid 6541] close(3) = 0 [pid 6541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6541] memfd_create("syzkaller", 0) = 3 [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6541] munmap(0x7f5790a82000, 16777216) = 0 [pid 6541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6541] close(3) = 0 [pid 6541] mkdir("./bus", 0777) = 0 [ 127.847929][ T6541] loop0: detected capacity change from 0 to 32768 [ 127.857707][ T6541] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6541) [ 127.873423][ T6541] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 127.882589][ T6541] BTRFS info (device loop0): doing ref verification [pid 6541] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6541] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6541] chdir("./bus") = 0 [pid 6541] ioctl(4, LOOP_CLR_FD) = 0 [pid 6541] close(4) = 0 [pid 6541] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6541] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6541] exit_group(0) = ? [pid 6541] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6541, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 127.889579][ T6541] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 127.900533][ T6541] BTRFS info (device loop0): force zlib compression, level 3 [ 127.908317][ T6541] BTRFS info (device loop0): allowing degraded mounts [ 127.915575][ T6541] BTRFS info (device loop0): using free space tree [ 127.935310][ T6541] BTRFS info (device loop0): auto enabling async discard umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6558 ./strace-static-x86_64: Process 6558 attached [pid 6558] set_robust_list(0x555557163660, 24) = 0 [pid 6558] chdir("./88") = 0 [pid 6558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6558] setpgid(0, 0) = 0 [pid 6558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6558] write(3, "1000", 4) = 4 [pid 6558] close(3) = 0 [pid 6558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6558] memfd_create("syzkaller", 0) = 3 [pid 6558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6558] munmap(0x7f5790a82000, 16777216) = 0 [pid 6558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6558] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6558] close(3) = 0 [pid 6558] mkdir("./bus", 0777) = 0 [ 128.422615][ T6558] loop0: detected capacity change from 0 to 32768 [ 128.433837][ T6558] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6558) [ 128.449555][ T6558] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 128.458413][ T6558] BTRFS info (device loop0): doing ref verification [pid 6558] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6558] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6558] chdir("./bus") = 0 [pid 6558] ioctl(4, LOOP_CLR_FD) = 0 [pid 6558] close(4) = 0 [pid 6558] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6558] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6558] exit_group(0) = ? [pid 6558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6558, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 128.465138][ T6558] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 128.475994][ T6558] BTRFS info (device loop0): force zlib compression, level 3 [ 128.483422][ T6558] BTRFS info (device loop0): allowing degraded mounts [ 128.490284][ T6558] BTRFS info (device loop0): using free space tree [ 128.510005][ T6558] BTRFS info (device loop0): auto enabling async discard umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6575 ./strace-static-x86_64: Process 6575 attached [pid 6575] set_robust_list(0x555557163660, 24) = 0 [pid 6575] chdir("./89") = 0 [pid 6575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6575] setpgid(0, 0) = 0 [pid 6575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6575] write(3, "1000", 4) = 4 [pid 6575] close(3) = 0 [pid 6575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6575] memfd_create("syzkaller", 0) = 3 [pid 6575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6575] munmap(0x7f5790a82000, 16777216) = 0 [pid 6575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6575] close(3) = 0 [pid 6575] mkdir("./bus", 0777) = 0 [ 128.983510][ T6575] loop0: detected capacity change from 0 to 32768 [ 128.994526][ T6575] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6575) [ 129.009377][ T6575] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 129.018219][ T6575] BTRFS info (device loop0): doing ref verification [pid 6575] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6575] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6575] chdir("./bus") = 0 [pid 6575] ioctl(4, LOOP_CLR_FD) = 0 [pid 6575] close(4) = 0 [pid 6575] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6575] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6575] exit_group(0) = ? [pid 6575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6575, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=24 /* 0.24 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 129.024932][ T6575] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 129.035799][ T6575] BTRFS info (device loop0): force zlib compression, level 3 [ 129.043233][ T6575] BTRFS info (device loop0): allowing degraded mounts [ 129.050106][ T6575] BTRFS info (device loop0): using free space tree [ 129.069891][ T6575] BTRFS info (device loop0): auto enabling async discard umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6592 ./strace-static-x86_64: Process 6592 attached [pid 6592] set_robust_list(0x555557163660, 24) = 0 [pid 6592] chdir("./90") = 0 [pid 6592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6592] setpgid(0, 0) = 0 [pid 6592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6592] write(3, "1000", 4) = 4 [pid 6592] close(3) = 0 [pid 6592] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6592] memfd_create("syzkaller", 0) = 3 [pid 6592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6592] munmap(0x7f5790a82000, 16777216) = 0 [pid 6592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6592] close(3) = 0 [pid 6592] mkdir("./bus", 0777) = 0 [ 129.558189][ T6592] loop0: detected capacity change from 0 to 32768 [ 129.568008][ T6592] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6592) [ 129.582760][ T6592] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 129.591603][ T6592] BTRFS info (device loop0): doing ref verification [pid 6592] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6592] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6592] chdir("./bus") = 0 [pid 6592] ioctl(4, LOOP_CLR_FD) = 0 [pid 6592] close(4) = 0 [pid 6592] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6592] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6592] exit_group(0) = ? [pid 6592] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6592, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 129.598303][ T6592] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 129.609186][ T6592] BTRFS info (device loop0): force zlib compression, level 3 [ 129.616651][ T6592] BTRFS info (device loop0): allowing degraded mounts [ 129.623427][ T6592] BTRFS info (device loop0): using free space tree [ 129.643533][ T6592] BTRFS info (device loop0): auto enabling async discard umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6609 ./strace-static-x86_64: Process 6609 attached [pid 6609] set_robust_list(0x555557163660, 24) = 0 [pid 6609] chdir("./91") = 0 [pid 6609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6609] setpgid(0, 0) = 0 [pid 6609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6609] write(3, "1000", 4) = 4 [pid 6609] close(3) = 0 [pid 6609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6609] memfd_create("syzkaller", 0) = 3 [pid 6609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6609] munmap(0x7f5790a82000, 16777216) = 0 [pid 6609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6609] close(3) = 0 [pid 6609] mkdir("./bus", 0777) = 0 [ 130.140094][ T6609] loop0: detected capacity change from 0 to 32768 [ 130.150076][ T6609] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6609) [ 130.165456][ T6609] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 130.174210][ T6609] BTRFS info (device loop0): doing ref verification [pid 6609] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6609] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6609] chdir("./bus") = 0 [pid 6609] ioctl(4, LOOP_CLR_FD) = 0 [pid 6609] close(4) = 0 [pid 6609] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6609] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6609] exit_group(0) = ? [pid 6609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6609, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 130.181224][ T6609] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 130.192571][ T6609] BTRFS info (device loop0): force zlib compression, level 3 [ 130.200307][ T6609] BTRFS info (device loop0): allowing degraded mounts [ 130.207381][ T6609] BTRFS info (device loop0): using free space tree [ 130.226299][ T6609] BTRFS info (device loop0): auto enabling async discard umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6626 ./strace-static-x86_64: Process 6626 attached [pid 6626] set_robust_list(0x555557163660, 24) = 0 [pid 6626] chdir("./92") = 0 [pid 6626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6626] setpgid(0, 0) = 0 [pid 6626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6626] write(3, "1000", 4) = 4 [pid 6626] close(3) = 0 [pid 6626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6626] memfd_create("syzkaller", 0) = 3 [pid 6626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6626] munmap(0x7f5790a82000, 16777216) = 0 [pid 6626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6626] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6626] close(3) = 0 [pid 6626] mkdir("./bus", 0777) = 0 [ 130.704721][ T6626] loop0: detected capacity change from 0 to 32768 [ 130.714649][ T6626] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6626) [ 130.729683][ T6626] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 130.738459][ T6626] BTRFS info (device loop0): doing ref verification [pid 6626] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6626] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6626] chdir("./bus") = 0 [pid 6626] ioctl(4, LOOP_CLR_FD) = 0 [pid 6626] close(4) = 0 [pid 6626] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6626] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6626] exit_group(0) = ? [pid 6626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6626, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 130.745131][ T6626] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 130.755979][ T6626] BTRFS info (device loop0): force zlib compression, level 3 [ 130.763404][ T6626] BTRFS info (device loop0): allowing degraded mounts [ 130.770262][ T6626] BTRFS info (device loop0): using free space tree [ 130.790869][ T6626] BTRFS info (device loop0): auto enabling async discard umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6643 ./strace-static-x86_64: Process 6643 attached [pid 6643] set_robust_list(0x555557163660, 24) = 0 [pid 6643] chdir("./93") = 0 [pid 6643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6643] setpgid(0, 0) = 0 [pid 6643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6643] write(3, "1000", 4) = 4 [pid 6643] close(3) = 0 [pid 6643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6643] memfd_create("syzkaller", 0) = 3 [pid 6643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6643] munmap(0x7f5790a82000, 16777216) = 0 [pid 6643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6643] close(3) = 0 [pid 6643] mkdir("./bus", 0777) = 0 [ 131.258920][ T6643] loop0: detected capacity change from 0 to 32768 [ 131.269683][ T6643] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6643) [ 131.286619][ T6643] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 131.295410][ T6643] BTRFS info (device loop0): doing ref verification [pid 6643] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6643] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6643] chdir("./bus") = 0 [pid 6643] ioctl(4, LOOP_CLR_FD) = 0 [pid 6643] close(4) = 0 [pid 6643] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6643] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6643] exit_group(0) = ? [pid 6643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6643, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 131.302023][ T6643] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 131.312906][ T6643] BTRFS info (device loop0): force zlib compression, level 3 [ 131.320369][ T6643] BTRFS info (device loop0): allowing degraded mounts [ 131.327243][ T6643] BTRFS info (device loop0): using free space tree [ 131.347108][ T6643] BTRFS info (device loop0): auto enabling async discard umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6660 ./strace-static-x86_64: Process 6660 attached [pid 6660] set_robust_list(0x555557163660, 24) = 0 [pid 6660] chdir("./94") = 0 [pid 6660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6660] setpgid(0, 0) = 0 [pid 6660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6660] write(3, "1000", 4) = 4 [pid 6660] close(3) = 0 [pid 6660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6660] memfd_create("syzkaller", 0) = 3 [pid 6660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6660] munmap(0x7f5790a82000, 16777216) = 0 [pid 6660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6660] close(3) = 0 [pid 6660] mkdir("./bus", 0777) = 0 [ 131.828166][ T6660] loop0: detected capacity change from 0 to 32768 [ 131.837784][ T6660] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6660) [ 131.853425][ T6660] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 131.862265][ T6660] BTRFS info (device loop0): doing ref verification [pid 6660] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6660] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6660] chdir("./bus") = 0 [pid 6660] ioctl(4, LOOP_CLR_FD) = 0 [pid 6660] close(4) = 0 [pid 6660] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6660] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6660] exit_group(0) = ? [pid 6660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6660, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 131.868948][ T6660] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 131.879778][ T6660] BTRFS info (device loop0): force zlib compression, level 3 [ 131.887233][ T6660] BTRFS info (device loop0): allowing degraded mounts [ 131.894010][ T6660] BTRFS info (device loop0): using free space tree [ 131.913887][ T6660] BTRFS info (device loop0): auto enabling async discard umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6677 ./strace-static-x86_64: Process 6677 attached [pid 6677] set_robust_list(0x555557163660, 24) = 0 [pid 6677] chdir("./95") = 0 [pid 6677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6677] setpgid(0, 0) = 0 [pid 6677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6677] write(3, "1000", 4) = 4 [pid 6677] close(3) = 0 [pid 6677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6677] memfd_create("syzkaller", 0) = 3 [pid 6677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6677] munmap(0x7f5790a82000, 16777216) = 0 [pid 6677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6677] close(3) = 0 [pid 6677] mkdir("./bus", 0777) = 0 [ 132.396555][ T6677] loop0: detected capacity change from 0 to 32768 [ 132.407073][ T6677] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6677) [ 132.424637][ T6677] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 132.433770][ T6677] BTRFS info (device loop0): doing ref verification [pid 6677] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6677] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6677] chdir("./bus") = 0 [pid 6677] ioctl(4, LOOP_CLR_FD) = 0 [pid 6677] close(4) = 0 [pid 6677] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6677] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6677] exit_group(0) = ? [pid 6677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6677, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 132.440786][ T6677] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 132.451866][ T6677] BTRFS info (device loop0): force zlib compression, level 3 [ 132.459491][ T6677] BTRFS info (device loop0): allowing degraded mounts [ 132.466412][ T6677] BTRFS info (device loop0): using free space tree [ 132.485287][ T6677] BTRFS info (device loop0): auto enabling async discard umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6694 ./strace-static-x86_64: Process 6694 attached [pid 6694] set_robust_list(0x555557163660, 24) = 0 [pid 6694] chdir("./96") = 0 [pid 6694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6694] setpgid(0, 0) = 0 [pid 6694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6694] write(3, "1000", 4) = 4 [pid 6694] close(3) = 0 [pid 6694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6694] memfd_create("syzkaller", 0) = 3 [pid 6694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6694] munmap(0x7f5790a82000, 16777216) = 0 [pid 6694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6694] close(3) = 0 [pid 6694] mkdir("./bus", 0777) = 0 [ 132.967416][ T6694] loop0: detected capacity change from 0 to 32768 [ 132.977368][ T6694] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6694) [ 132.992063][ T6694] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 133.000970][ T6694] BTRFS info (device loop0): doing ref verification [pid 6694] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6694] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6694] chdir("./bus") = 0 [pid 6694] ioctl(4, LOOP_CLR_FD) = 0 [pid 6694] close(4) = 0 [pid 6694] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6694] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6694] exit_group(0) = ? [pid 6694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6694, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 133.008023][ T6694] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 133.019165][ T6694] BTRFS info (device loop0): force zlib compression, level 3 [ 133.026939][ T6694] BTRFS info (device loop0): allowing degraded mounts [ 133.033760][ T6694] BTRFS info (device loop0): using free space tree [ 133.053562][ T6694] BTRFS info (device loop0): auto enabling async discard umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6711 ./strace-static-x86_64: Process 6711 attached [pid 6711] set_robust_list(0x555557163660, 24) = 0 [pid 6711] chdir("./97") = 0 [pid 6711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6711] setpgid(0, 0) = 0 [pid 6711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6711] write(3, "1000", 4) = 4 [pid 6711] close(3) = 0 [pid 6711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6711] memfd_create("syzkaller", 0) = 3 [pid 6711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6711] munmap(0x7f5790a82000, 16777216) = 0 [pid 6711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6711] close(3) = 0 [pid 6711] mkdir("./bus", 0777) = 0 [ 133.525867][ T6711] loop0: detected capacity change from 0 to 32768 [ 133.537275][ T6711] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6711) [ 133.553073][ T6711] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 133.562213][ T6711] BTRFS info (device loop0): doing ref verification [pid 6711] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6711] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6711] chdir("./bus") = 0 [pid 6711] ioctl(4, LOOP_CLR_FD) = 0 [pid 6711] close(4) = 0 [pid 6711] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6711] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6711] exit_group(0) = ? [pid 6711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6711, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 133.569258][ T6711] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 133.580325][ T6711] BTRFS info (device loop0): force zlib compression, level 3 [ 133.588070][ T6711] BTRFS info (device loop0): allowing degraded mounts [ 133.595098][ T6711] BTRFS info (device loop0): using free space tree [ 133.615388][ T6711] BTRFS info (device loop0): auto enabling async discard umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6728 ./strace-static-x86_64: Process 6728 attached [pid 6728] set_robust_list(0x555557163660, 24) = 0 [pid 6728] chdir("./98") = 0 [pid 6728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6728] setpgid(0, 0) = 0 [pid 6728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6728] write(3, "1000", 4) = 4 [pid 6728] close(3) = 0 [pid 6728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6728] memfd_create("syzkaller", 0) = 3 [pid 6728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6728] munmap(0x7f5790a82000, 16777216) = 0 [pid 6728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6728] close(3) = 0 [pid 6728] mkdir("./bus", 0777) = 0 [ 134.087699][ T6728] loop0: detected capacity change from 0 to 32768 [ 134.097945][ T6728] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6728) [ 134.114245][ T6728] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 134.123121][ T6728] BTRFS info (device loop0): doing ref verification [pid 6728] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6728] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6728] chdir("./bus") = 0 [pid 6728] ioctl(4, LOOP_CLR_FD) = 0 [pid 6728] close(4) = 0 [pid 6728] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6728] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6728] exit_group(0) = ? [pid 6728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6728, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 134.129876][ T6728] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 134.140842][ T6728] BTRFS info (device loop0): force zlib compression, level 3 [ 134.148316][ T6728] BTRFS info (device loop0): allowing degraded mounts [ 134.155156][ T6728] BTRFS info (device loop0): using free space tree [ 134.174256][ T6728] BTRFS info (device loop0): auto enabling async discard umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6745 ./strace-static-x86_64: Process 6745 attached [pid 6745] set_robust_list(0x555557163660, 24) = 0 [pid 6745] chdir("./99") = 0 [pid 6745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6745] setpgid(0, 0) = 0 [pid 6745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6745] write(3, "1000", 4) = 4 [pid 6745] close(3) = 0 [pid 6745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6745] memfd_create("syzkaller", 0) = 3 [pid 6745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6745] munmap(0x7f5790a82000, 16777216) = 0 [pid 6745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6745] close(3) = 0 [pid 6745] mkdir("./bus", 0777) = 0 [ 134.659238][ T6745] loop0: detected capacity change from 0 to 32768 [ 134.669104][ T6745] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6745) [ 134.686060][ T6745] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 134.694841][ T6745] BTRFS info (device loop0): doing ref verification [pid 6745] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6745] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6745] chdir("./bus") = 0 [pid 6745] ioctl(4, LOOP_CLR_FD) = 0 [pid 6745] close(4) = 0 [pid 6745] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6745] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6745] exit_group(0) = ? [pid 6745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6745, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 134.701477][ T6745] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 134.712311][ T6745] BTRFS info (device loop0): force zlib compression, level 3 [ 134.719850][ T6745] BTRFS info (device loop0): allowing degraded mounts [ 134.726685][ T6745] BTRFS info (device loop0): using free space tree [ 134.747476][ T6745] BTRFS info (device loop0): auto enabling async discard umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6762 ./strace-static-x86_64: Process 6762 attached [pid 6762] set_robust_list(0x555557163660, 24) = 0 [pid 6762] chdir("./100") = 0 [pid 6762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6762] setpgid(0, 0) = 0 [pid 6762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6762] write(3, "1000", 4) = 4 [pid 6762] close(3) = 0 [pid 6762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6762] memfd_create("syzkaller", 0) = 3 [pid 6762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6762] munmap(0x7f5790a82000, 16777216) = 0 [pid 6762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6762] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6762] close(3) = 0 [pid 6762] mkdir("./bus", 0777) = 0 [ 135.229155][ T6762] loop0: detected capacity change from 0 to 32768 [ 135.240155][ T6762] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6762) [ 135.256044][ T6762] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 135.264954][ T6762] BTRFS info (device loop0): doing ref verification [pid 6762] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6762] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6762] chdir("./bus") = 0 [pid 6762] ioctl(4, LOOP_CLR_FD) = 0 [pid 6762] close(4) = 0 [pid 6762] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6762] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6762] exit_group(0) = ? [pid 6762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6762, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 135.271584][ T6762] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 135.282744][ T6762] BTRFS info (device loop0): force zlib compression, level 3 [ 135.290270][ T6762] BTRFS info (device loop0): allowing degraded mounts [ 135.297556][ T6762] BTRFS info (device loop0): using free space tree [ 135.317281][ T6762] BTRFS info (device loop0): auto enabling async discard umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/bus") = 0 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6779 ./strace-static-x86_64: Process 6779 attached [pid 6779] set_robust_list(0x555557163660, 24) = 0 [pid 6779] chdir("./101") = 0 [pid 6779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6779] setpgid(0, 0) = 0 [pid 6779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6779] write(3, "1000", 4) = 4 [pid 6779] close(3) = 0 [pid 6779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6779] memfd_create("syzkaller", 0) = 3 [pid 6779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6779] munmap(0x7f5790a82000, 16777216) = 0 [pid 6779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6779] close(3) = 0 [pid 6779] mkdir("./bus", 0777) = 0 [ 135.768693][ T6779] loop0: detected capacity change from 0 to 32768 [ 135.778137][ T6779] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6779) [ 135.793737][ T6779] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 135.802614][ T6779] BTRFS info (device loop0): doing ref verification [pid 6779] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6779] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6779] chdir("./bus") = 0 [pid 6779] ioctl(4, LOOP_CLR_FD) = 0 [pid 6779] close(4) = 0 [pid 6779] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6779] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6779] exit_group(0) = ? [pid 6779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6779, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 135.809546][ T6779] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 135.820587][ T6779] BTRFS info (device loop0): force zlib compression, level 3 [ 135.828320][ T6779] BTRFS info (device loop0): allowing degraded mounts [ 135.835419][ T6779] BTRFS info (device loop0): using free space tree [ 135.853620][ T6779] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/bus") = 0 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6796 ./strace-static-x86_64: Process 6796 attached [pid 6796] set_robust_list(0x555557163660, 24) = 0 [pid 6796] chdir("./102") = 0 [pid 6796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6796] setpgid(0, 0) = 0 [pid 6796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6796] write(3, "1000", 4) = 4 [pid 6796] close(3) = 0 [pid 6796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6796] memfd_create("syzkaller", 0) = 3 [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6796] munmap(0x7f5790a82000, 16777216) = 0 [pid 6796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6796] close(3) = 0 [pid 6796] mkdir("./bus", 0777) = 0 [ 136.338193][ T6796] loop0: detected capacity change from 0 to 32768 [ 136.348739][ T6796] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6796) [ 136.365746][ T6796] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 136.374514][ T6796] BTRFS info (device loop0): doing ref verification [pid 6796] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6796] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6796] chdir("./bus") = 0 [pid 6796] ioctl(4, LOOP_CLR_FD) = 0 [pid 6796] close(4) = 0 [pid 6796] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6796] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6796] exit_group(0) = ? [pid 6796] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6796, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 136.381256][ T6796] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 136.392070][ T6796] BTRFS info (device loop0): force zlib compression, level 3 [ 136.399546][ T6796] BTRFS info (device loop0): allowing degraded mounts [ 136.406360][ T6796] BTRFS info (device loop0): using free space tree [ 136.425222][ T6796] BTRFS info (device loop0): auto enabling async discard umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/bus") = 0 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6813 ./strace-static-x86_64: Process 6813 attached [pid 6813] set_robust_list(0x555557163660, 24) = 0 [pid 6813] chdir("./103") = 0 [pid 6813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6813] setpgid(0, 0) = 0 [pid 6813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6813] write(3, "1000", 4) = 4 [pid 6813] close(3) = 0 [pid 6813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6813] memfd_create("syzkaller", 0) = 3 [pid 6813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6813] munmap(0x7f5790a82000, 16777216) = 0 [pid 6813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6813] close(3) = 0 [pid 6813] mkdir("./bus", 0777) = 0 [ 136.899971][ T6813] loop0: detected capacity change from 0 to 32768 [ 136.920505][ T6813] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6813) [ 136.936898][ T6813] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 136.945800][ T6813] BTRFS info (device loop0): doing ref verification [ 136.952427][ T6813] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 136.963337][ T6813] BTRFS info (device loop0): force zlib compression, level 3 [ 136.970915][ T6813] BTRFS info (device loop0): allowing degraded mounts [ 136.977787][ T6813] BTRFS info (device loop0): using free space tree [pid 6813] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6813] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6813] chdir("./bus") = 0 [pid 6813] ioctl(4, LOOP_CLR_FD) = 0 [pid 6813] close(4) = 0 [pid 6813] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6813] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6813] exit_group(0) = ? [pid 6813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6813, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 136.997309][ T6813] BTRFS info (device loop0): auto enabling async discard umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/bus") = 0 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6830 ./strace-static-x86_64: Process 6830 attached [pid 6830] set_robust_list(0x555557163660, 24) = 0 [pid 6830] chdir("./104") = 0 [pid 6830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6830] setpgid(0, 0) = 0 [pid 6830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6830] write(3, "1000", 4) = 4 [pid 6830] close(3) = 0 [pid 6830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6830] memfd_create("syzkaller", 0) = 3 [pid 6830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6830] munmap(0x7f5790a82000, 16777216) = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6830] close(3) = 0 [pid 6830] mkdir("./bus", 0777) = 0 [ 137.485783][ T6830] loop0: detected capacity change from 0 to 32768 [ 137.495958][ T6830] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6830) [ 137.512021][ T6830] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 137.520939][ T6830] BTRFS info (device loop0): doing ref verification [pid 6830] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6830] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6830] chdir("./bus") = 0 [pid 6830] ioctl(4, LOOP_CLR_FD) = 0 [pid 6830] close(4) = 0 [pid 6830] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6830] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6830] exit_group(0) = ? [pid 6830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6830, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 137.528149][ T6830] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 137.539385][ T6830] BTRFS info (device loop0): force zlib compression, level 3 [ 137.547113][ T6830] BTRFS info (device loop0): allowing degraded mounts [ 137.554313][ T6830] BTRFS info (device loop0): using free space tree [ 137.575251][ T6830] BTRFS info (device loop0): auto enabling async discard umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/bus") = 0 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6847 ./strace-static-x86_64: Process 6847 attached [pid 6847] set_robust_list(0x555557163660, 24) = 0 [pid 6847] chdir("./105") = 0 [pid 6847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6847] setpgid(0, 0) = 0 [pid 6847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6847] write(3, "1000", 4) = 4 [pid 6847] close(3) = 0 [pid 6847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6847] memfd_create("syzkaller", 0) = 3 [pid 6847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6847] munmap(0x7f5790a82000, 16777216) = 0 [pid 6847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6847] close(3) = 0 [pid 6847] mkdir("./bus", 0777) = 0 [ 138.051291][ T6847] loop0: detected capacity change from 0 to 32768 [ 138.061808][ T6847] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6847) [ 138.077786][ T6847] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 138.086892][ T6847] BTRFS info (device loop0): doing ref verification [pid 6847] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6847] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6847] chdir("./bus") = 0 [pid 6847] ioctl(4, LOOP_CLR_FD) = 0 [pid 6847] close(4) = 0 [pid 6847] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6847] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6847] exit_group(0) = ? [pid 6847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6847, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 138.093527][ T6847] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 138.104849][ T6847] BTRFS info (device loop0): force zlib compression, level 3 [ 138.112284][ T6847] BTRFS info (device loop0): allowing degraded mounts [ 138.119563][ T6847] BTRFS info (device loop0): using free space tree [ 138.140656][ T6847] BTRFS info (device loop0): auto enabling async discard umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/bus") = 0 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6864 ./strace-static-x86_64: Process 6864 attached [pid 6864] set_robust_list(0x555557163660, 24) = 0 [pid 6864] chdir("./106") = 0 [pid 6864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6864] setpgid(0, 0) = 0 [pid 6864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6864] write(3, "1000", 4) = 4 [pid 6864] close(3) = 0 [pid 6864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6864] memfd_create("syzkaller", 0) = 3 [pid 6864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6864] munmap(0x7f5790a82000, 16777216) = 0 [pid 6864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6864] close(3) = 0 [pid 6864] mkdir("./bus", 0777) = 0 [ 138.627925][ T6864] loop0: detected capacity change from 0 to 32768 [ 138.638380][ T6864] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6864) [ 138.653960][ T6864] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 138.662800][ T6864] BTRFS info (device loop0): doing ref verification [pid 6864] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6864] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6864] chdir("./bus") = 0 [pid 6864] ioctl(4, LOOP_CLR_FD) = 0 [pid 6864] close(4) = 0 [pid 6864] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6864] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6864] exit_group(0) = ? [pid 6864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6864, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 138.669485][ T6864] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 138.680342][ T6864] BTRFS info (device loop0): force zlib compression, level 3 [ 138.687875][ T6864] BTRFS info (device loop0): allowing degraded mounts [ 138.694811][ T6864] BTRFS info (device loop0): using free space tree [ 138.713753][ T6864] BTRFS info (device loop0): auto enabling async discard umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/bus") = 0 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6881 ./strace-static-x86_64: Process 6881 attached [pid 6881] set_robust_list(0x555557163660, 24) = 0 [pid 6881] chdir("./107") = 0 [pid 6881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6881] setpgid(0, 0) = 0 [pid 6881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6881] write(3, "1000", 4) = 4 [pid 6881] close(3) = 0 [pid 6881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6881] memfd_create("syzkaller", 0) = 3 [pid 6881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6881] munmap(0x7f5790a82000, 16777216) = 0 [pid 6881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6881] close(3) = 0 [pid 6881] mkdir("./bus", 0777) = 0 [ 139.200599][ T6881] loop0: detected capacity change from 0 to 32768 [ 139.211067][ T6881] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6881) [ 139.227592][ T6881] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 139.236424][ T6881] BTRFS info (device loop0): doing ref verification [pid 6881] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6881] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6881] chdir("./bus") = 0 [pid 6881] ioctl(4, LOOP_CLR_FD) = 0 [pid 6881] close(4) = 0 [pid 6881] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6881] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6881] exit_group(0) = ? [pid 6881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6881, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 139.243050][ T6881] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 139.253908][ T6881] BTRFS info (device loop0): force zlib compression, level 3 [ 139.261365][ T6881] BTRFS info (device loop0): allowing degraded mounts [ 139.268240][ T6881] BTRFS info (device loop0): using free space tree [ 139.287870][ T6881] BTRFS info (device loop0): auto enabling async discard umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/bus") = 0 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6898 ./strace-static-x86_64: Process 6898 attached [pid 6898] set_robust_list(0x555557163660, 24) = 0 [pid 6898] chdir("./108") = 0 [pid 6898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6898] setpgid(0, 0) = 0 [pid 6898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6898] write(3, "1000", 4) = 4 [pid 6898] close(3) = 0 [pid 6898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6898] memfd_create("syzkaller", 0) = 3 [pid 6898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6898] munmap(0x7f5790a82000, 16777216) = 0 [pid 6898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6898] close(3) = 0 [pid 6898] mkdir("./bus", 0777) = 0 [ 139.768847][ T6898] loop0: detected capacity change from 0 to 32768 [ 139.779280][ T6898] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6898) [ 139.796183][ T6898] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 139.804968][ T6898] BTRFS info (device loop0): doing ref verification [pid 6898] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6898] chdir("./bus") = 0 [pid 6898] ioctl(4, LOOP_CLR_FD) = 0 [pid 6898] close(4) = 0 [pid 6898] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6898] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6898] exit_group(0) = ? [pid 6898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6898, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 139.811605][ T6898] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 139.822460][ T6898] BTRFS info (device loop0): force zlib compression, level 3 [ 139.829906][ T6898] BTRFS info (device loop0): allowing degraded mounts [ 139.836817][ T6898] BTRFS info (device loop0): using free space tree [ 139.856711][ T6898] BTRFS info (device loop0): auto enabling async discard umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/bus") = 0 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6915 ./strace-static-x86_64: Process 6915 attached [pid 6915] set_robust_list(0x555557163660, 24) = 0 [pid 6915] chdir("./109") = 0 [pid 6915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6915] setpgid(0, 0) = 0 [pid 6915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6915] write(3, "1000", 4) = 4 [pid 6915] close(3) = 0 [pid 6915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6915] memfd_create("syzkaller", 0) = 3 [pid 6915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6915] munmap(0x7f5790a82000, 16777216) = 0 [pid 6915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6915] close(3) = 0 [pid 6915] mkdir("./bus", 0777) = 0 [ 140.341104][ T6915] loop0: detected capacity change from 0 to 32768 [ 140.351302][ T6915] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6915) [ 140.367111][ T6915] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 140.376018][ T6915] BTRFS info (device loop0): doing ref verification [pid 6915] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6915] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6915] chdir("./bus") = 0 [pid 6915] ioctl(4, LOOP_CLR_FD) = 0 [pid 6915] close(4) = 0 [pid 6915] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6915] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6915] exit_group(0) = ? [pid 6915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6915, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 140.382760][ T6915] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 140.393630][ T6915] BTRFS info (device loop0): force zlib compression, level 3 [ 140.401455][ T6915] BTRFS info (device loop0): allowing degraded mounts [ 140.408305][ T6915] BTRFS info (device loop0): using free space tree [ 140.427160][ T6915] BTRFS info (device loop0): auto enabling async discard umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/bus") = 0 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6932 ./strace-static-x86_64: Process 6932 attached [pid 6932] set_robust_list(0x555557163660, 24) = 0 [pid 6932] chdir("./110") = 0 [pid 6932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6932] setpgid(0, 0) = 0 [pid 6932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6932] write(3, "1000", 4) = 4 [pid 6932] close(3) = 0 [pid 6932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6932] memfd_create("syzkaller", 0) = 3 [pid 6932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6932] munmap(0x7f5790a82000, 16777216) = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6932] close(3) = 0 [pid 6932] mkdir("./bus", 0777) = 0 [ 140.905743][ T6932] loop0: detected capacity change from 0 to 32768 [ 140.916545][ T6932] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6932) [ 140.931521][ T6932] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 140.940348][ T6932] BTRFS info (device loop0): doing ref verification [pid 6932] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6932] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6932] chdir("./bus") = 0 [pid 6932] ioctl(4, LOOP_CLR_FD) = 0 [pid 6932] close(4) = 0 [pid 6932] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6932] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6932] exit_group(0) = ? [pid 6932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6932, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 140.947042][ T6932] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 140.958064][ T6932] BTRFS info (device loop0): force zlib compression, level 3 [ 140.965590][ T6932] BTRFS info (device loop0): allowing degraded mounts [ 140.972569][ T6932] BTRFS info (device loop0): using free space tree [ 140.991794][ T6932] BTRFS info (device loop0): auto enabling async discard umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/bus") = 0 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6949 ./strace-static-x86_64: Process 6949 attached [pid 6949] set_robust_list(0x555557163660, 24) = 0 [pid 6949] chdir("./111") = 0 [pid 6949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6949] setpgid(0, 0) = 0 [pid 6949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6949] write(3, "1000", 4) = 4 [pid 6949] close(3) = 0 [pid 6949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6949] memfd_create("syzkaller", 0) = 3 [pid 6949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6949] munmap(0x7f5790a82000, 16777216) = 0 [pid 6949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6949] close(3) = 0 [pid 6949] mkdir("./bus", 0777) = 0 [ 141.470318][ T6949] loop0: detected capacity change from 0 to 32768 [ 141.480823][ T6949] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6949) [ 141.499224][ T6949] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 141.508343][ T6949] BTRFS info (device loop0): doing ref verification [pid 6949] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6949] chdir("./bus") = 0 [pid 6949] ioctl(4, LOOP_CLR_FD) = 0 [pid 6949] close(4) = 0 [pid 6949] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6949] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6949] exit_group(0) = ? [ 141.515465][ T6949] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 141.526397][ T6949] BTRFS info (device loop0): force zlib compression, level 3 [ 141.534119][ T6949] BTRFS info (device loop0): allowing degraded mounts [ 141.541217][ T6949] BTRFS info (device loop0): using free space tree [ 141.561349][ T6949] BTRFS info (device loop0): auto enabling async discard [pid 6949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6949, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/bus") = 0 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6966 ./strace-static-x86_64: Process 6966 attached [pid 6966] set_robust_list(0x555557163660, 24) = 0 [pid 6966] chdir("./112") = 0 [pid 6966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6966] setpgid(0, 0) = 0 [pid 6966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6966] write(3, "1000", 4) = 4 [pid 6966] close(3) = 0 [pid 6966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6966] memfd_create("syzkaller", 0) = 3 [pid 6966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6966] munmap(0x7f5790a82000, 16777216) = 0 [pid 6966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6966] close(3) = 0 [pid 6966] mkdir("./bus", 0777) = 0 [ 142.041422][ T6966] loop0: detected capacity change from 0 to 32768 [ 142.050922][ T6966] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6966) [ 142.066700][ T6966] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 142.075579][ T6966] BTRFS info (device loop0): doing ref verification [pid 6966] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6966] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6966] chdir("./bus") = 0 [pid 6966] ioctl(4, LOOP_CLR_FD) = 0 [pid 6966] close(4) = 0 [pid 6966] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6966] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6966] exit_group(0) = ? [pid 6966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6966, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 142.082263][ T6966] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 142.093155][ T6966] BTRFS info (device loop0): force zlib compression, level 3 [ 142.100652][ T6966] BTRFS info (device loop0): allowing degraded mounts [ 142.107725][ T6966] BTRFS info (device loop0): using free space tree [ 142.127538][ T6966] BTRFS info (device loop0): auto enabling async discard umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/bus") = 0 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 6983 ./strace-static-x86_64: Process 6983 attached [pid 6983] set_robust_list(0x555557163660, 24) = 0 [pid 6983] chdir("./113") = 0 [pid 6983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6983] setpgid(0, 0) = 0 [pid 6983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6983] write(3, "1000", 4) = 4 [pid 6983] close(3) = 0 [pid 6983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6983] memfd_create("syzkaller", 0) = 3 [pid 6983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 6983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6983] munmap(0x7f5790a82000, 16777216) = 0 [pid 6983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6983] close(3) = 0 [pid 6983] mkdir("./bus", 0777) = 0 [ 142.605791][ T6983] loop0: detected capacity change from 0 to 32768 [ 142.616579][ T6983] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (6983) [ 142.632278][ T6983] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 142.641407][ T6983] BTRFS info (device loop0): doing ref verification [pid 6983] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6983] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6983] chdir("./bus") = 0 [pid 6983] ioctl(4, LOOP_CLR_FD) = 0 [pid 6983] close(4) = 0 [pid 6983] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6983] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6983] exit_group(0) = ? [pid 6983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6983, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 142.648375][ T6983] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 142.659428][ T6983] BTRFS info (device loop0): force zlib compression, level 3 [ 142.667367][ T6983] BTRFS info (device loop0): allowing degraded mounts [ 142.674480][ T6983] BTRFS info (device loop0): using free space tree [ 142.695078][ T6983] BTRFS info (device loop0): auto enabling async discard umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/bus") = 0 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7000 ./strace-static-x86_64: Process 7000 attached [pid 7000] set_robust_list(0x555557163660, 24) = 0 [pid 7000] chdir("./114") = 0 [pid 7000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7000] setpgid(0, 0) = 0 [pid 7000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7000] write(3, "1000", 4) = 4 [pid 7000] close(3) = 0 [pid 7000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7000] memfd_create("syzkaller", 0) = 3 [pid 7000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7000] munmap(0x7f5790a82000, 16777216) = 0 [pid 7000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7000] close(3) = 0 [pid 7000] mkdir("./bus", 0777) = 0 [ 143.167956][ T7000] loop0: detected capacity change from 0 to 32768 [ 143.177855][ T7000] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7000) [ 143.192771][ T7000] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 143.201601][ T7000] BTRFS info (device loop0): doing ref verification [pid 7000] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7000] chdir("./bus") = 0 [pid 7000] ioctl(4, LOOP_CLR_FD) = 0 [pid 7000] close(4) = 0 [pid 7000] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7000] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7000] exit_group(0) = ? [pid 7000] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7000, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 143.208276][ T7000] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 143.219422][ T7000] BTRFS info (device loop0): force zlib compression, level 3 [ 143.227563][ T7000] BTRFS info (device loop0): allowing degraded mounts [ 143.234750][ T7000] BTRFS info (device loop0): using free space tree [ 143.253998][ T7000] BTRFS info (device loop0): auto enabling async discard umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/bus") = 0 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7017 ./strace-static-x86_64: Process 7017 attached [pid 7017] set_robust_list(0x555557163660, 24) = 0 [pid 7017] chdir("./115") = 0 [pid 7017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7017] setpgid(0, 0) = 0 [pid 7017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7017] write(3, "1000", 4) = 4 [pid 7017] close(3) = 0 [pid 7017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7017] memfd_create("syzkaller", 0) = 3 [pid 7017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7017] munmap(0x7f5790a82000, 16777216) = 0 [pid 7017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7017] close(3) = 0 [pid 7017] mkdir("./bus", 0777) = 0 [ 143.735670][ T7017] loop0: detected capacity change from 0 to 32768 [ 143.745819][ T7017] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7017) [ 143.762993][ T7017] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 143.771890][ T7017] BTRFS info (device loop0): doing ref verification [pid 7017] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7017] chdir("./bus") = 0 [pid 7017] ioctl(4, LOOP_CLR_FD) = 0 [pid 7017] close(4) = 0 [pid 7017] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7017] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7017] exit_group(0) = ? [pid 7017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7017, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 143.778979][ T7017] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 143.790086][ T7017] BTRFS info (device loop0): force zlib compression, level 3 [ 143.797553][ T7017] BTRFS info (device loop0): allowing degraded mounts [ 143.804326][ T7017] BTRFS info (device loop0): using free space tree [ 143.822209][ T7017] BTRFS info (device loop0): auto enabling async discard umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/bus") = 0 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7034 ./strace-static-x86_64: Process 7034 attached [pid 7034] set_robust_list(0x555557163660, 24) = 0 [pid 7034] chdir("./116") = 0 [pid 7034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7034] setpgid(0, 0) = 0 [pid 7034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7034] write(3, "1000", 4) = 4 [pid 7034] close(3) = 0 [pid 7034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7034] memfd_create("syzkaller", 0) = 3 [pid 7034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7034] munmap(0x7f5790a82000, 16777216) = 0 [pid 7034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7034] close(3) = 0 [pid 7034] mkdir("./bus", 0777) = 0 [ 144.296149][ T7034] loop0: detected capacity change from 0 to 32768 [ 144.306683][ T7034] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7034) [ 144.322311][ T7034] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 144.331151][ T7034] BTRFS info (device loop0): doing ref verification [pid 7034] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7034] chdir("./bus") = 0 [pid 7034] ioctl(4, LOOP_CLR_FD) = 0 [pid 7034] close(4) = 0 [pid 7034] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7034] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7034] exit_group(0) = ? [pid 7034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7034, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 144.337928][ T7034] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 144.348852][ T7034] BTRFS info (device loop0): force zlib compression, level 3 [ 144.356540][ T7034] BTRFS info (device loop0): allowing degraded mounts [ 144.363373][ T7034] BTRFS info (device loop0): using free space tree [ 144.383674][ T7034] BTRFS info (device loop0): auto enabling async discard umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/bus") = 0 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7051 ./strace-static-x86_64: Process 7051 attached [pid 7051] set_robust_list(0x555557163660, 24) = 0 [pid 7051] chdir("./117") = 0 [pid 7051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7051] setpgid(0, 0) = 0 [pid 7051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7051] write(3, "1000", 4) = 4 [pid 7051] close(3) = 0 [pid 7051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7051] memfd_create("syzkaller", 0) = 3 [pid 7051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7051] munmap(0x7f5790a82000, 16777216) = 0 [pid 7051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7051] close(3) = 0 [pid 7051] mkdir("./bus", 0777) = 0 [ 144.859343][ T7051] loop0: detected capacity change from 0 to 32768 [ 144.868936][ T7051] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7051) [ 144.886102][ T7051] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 144.894911][ T7051] BTRFS info (device loop0): doing ref verification [pid 7051] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7051] chdir("./bus") = 0 [pid 7051] ioctl(4, LOOP_CLR_FD) = 0 [pid 7051] close(4) = 0 [pid 7051] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7051] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7051] exit_group(0) = ? [pid 7051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7051, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 144.901533][ T7051] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 144.912394][ T7051] BTRFS info (device loop0): force zlib compression, level 3 [ 144.920085][ T7051] BTRFS info (device loop0): allowing degraded mounts [ 144.926973][ T7051] BTRFS info (device loop0): using free space tree [ 144.946808][ T7051] BTRFS info (device loop0): auto enabling async discard umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/bus") = 0 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7068 ./strace-static-x86_64: Process 7068 attached [pid 7068] set_robust_list(0x555557163660, 24) = 0 [pid 7068] chdir("./118") = 0 [pid 7068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7068] setpgid(0, 0) = 0 [pid 7068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7068] write(3, "1000", 4) = 4 [pid 7068] close(3) = 0 [pid 7068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7068] memfd_create("syzkaller", 0) = 3 [pid 7068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7068] munmap(0x7f5790a82000, 16777216) = 0 [pid 7068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7068] close(3) = 0 [pid 7068] mkdir("./bus", 0777) = 0 [ 145.430596][ T7068] loop0: detected capacity change from 0 to 32768 [ 145.441047][ T7068] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7068) [ 145.459098][ T7068] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 145.468224][ T7068] BTRFS info (device loop0): doing ref verification [pid 7068] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7068] chdir("./bus") = 0 [pid 7068] ioctl(4, LOOP_CLR_FD) = 0 [pid 7068] close(4) = 0 [pid 7068] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7068] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7068] exit_group(0) = ? [pid 7068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7068, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 145.474940][ T7068] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 145.485977][ T7068] BTRFS info (device loop0): force zlib compression, level 3 [ 145.493380][ T7068] BTRFS info (device loop0): allowing degraded mounts [ 145.500619][ T7068] BTRFS info (device loop0): using free space tree [ 145.521471][ T7068] BTRFS info (device loop0): auto enabling async discard umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/bus") = 0 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7085 ./strace-static-x86_64: Process 7085 attached [pid 7085] set_robust_list(0x555557163660, 24) = 0 [pid 7085] chdir("./119") = 0 [pid 7085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7085] setpgid(0, 0) = 0 [pid 7085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7085] write(3, "1000", 4) = 4 [pid 7085] close(3) = 0 [pid 7085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7085] memfd_create("syzkaller", 0) = 3 [pid 7085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7085] munmap(0x7f5790a82000, 16777216) = 0 [pid 7085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7085] close(3) = 0 [pid 7085] mkdir("./bus", 0777) = 0 [ 146.000612][ T7085] loop0: detected capacity change from 0 to 32768 [ 146.010873][ T7085] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7085) [ 146.025821][ T7085] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 146.034580][ T7085] BTRFS info (device loop0): doing ref verification [pid 7085] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7085] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7085] chdir("./bus") = 0 [pid 7085] ioctl(4, LOOP_CLR_FD) = 0 [pid 7085] close(4) = 0 [pid 7085] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7085] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7085] exit_group(0) = ? [pid 7085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7085, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 146.041282][ T7085] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 146.052434][ T7085] BTRFS info (device loop0): force zlib compression, level 3 [ 146.059962][ T7085] BTRFS info (device loop0): allowing degraded mounts [ 146.066892][ T7085] BTRFS info (device loop0): using free space tree [ 146.085853][ T7085] BTRFS info (device loop0): auto enabling async discard umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/bus") = 0 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7102 ./strace-static-x86_64: Process 7102 attached [pid 7102] set_robust_list(0x555557163660, 24) = 0 [pid 7102] chdir("./120") = 0 [pid 7102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7102] setpgid(0, 0) = 0 [pid 7102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7102] write(3, "1000", 4) = 4 [pid 7102] close(3) = 0 [pid 7102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7102] memfd_create("syzkaller", 0) = 3 [pid 7102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7102] munmap(0x7f5790a82000, 16777216) = 0 [pid 7102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7102] close(3) = 0 [pid 7102] mkdir("./bus", 0777) = 0 [ 146.556504][ T7102] loop0: detected capacity change from 0 to 32768 [ 146.567324][ T7102] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7102) [ 146.584089][ T7102] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 146.593295][ T7102] BTRFS info (device loop0): doing ref verification [pid 7102] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7102] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7102] chdir("./bus") = 0 [pid 7102] ioctl(4, LOOP_CLR_FD) = 0 [pid 7102] close(4) = 0 [pid 7102] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7102] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7102] exit_group(0) = ? [pid 7102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7102, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 146.600214][ T7102] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 146.611426][ T7102] BTRFS info (device loop0): force zlib compression, level 3 [ 146.619181][ T7102] BTRFS info (device loop0): allowing degraded mounts [ 146.626410][ T7102] BTRFS info (device loop0): using free space tree [ 146.645323][ T7102] BTRFS info (device loop0): auto enabling async discard umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/bus") = 0 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7119 ./strace-static-x86_64: Process 7119 attached [pid 7119] set_robust_list(0x555557163660, 24) = 0 [pid 7119] chdir("./121") = 0 [pid 7119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7119] setpgid(0, 0) = 0 [pid 7119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7119] write(3, "1000", 4) = 4 [pid 7119] close(3) = 0 [pid 7119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7119] memfd_create("syzkaller", 0) = 3 [pid 7119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7119] munmap(0x7f5790a82000, 16777216) = 0 [pid 7119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7119] close(3) = 0 [pid 7119] mkdir("./bus", 0777) = 0 [ 147.126331][ T7119] loop0: detected capacity change from 0 to 32768 [ 147.136344][ T7119] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7119) [ 147.151732][ T7119] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 147.161085][ T7119] BTRFS info (device loop0): doing ref verification [pid 7119] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7119] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7119] chdir("./bus") = 0 [pid 7119] ioctl(4, LOOP_CLR_FD) = 0 [pid 7119] close(4) = 0 [pid 7119] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7119] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7119] exit_group(0) = ? [pid 7119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7119, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 147.168027][ T7119] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 147.179200][ T7119] BTRFS info (device loop0): force zlib compression, level 3 [ 147.186684][ T7119] BTRFS info (device loop0): allowing degraded mounts [ 147.193605][ T7119] BTRFS info (device loop0): using free space tree [ 147.214043][ T7119] BTRFS info (device loop0): auto enabling async discard umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/bus") = 0 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7136 ./strace-static-x86_64: Process 7136 attached [pid 7136] set_robust_list(0x555557163660, 24) = 0 [pid 7136] chdir("./122") = 0 [pid 7136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7136] setpgid(0, 0) = 0 [pid 7136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7136] write(3, "1000", 4) = 4 [pid 7136] close(3) = 0 [pid 7136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7136] memfd_create("syzkaller", 0) = 3 [pid 7136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7136] munmap(0x7f5790a82000, 16777216) = 0 [pid 7136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7136] close(3) = 0 [pid 7136] mkdir("./bus", 0777) = 0 [ 147.695980][ T7136] loop0: detected capacity change from 0 to 32768 [ 147.706126][ T7136] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7136) [ 147.723464][ T7136] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 147.732555][ T7136] BTRFS info (device loop0): doing ref verification [pid 7136] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7136] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7136] chdir("./bus") = 0 [pid 7136] ioctl(4, LOOP_CLR_FD) = 0 [pid 7136] close(4) = 0 [pid 7136] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7136] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7136] exit_group(0) = ? [pid 7136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7136, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 147.739472][ T7136] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 147.750423][ T7136] BTRFS info (device loop0): force zlib compression, level 3 [ 147.758151][ T7136] BTRFS info (device loop0): allowing degraded mounts [ 147.765481][ T7136] BTRFS info (device loop0): using free space tree [ 147.784742][ T7136] BTRFS info (device loop0): auto enabling async discard umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/bus") = 0 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7153 ./strace-static-x86_64: Process 7153 attached [pid 7153] set_robust_list(0x555557163660, 24) = 0 [pid 7153] chdir("./123") = 0 [pid 7153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7153] setpgid(0, 0) = 0 [pid 7153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7153] write(3, "1000", 4) = 4 [pid 7153] close(3) = 0 [pid 7153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7153] memfd_create("syzkaller", 0) = 3 [pid 7153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7153] munmap(0x7f5790a82000, 16777216) = 0 [pid 7153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7153] close(3) = 0 [pid 7153] mkdir("./bus", 0777) = 0 [ 148.291676][ T7153] loop0: detected capacity change from 0 to 32768 [ 148.304190][ T7153] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7153) [ 148.320338][ T7153] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 148.329367][ T7153] BTRFS info (device loop0): doing ref verification [pid 7153] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7153] chdir("./bus") = 0 [pid 7153] ioctl(4, LOOP_CLR_FD) = 0 [pid 7153] close(4) = 0 [pid 7153] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7153] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7153] exit_group(0) = ? [pid 7153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7153, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [ 148.336212][ T7153] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 148.347185][ T7153] BTRFS info (device loop0): force zlib compression, level 3 [ 148.354688][ T7153] BTRFS info (device loop0): allowing degraded mounts [ 148.361643][ T7153] BTRFS info (device loop0): using free space tree [ 148.383988][ T7153] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/bus") = 0 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7170 ./strace-static-x86_64: Process 7170 attached [pid 7170] set_robust_list(0x555557163660, 24) = 0 [pid 7170] chdir("./124") = 0 [pid 7170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7170] setpgid(0, 0) = 0 [pid 7170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7170] write(3, "1000", 4) = 4 [pid 7170] close(3) = 0 [pid 7170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7170] memfd_create("syzkaller", 0) = 3 [pid 7170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7170] munmap(0x7f5790a82000, 16777216) = 0 [pid 7170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7170] close(3) = 0 [pid 7170] mkdir("./bus", 0777) = 0 [ 149.062956][ T7170] loop0: detected capacity change from 0 to 32768 [ 149.072667][ T7170] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7170) [ 149.088464][ T7170] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 149.097624][ T7170] BTRFS info (device loop0): doing ref verification [pid 7170] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7170] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7170] chdir("./bus") = 0 [pid 7170] ioctl(4, LOOP_CLR_FD) = 0 [pid 7170] close(4) = 0 [pid 7170] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7170] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7170] exit_group(0) = ? [pid 7170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7170, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=21 /* 0.21 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 149.104597][ T7170] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 149.115906][ T7170] BTRFS info (device loop0): force zlib compression, level 3 [ 149.123354][ T7170] BTRFS info (device loop0): allowing degraded mounts [ 149.130642][ T7170] BTRFS info (device loop0): using free space tree [ 149.149952][ T7170] BTRFS info (device loop0): auto enabling async discard umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/bus") = 0 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7187 ./strace-static-x86_64: Process 7187 attached [pid 7187] set_robust_list(0x555557163660, 24) = 0 [pid 7187] chdir("./125") = 0 [pid 7187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7187] setpgid(0, 0) = 0 [pid 7187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7187] write(3, "1000", 4) = 4 [pid 7187] close(3) = 0 [pid 7187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7187] memfd_create("syzkaller", 0) = 3 [pid 7187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7187] munmap(0x7f5790a82000, 16777216) = 0 [pid 7187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7187] close(3) = 0 [pid 7187] mkdir("./bus", 0777) = 0 [ 149.615734][ T7187] loop0: detected capacity change from 0 to 32768 [ 149.627032][ T7187] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7187) [ 149.642030][ T7187] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 149.651100][ T7187] BTRFS info (device loop0): doing ref verification [pid 7187] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7187] chdir("./bus") = 0 [pid 7187] ioctl(4, LOOP_CLR_FD) = 0 [pid 7187] close(4) = 0 [pid 7187] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7187] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7187] exit_group(0) = ? [pid 7187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7187, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 149.657894][ T7187] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 149.669039][ T7187] BTRFS info (device loop0): force zlib compression, level 3 [ 149.676938][ T7187] BTRFS info (device loop0): allowing degraded mounts [ 149.684049][ T7187] BTRFS info (device loop0): using free space tree [ 149.703150][ T7187] BTRFS info (device loop0): auto enabling async discard umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/bus") = 0 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7204 ./strace-static-x86_64: Process 7204 attached [pid 7204] set_robust_list(0x555557163660, 24) = 0 [pid 7204] chdir("./126") = 0 [pid 7204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7204] setpgid(0, 0) = 0 [pid 7204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7204] write(3, "1000", 4) = 4 [pid 7204] close(3) = 0 [pid 7204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7204] memfd_create("syzkaller", 0) = 3 [pid 7204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7204] munmap(0x7f5790a82000, 16777216) = 0 [pid 7204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7204] close(3) = 0 [pid 7204] mkdir("./bus", 0777) = 0 [ 150.183640][ T7204] loop0: detected capacity change from 0 to 32768 [ 150.194332][ T7204] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7204) [ 150.210399][ T7204] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 150.219504][ T7204] BTRFS info (device loop0): doing ref verification [pid 7204] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7204] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7204] chdir("./bus") = 0 [pid 7204] ioctl(4, LOOP_CLR_FD) = 0 [pid 7204] close(4) = 0 [pid 7204] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7204] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7204] exit_group(0) = ? [pid 7204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7204, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 150.226584][ T7204] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 150.237662][ T7204] BTRFS info (device loop0): force zlib compression, level 3 [ 150.245449][ T7204] BTRFS info (device loop0): allowing degraded mounts [ 150.252238][ T7204] BTRFS info (device loop0): using free space tree [ 150.271375][ T7204] BTRFS info (device loop0): auto enabling async discard umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/bus") = 0 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7221 ./strace-static-x86_64: Process 7221 attached [pid 7221] set_robust_list(0x555557163660, 24) = 0 [pid 7221] chdir("./127") = 0 [pid 7221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7221] setpgid(0, 0) = 0 [pid 7221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7221] write(3, "1000", 4) = 4 [pid 7221] close(3) = 0 [pid 7221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7221] memfd_create("syzkaller", 0) = 3 [pid 7221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7221] munmap(0x7f5790a82000, 16777216) = 0 [pid 7221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7221] close(3) = 0 [pid 7221] mkdir("./bus", 0777) = 0 [ 150.732550][ T7221] loop0: detected capacity change from 0 to 32768 [ 150.741814][ T7221] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7221) [ 150.757397][ T7221] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 150.766239][ T7221] BTRFS info (device loop0): doing ref verification [pid 7221] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7221] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7221] chdir("./bus") = 0 [pid 7221] ioctl(4, LOOP_CLR_FD) = 0 [pid 7221] close(4) = 0 [pid 7221] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7221] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7221] exit_group(0) = ? [pid 7221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7221, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 150.772877][ T7221] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 150.783712][ T7221] BTRFS info (device loop0): force zlib compression, level 3 [ 150.791244][ T7221] BTRFS info (device loop0): allowing degraded mounts [ 150.798160][ T7221] BTRFS info (device loop0): using free space tree [ 150.817947][ T7221] BTRFS info (device loop0): auto enabling async discard umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/bus") = 0 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7238 ./strace-static-x86_64: Process 7238 attached [pid 7238] set_robust_list(0x555557163660, 24) = 0 [pid 7238] chdir("./128") = 0 [pid 7238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7238] setpgid(0, 0) = 0 [pid 7238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7238] write(3, "1000", 4) = 4 [pid 7238] close(3) = 0 [pid 7238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7238] memfd_create("syzkaller", 0) = 3 [pid 7238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7238] munmap(0x7f5790a82000, 16777216) = 0 [pid 7238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7238] close(3) = 0 [pid 7238] mkdir("./bus", 0777) = 0 [ 151.303797][ T7238] loop0: detected capacity change from 0 to 32768 [ 151.314228][ T7238] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7238) [ 151.330100][ T7238] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 151.339218][ T7238] BTRFS info (device loop0): doing ref verification [pid 7238] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7238] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7238] chdir("./bus") = 0 [pid 7238] ioctl(4, LOOP_CLR_FD) = 0 [pid 7238] close(4) = 0 [pid 7238] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7238] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7238] exit_group(0) = ? [pid 7238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7238, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 151.346234][ T7238] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 151.357438][ T7238] BTRFS info (device loop0): force zlib compression, level 3 [ 151.365011][ T7238] BTRFS info (device loop0): allowing degraded mounts [ 151.372163][ T7238] BTRFS info (device loop0): using free space tree [ 151.391782][ T7238] BTRFS info (device loop0): auto enabling async discard umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/bus") = 0 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7255 ./strace-static-x86_64: Process 7255 attached [pid 7255] set_robust_list(0x555557163660, 24) = 0 [pid 7255] chdir("./129") = 0 [pid 7255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7255] setpgid(0, 0) = 0 [pid 7255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7255] write(3, "1000", 4) = 4 [pid 7255] close(3) = 0 [pid 7255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7255] memfd_create("syzkaller", 0) = 3 [pid 7255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7255] munmap(0x7f5790a82000, 16777216) = 0 [pid 7255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7255] close(3) = 0 [pid 7255] mkdir("./bus", 0777) = 0 [ 151.869552][ T7255] loop0: detected capacity change from 0 to 32768 [ 151.879399][ T7255] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7255) [ 151.894908][ T7255] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 151.903668][ T7255] BTRFS info (device loop0): doing ref verification [pid 7255] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7255] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7255] chdir("./bus") = 0 [pid 7255] ioctl(4, LOOP_CLR_FD) = 0 [pid 7255] close(4) = 0 [pid 7255] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7255] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7255] exit_group(0) = ? [pid 7255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7255, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 151.910505][ T7255] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 151.921349][ T7255] BTRFS info (device loop0): force zlib compression, level 3 [ 151.928842][ T7255] BTRFS info (device loop0): allowing degraded mounts [ 151.935760][ T7255] BTRFS info (device loop0): using free space tree [ 151.954618][ T7255] BTRFS info (device loop0): auto enabling async discard umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/bus") = 0 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7272 ./strace-static-x86_64: Process 7272 attached [pid 7272] set_robust_list(0x555557163660, 24) = 0 [pid 7272] chdir("./130") = 0 [pid 7272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7272] setpgid(0, 0) = 0 [pid 7272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7272] write(3, "1000", 4) = 4 [pid 7272] close(3) = 0 [pid 7272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7272] memfd_create("syzkaller", 0) = 3 [pid 7272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7272] munmap(0x7f5790a82000, 16777216) = 0 [pid 7272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7272] close(3) = 0 [pid 7272] mkdir("./bus", 0777) = 0 [ 152.432169][ T7272] loop0: detected capacity change from 0 to 32768 [ 152.442387][ T7272] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7272) [ 152.457819][ T7272] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 152.466617][ T7272] BTRFS info (device loop0): doing ref verification [pid 7272] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7272] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7272] chdir("./bus") = 0 [pid 7272] ioctl(4, LOOP_CLR_FD) = 0 [pid 7272] close(4) = 0 [pid 7272] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7272] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7272] exit_group(0) = ? [pid 7272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7272, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 152.473240][ T7272] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 152.484107][ T7272] BTRFS info (device loop0): force zlib compression, level 3 [ 152.491577][ T7272] BTRFS info (device loop0): allowing degraded mounts [ 152.498460][ T7272] BTRFS info (device loop0): using free space tree [ 152.517614][ T7272] BTRFS info (device loop0): auto enabling async discard umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/bus") = 0 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7289 ./strace-static-x86_64: Process 7289 attached [pid 7289] set_robust_list(0x555557163660, 24) = 0 [pid 7289] chdir("./131") = 0 [pid 7289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7289] setpgid(0, 0) = 0 [pid 7289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7289] write(3, "1000", 4) = 4 [pid 7289] close(3) = 0 [pid 7289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7289] memfd_create("syzkaller", 0) = 3 [pid 7289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7289] munmap(0x7f5790a82000, 16777216) = 0 [pid 7289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7289] close(3) = 0 [pid 7289] mkdir("./bus", 0777) = 0 [ 152.987758][ T7289] loop0: detected capacity change from 0 to 32768 [ 152.997693][ T7289] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7289) [ 153.012960][ T7289] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 153.021778][ T7289] BTRFS info (device loop0): doing ref verification [pid 7289] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7289] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7289] chdir("./bus") = 0 [pid 7289] ioctl(4, LOOP_CLR_FD) = 0 [pid 7289] close(4) = 0 [pid 7289] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7289] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7289] exit_group(0) = ? [pid 7289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7289, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 153.028513][ T7289] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 153.039356][ T7289] BTRFS info (device loop0): force zlib compression, level 3 [ 153.046836][ T7289] BTRFS info (device loop0): allowing degraded mounts [ 153.053738][ T7289] BTRFS info (device loop0): using free space tree [ 153.073578][ T7289] BTRFS info (device loop0): auto enabling async discard umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/bus") = 0 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7306 ./strace-static-x86_64: Process 7306 attached [pid 7306] set_robust_list(0x555557163660, 24) = 0 [pid 7306] chdir("./132") = 0 [pid 7306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7306] setpgid(0, 0) = 0 [pid 7306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7306] write(3, "1000", 4) = 4 [pid 7306] close(3) = 0 [pid 7306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7306] memfd_create("syzkaller", 0) = 3 [pid 7306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7306] munmap(0x7f5790a82000, 16777216) = 0 [pid 7306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7306] close(3) = 0 [pid 7306] mkdir("./bus", 0777) = 0 [ 153.552255][ T7306] loop0: detected capacity change from 0 to 32768 [ 153.562055][ T7306] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7306) [ 153.577012][ T7306] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 153.585878][ T7306] BTRFS info (device loop0): doing ref verification [pid 7306] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7306] chdir("./bus") = 0 [pid 7306] ioctl(4, LOOP_CLR_FD) = 0 [pid 7306] close(4) = 0 [pid 7306] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7306] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7306] exit_group(0) = ? [pid 7306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7306, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 153.592507][ T7306] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 153.603395][ T7306] BTRFS info (device loop0): force zlib compression, level 3 [ 153.610846][ T7306] BTRFS info (device loop0): allowing degraded mounts [ 153.617695][ T7306] BTRFS info (device loop0): using free space tree [ 153.638173][ T7306] BTRFS info (device loop0): auto enabling async discard umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/bus") = 0 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7323 ./strace-static-x86_64: Process 7323 attached [pid 7323] set_robust_list(0x555557163660, 24) = 0 [pid 7323] chdir("./133") = 0 [pid 7323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7323] setpgid(0, 0) = 0 [pid 7323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7323] write(3, "1000", 4) = 4 [pid 7323] close(3) = 0 [pid 7323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7323] memfd_create("syzkaller", 0) = 3 [pid 7323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7323] munmap(0x7f5790a82000, 16777216) = 0 [pid 7323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7323] close(3) = 0 [pid 7323] mkdir("./bus", 0777) = 0 [ 154.165553][ T7323] loop0: detected capacity change from 0 to 32768 [ 154.174878][ T7323] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7323) [ 154.189647][ T7323] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 154.198492][ T7323] BTRFS info (device loop0): doing ref verification [ 154.205176][ T7323] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 7323] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7323] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7323] chdir("./bus") = 0 [pid 7323] ioctl(4, LOOP_CLR_FD) = 0 [pid 7323] close(4) = 0 [pid 7323] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7323] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7323] exit_group(0) = ? [pid 7323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7323, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 154.216022][ T7323] BTRFS info (device loop0): force zlib compression, level 3 [ 154.223471][ T7323] BTRFS info (device loop0): allowing degraded mounts [ 154.230320][ T7323] BTRFS info (device loop0): using free space tree [ 154.250142][ T7323] BTRFS info (device loop0): auto enabling async discard umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/bus") = 0 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7340 ./strace-static-x86_64: Process 7340 attached [pid 7340] set_robust_list(0x555557163660, 24) = 0 [pid 7340] chdir("./134") = 0 [pid 7340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7340] setpgid(0, 0) = 0 [pid 7340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7340] write(3, "1000", 4) = 4 [pid 7340] close(3) = 0 [pid 7340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7340] memfd_create("syzkaller", 0) = 3 [pid 7340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7340] munmap(0x7f5790a82000, 16777216) = 0 [pid 7340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7340] close(3) = 0 [pid 7340] mkdir("./bus", 0777) = 0 [ 154.727375][ T7340] loop0: detected capacity change from 0 to 32768 [ 154.738863][ T7340] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7340) [ 154.756023][ T7340] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 154.764937][ T7340] BTRFS info (device loop0): doing ref verification [pid 7340] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7340] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7340] chdir("./bus") = 0 [pid 7340] ioctl(4, LOOP_CLR_FD) = 0 [pid 7340] close(4) = 0 [pid 7340] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7340] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7340] exit_group(0) = ? [pid 7340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7340, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 154.771602][ T7340] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 154.782826][ T7340] BTRFS info (device loop0): force zlib compression, level 3 [ 154.790518][ T7340] BTRFS info (device loop0): allowing degraded mounts [ 154.797627][ T7340] BTRFS info (device loop0): using free space tree [ 154.818437][ T7340] BTRFS info (device loop0): auto enabling async discard umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/bus") = 0 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7357 ./strace-static-x86_64: Process 7357 attached [pid 7357] set_robust_list(0x555557163660, 24) = 0 [pid 7357] chdir("./135") = 0 [pid 7357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7357] setpgid(0, 0) = 0 [pid 7357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7357] write(3, "1000", 4) = 4 [pid 7357] close(3) = 0 [pid 7357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7357] memfd_create("syzkaller", 0) = 3 [pid 7357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7357] munmap(0x7f5790a82000, 16777216) = 0 [pid 7357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7357] close(3) = 0 [pid 7357] mkdir("./bus", 0777) = 0 [ 155.295792][ T7357] loop0: detected capacity change from 0 to 32768 [ 155.305240][ T7357] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7357) [ 155.321928][ T7357] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 155.330770][ T7357] BTRFS info (device loop0): doing ref verification [pid 7357] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7357] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7357] chdir("./bus") = 0 [pid 7357] ioctl(4, LOOP_CLR_FD) = 0 [pid 7357] close(4) = 0 [pid 7357] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7357] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7357] exit_group(0) = ? [pid 7357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7357, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 155.337456][ T7357] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 155.348404][ T7357] BTRFS info (device loop0): force zlib compression, level 3 [ 155.355837][ T7357] BTRFS info (device loop0): allowing degraded mounts [ 155.362632][ T7357] BTRFS info (device loop0): using free space tree [ 155.381897][ T7357] BTRFS info (device loop0): auto enabling async discard umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/bus") = 0 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7374 ./strace-static-x86_64: Process 7374 attached [pid 7374] set_robust_list(0x555557163660, 24) = 0 [pid 7374] chdir("./136") = 0 [pid 7374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7374] setpgid(0, 0) = 0 [pid 7374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7374] write(3, "1000", 4) = 4 [pid 7374] close(3) = 0 [pid 7374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7374] memfd_create("syzkaller", 0) = 3 [pid 7374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7374] munmap(0x7f5790a82000, 16777216) = 0 [pid 7374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7374] close(3) = 0 [pid 7374] mkdir("./bus", 0777) = 0 [ 155.844418][ T7374] loop0: detected capacity change from 0 to 32768 [ 155.854855][ T7374] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7374) [ 155.870640][ T7374] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 155.879709][ T7374] BTRFS info (device loop0): doing ref verification [pid 7374] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7374] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7374] chdir("./bus") = 0 [pid 7374] ioctl(4, LOOP_CLR_FD) = 0 [pid 7374] close(4) = 0 [pid 7374] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7374] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7374] exit_group(0) = ? [pid 7374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7374, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 155.886687][ T7374] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 155.897849][ T7374] BTRFS info (device loop0): force zlib compression, level 3 [ 155.905497][ T7374] BTRFS info (device loop0): allowing degraded mounts [ 155.912281][ T7374] BTRFS info (device loop0): using free space tree [ 155.931888][ T7374] BTRFS info (device loop0): auto enabling async discard umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/bus") = 0 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7391 ./strace-static-x86_64: Process 7391 attached [pid 7391] set_robust_list(0x555557163660, 24) = 0 [pid 7391] chdir("./137") = 0 [pid 7391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7391] setpgid(0, 0) = 0 [pid 7391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7391] write(3, "1000", 4) = 4 [pid 7391] close(3) = 0 [pid 7391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7391] memfd_create("syzkaller", 0) = 3 [pid 7391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7391] munmap(0x7f5790a82000, 16777216) = 0 [pid 7391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7391] close(3) = 0 [pid 7391] mkdir("./bus", 0777) = 0 [ 156.422738][ T7391] loop0: detected capacity change from 0 to 32768 [ 156.433765][ T7391] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7391) [ 156.451108][ T7391] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 156.459956][ T7391] BTRFS info (device loop0): doing ref verification [pid 7391] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7391] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7391] chdir("./bus") = 0 [pid 7391] ioctl(4, LOOP_CLR_FD) = 0 [pid 7391] close(4) = 0 [pid 7391] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7391] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7391] exit_group(0) = ? [pid 7391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7391, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 156.466656][ T7391] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 156.477827][ T7391] BTRFS info (device loop0): force zlib compression, level 3 [ 156.485738][ T7391] BTRFS info (device loop0): allowing degraded mounts [ 156.492587][ T7391] BTRFS info (device loop0): using free space tree [ 156.512809][ T7391] BTRFS info (device loop0): auto enabling async discard umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/bus") = 0 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7408 ./strace-static-x86_64: Process 7408 attached [pid 7408] set_robust_list(0x555557163660, 24) = 0 [pid 7408] chdir("./138") = 0 [pid 7408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7408] setpgid(0, 0) = 0 [pid 7408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7408] write(3, "1000", 4) = 4 [pid 7408] close(3) = 0 [pid 7408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7408] memfd_create("syzkaller", 0) = 3 [pid 7408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7408] munmap(0x7f5790a82000, 16777216) = 0 [pid 7408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7408] close(3) = 0 [pid 7408] mkdir("./bus", 0777) = 0 [ 156.990903][ T7408] loop0: detected capacity change from 0 to 32768 [ 157.000777][ T7408] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7408) [ 157.015973][ T7408] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 157.024725][ T7408] BTRFS info (device loop0): doing ref verification [pid 7408] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7408] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7408] chdir("./bus") = 0 [pid 7408] ioctl(4, LOOP_CLR_FD) = 0 [pid 7408] close(4) = 0 [pid 7408] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7408] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7408] exit_group(0) = ? [pid 7408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7408, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 157.031439][ T7408] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 157.042529][ T7408] BTRFS info (device loop0): force zlib compression, level 3 [ 157.050289][ T7408] BTRFS info (device loop0): allowing degraded mounts [ 157.057190][ T7408] BTRFS info (device loop0): using free space tree [ 157.076864][ T7408] BTRFS info (device loop0): auto enabling async discard umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/bus") = 0 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7425 ./strace-static-x86_64: Process 7425 attached [pid 7425] set_robust_list(0x555557163660, 24) = 0 [pid 7425] chdir("./139") = 0 [pid 7425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7425] setpgid(0, 0) = 0 [pid 7425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7425] write(3, "1000", 4) = 4 [pid 7425] close(3) = 0 [pid 7425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7425] memfd_create("syzkaller", 0) = 3 [pid 7425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7425] munmap(0x7f5790a82000, 16777216) = 0 [pid 7425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7425] close(3) = 0 [pid 7425] mkdir("./bus", 0777) = 0 [ 157.562378][ T7425] loop0: detected capacity change from 0 to 32768 [ 157.572685][ T7425] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7425) [ 157.589756][ T7425] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 157.598560][ T7425] BTRFS info (device loop0): doing ref verification [pid 7425] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7425] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7425] chdir("./bus") = 0 [pid 7425] ioctl(4, LOOP_CLR_FD) = 0 [pid 7425] close(4) = 0 [pid 7425] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7425] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7425] exit_group(0) = ? [pid 7425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7425, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 157.605239][ T7425] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 157.616130][ T7425] BTRFS info (device loop0): force zlib compression, level 3 [ 157.623557][ T7425] BTRFS info (device loop0): allowing degraded mounts [ 157.630402][ T7425] BTRFS info (device loop0): using free space tree [ 157.649331][ T7425] BTRFS info (device loop0): auto enabling async discard umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/bus") = 0 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7442 ./strace-static-x86_64: Process 7442 attached [pid 7442] set_robust_list(0x555557163660, 24) = 0 [pid 7442] chdir("./140") = 0 [pid 7442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7442] setpgid(0, 0) = 0 [pid 7442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7442] write(3, "1000", 4) = 4 [pid 7442] close(3) = 0 [pid 7442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7442] memfd_create("syzkaller", 0) = 3 [pid 7442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7442] munmap(0x7f5790a82000, 16777216) = 0 [pid 7442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7442] close(3) = 0 [pid 7442] mkdir("./bus", 0777) = 0 [ 158.130168][ T7442] loop0: detected capacity change from 0 to 32768 [ 158.140277][ T7442] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7442) [ 158.156106][ T7442] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 158.164942][ T7442] BTRFS info (device loop0): doing ref verification [pid 7442] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7442] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7442] chdir("./bus") = 0 [pid 7442] ioctl(4, LOOP_CLR_FD) = 0 [pid 7442] close(4) = 0 [pid 7442] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7442] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7442] exit_group(0) = ? [pid 7442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7442, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 158.171615][ T7442] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 158.182498][ T7442] BTRFS info (device loop0): force zlib compression, level 3 [ 158.189969][ T7442] BTRFS info (device loop0): allowing degraded mounts [ 158.196791][ T7442] BTRFS info (device loop0): using free space tree [ 158.215664][ T7442] BTRFS info (device loop0): auto enabling async discard umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/bus") = 0 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7459 ./strace-static-x86_64: Process 7459 attached [pid 7459] set_robust_list(0x555557163660, 24) = 0 [pid 7459] chdir("./141") = 0 [pid 7459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7459] setpgid(0, 0) = 0 [pid 7459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7459] write(3, "1000", 4) = 4 [pid 7459] close(3) = 0 [pid 7459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7459] memfd_create("syzkaller", 0) = 3 [pid 7459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7459] munmap(0x7f5790a82000, 16777216) = 0 [pid 7459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7459] close(3) = 0 [pid 7459] mkdir("./bus", 0777) = 0 [ 158.699951][ T7459] loop0: detected capacity change from 0 to 32768 [ 158.710132][ T7459] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7459) [ 158.725633][ T7459] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 158.734919][ T7459] BTRFS info (device loop0): doing ref verification [pid 7459] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7459] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7459] chdir("./bus") = 0 [pid 7459] ioctl(4, LOOP_CLR_FD) = 0 [pid 7459] close(4) = 0 [pid 7459] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7459] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7459] exit_group(0) = ? [pid 7459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7459, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 158.741678][ T7459] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 158.753007][ T7459] BTRFS info (device loop0): force zlib compression, level 3 [ 158.760551][ T7459] BTRFS info (device loop0): allowing degraded mounts [ 158.768280][ T7459] BTRFS info (device loop0): using free space tree [ 158.787033][ T7459] BTRFS info (device loop0): auto enabling async discard umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/bus") = 0 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7476 ./strace-static-x86_64: Process 7476 attached [pid 7476] set_robust_list(0x555557163660, 24) = 0 [pid 7476] chdir("./142") = 0 [pid 7476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7476] setpgid(0, 0) = 0 [pid 7476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7476] write(3, "1000", 4) = 4 [pid 7476] close(3) = 0 [pid 7476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7476] memfd_create("syzkaller", 0) = 3 [pid 7476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7476] munmap(0x7f5790a82000, 16777216) = 0 [pid 7476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7476] close(3) = 0 [pid 7476] mkdir("./bus", 0777) = 0 [ 159.264286][ T7476] loop0: detected capacity change from 0 to 32768 [ 159.274140][ T7476] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7476) [ 159.290621][ T7476] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 159.299768][ T7476] BTRFS info (device loop0): doing ref verification [pid 7476] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7476] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7476] chdir("./bus") = 0 [pid 7476] ioctl(4, LOOP_CLR_FD) = 0 [pid 7476] close(4) = 0 [pid 7476] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7476] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7476] exit_group(0) = ? [pid 7476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7476, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 159.306827][ T7476] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 159.317974][ T7476] BTRFS info (device loop0): force zlib compression, level 3 [ 159.325662][ T7476] BTRFS info (device loop0): allowing degraded mounts [ 159.332474][ T7476] BTRFS info (device loop0): using free space tree [ 159.352286][ T7476] BTRFS info (device loop0): auto enabling async discard umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/bus") = 0 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7493 ./strace-static-x86_64: Process 7493 attached [pid 7493] set_robust_list(0x555557163660, 24) = 0 [pid 7493] chdir("./143") = 0 [pid 7493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7493] setpgid(0, 0) = 0 [pid 7493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7493] write(3, "1000", 4) = 4 [pid 7493] close(3) = 0 [pid 7493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7493] memfd_create("syzkaller", 0) = 3 [pid 7493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7493] munmap(0x7f5790a82000, 16777216) = 0 [pid 7493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7493] close(3) = 0 [pid 7493] mkdir("./bus", 0777) = 0 [ 159.827424][ T7493] loop0: detected capacity change from 0 to 32768 [ 159.837729][ T7493] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7493) [ 159.854328][ T7493] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 159.863409][ T7493] BTRFS info (device loop0): doing ref verification [pid 7493] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7493] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7493] chdir("./bus") = 0 [pid 7493] ioctl(4, LOOP_CLR_FD) = 0 [pid 7493] close(4) = 0 [pid 7493] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7493] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7493] exit_group(0) = ? [pid 7493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7493, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 159.870384][ T7493] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 159.881512][ T7493] BTRFS info (device loop0): force zlib compression, level 3 [ 159.890101][ T7493] BTRFS info (device loop0): allowing degraded mounts [ 159.897209][ T7493] BTRFS info (device loop0): using free space tree [ 159.916520][ T7493] BTRFS info (device loop0): auto enabling async discard umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/bus") = 0 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7510 ./strace-static-x86_64: Process 7510 attached [pid 7510] set_robust_list(0x555557163660, 24) = 0 [pid 7510] chdir("./144") = 0 [pid 7510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7510] setpgid(0, 0) = 0 [pid 7510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7510] write(3, "1000", 4) = 4 [pid 7510] close(3) = 0 [pid 7510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7510] memfd_create("syzkaller", 0) = 3 [pid 7510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7510] munmap(0x7f5790a82000, 16777216) = 0 [pid 7510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7510] close(3) = 0 [pid 7510] mkdir("./bus", 0777) = 0 [ 160.393523][ T7510] loop0: detected capacity change from 0 to 32768 [ 160.403345][ T7510] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7510) [ 160.421496][ T7510] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 160.430390][ T7510] BTRFS info (device loop0): doing ref verification [pid 7510] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7510] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7510] chdir("./bus") = 0 [pid 7510] ioctl(4, LOOP_CLR_FD) = 0 [pid 7510] close(4) = 0 [pid 7510] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7510] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7510] exit_group(0) = ? [pid 7510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7510, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=24 /* 0.24 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 160.437087][ T7510] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 160.448151][ T7510] BTRFS info (device loop0): force zlib compression, level 3 [ 160.455644][ T7510] BTRFS info (device loop0): allowing degraded mounts [ 160.462448][ T7510] BTRFS info (device loop0): using free space tree [ 160.482159][ T7510] BTRFS info (device loop0): auto enabling async discard umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/bus") = 0 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7527 ./strace-static-x86_64: Process 7527 attached [pid 7527] set_robust_list(0x555557163660, 24) = 0 [pid 7527] chdir("./145") = 0 [pid 7527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7527] setpgid(0, 0) = 0 [pid 7527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7527] write(3, "1000", 4) = 4 [pid 7527] close(3) = 0 [pid 7527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7527] memfd_create("syzkaller", 0) = 3 [pid 7527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7527] munmap(0x7f5790a82000, 16777216) = 0 [pid 7527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7527] close(3) = 0 [pid 7527] mkdir("./bus", 0777) = 0 [ 160.942869][ T7527] loop0: detected capacity change from 0 to 32768 [ 160.952884][ T7527] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7527) [ 160.969844][ T7527] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 160.978909][ T7527] BTRFS info (device loop0): doing ref verification [pid 7527] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7527] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7527] chdir("./bus") = 0 [pid 7527] ioctl(4, LOOP_CLR_FD) = 0 [pid 7527] close(4) = 0 [pid 7527] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7527] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7527] exit_group(0) = ? [pid 7527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7527, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 160.985792][ T7527] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 160.996877][ T7527] BTRFS info (device loop0): force zlib compression, level 3 [ 161.004319][ T7527] BTRFS info (device loop0): allowing degraded mounts [ 161.011417][ T7527] BTRFS info (device loop0): using free space tree [ 161.032281][ T7527] BTRFS info (device loop0): auto enabling async discard umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/bus") = 0 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7544 ./strace-static-x86_64: Process 7544 attached [pid 7544] set_robust_list(0x555557163660, 24) = 0 [pid 7544] chdir("./146") = 0 [pid 7544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7544] setpgid(0, 0) = 0 [pid 7544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7544] write(3, "1000", 4) = 4 [pid 7544] close(3) = 0 [pid 7544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7544] memfd_create("syzkaller", 0) = 3 [pid 7544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7544] munmap(0x7f5790a82000, 16777216) = 0 [pid 7544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7544] close(3) = 0 [pid 7544] mkdir("./bus", 0777) = 0 [ 161.509501][ T7544] loop0: detected capacity change from 0 to 32768 [ 161.519414][ T7544] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7544) [ 161.536313][ T7544] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 161.545095][ T7544] BTRFS info (device loop0): doing ref verification [pid 7544] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7544] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7544] chdir("./bus") = 0 [pid 7544] ioctl(4, LOOP_CLR_FD) = 0 [pid 7544] close(4) = 0 [pid 7544] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7544] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7544] exit_group(0) = ? [pid 7544] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7544, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 161.551741][ T7544] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 161.562643][ T7544] BTRFS info (device loop0): force zlib compression, level 3 [ 161.570089][ T7544] BTRFS info (device loop0): allowing degraded mounts [ 161.576918][ T7544] BTRFS info (device loop0): using free space tree [ 161.596027][ T7544] BTRFS info (device loop0): auto enabling async discard umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/bus") = 0 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7561 ./strace-static-x86_64: Process 7561 attached [pid 7561] set_robust_list(0x555557163660, 24) = 0 [pid 7561] chdir("./147") = 0 [pid 7561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7561] setpgid(0, 0) = 0 [pid 7561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7561] write(3, "1000", 4) = 4 [pid 7561] close(3) = 0 [pid 7561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7561] memfd_create("syzkaller", 0) = 3 [pid 7561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7561] munmap(0x7f5790a82000, 16777216) = 0 [pid 7561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7561] close(3) = 0 [pid 7561] mkdir("./bus", 0777) = 0 [ 162.057036][ T7561] loop0: detected capacity change from 0 to 32768 [ 162.067367][ T7561] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7561) [ 162.084280][ T7561] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 162.093226][ T7561] BTRFS info (device loop0): doing ref verification [pid 7561] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7561] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7561] chdir("./bus") = 0 [pid 7561] ioctl(4, LOOP_CLR_FD) = 0 [pid 7561] close(4) = 0 [pid 7561] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7561] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7561] exit_group(0) = ? [pid 7561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7561, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 162.100036][ T7561] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 162.111171][ T7561] BTRFS info (device loop0): force zlib compression, level 3 [ 162.118994][ T7561] BTRFS info (device loop0): allowing degraded mounts [ 162.126185][ T7561] BTRFS info (device loop0): using free space tree [ 162.146223][ T7561] BTRFS info (device loop0): auto enabling async discard umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/bus") = 0 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7578 ./strace-static-x86_64: Process 7578 attached [pid 7578] set_robust_list(0x555557163660, 24) = 0 [pid 7578] chdir("./148") = 0 [pid 7578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7578] setpgid(0, 0) = 0 [pid 7578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7578] write(3, "1000", 4) = 4 [pid 7578] close(3) = 0 [pid 7578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7578] memfd_create("syzkaller", 0) = 3 [pid 7578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7578] munmap(0x7f5790a82000, 16777216) = 0 [pid 7578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7578] close(3) = 0 [pid 7578] mkdir("./bus", 0777) = 0 [ 162.633122][ T7578] loop0: detected capacity change from 0 to 32768 [ 162.643913][ T7578] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7578) [ 162.658862][ T7578] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 162.667980][ T7578] BTRFS info (device loop0): doing ref verification [pid 7578] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7578] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7578] chdir("./bus") = 0 [pid 7578] ioctl(4, LOOP_CLR_FD) = 0 [pid 7578] close(4) = 0 [pid 7578] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7578] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7578] exit_group(0) = ? [pid 7578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7578, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 162.674664][ T7578] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 162.685558][ T7578] BTRFS info (device loop0): force zlib compression, level 3 [ 162.693006][ T7578] BTRFS info (device loop0): allowing degraded mounts [ 162.700359][ T7578] BTRFS info (device loop0): using free space tree [ 162.719562][ T7578] BTRFS info (device loop0): auto enabling async discard umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/bus") = 0 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7595 ./strace-static-x86_64: Process 7595 attached [pid 7595] set_robust_list(0x555557163660, 24) = 0 [pid 7595] chdir("./149") = 0 [pid 7595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7595] setpgid(0, 0) = 0 [pid 7595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7595] write(3, "1000", 4) = 4 [pid 7595] close(3) = 0 [pid 7595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7595] memfd_create("syzkaller", 0) = 3 [pid 7595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7595] munmap(0x7f5790a82000, 16777216) = 0 [pid 7595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7595] close(3) = 0 [pid 7595] mkdir("./bus", 0777) = 0 [ 163.205156][ T7595] loop0: detected capacity change from 0 to 32768 [ 163.215601][ T7595] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7595) [ 163.232474][ T7595] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 163.241612][ T7595] BTRFS info (device loop0): doing ref verification [pid 7595] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7595] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7595] chdir("./bus") = 0 [pid 7595] ioctl(4, LOOP_CLR_FD) = 0 [pid 7595] close(4) = 0 [pid 7595] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7595] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7595] exit_group(0) = ? [pid 7595] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7595, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 163.248647][ T7595] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 163.259779][ T7595] BTRFS info (device loop0): force zlib compression, level 3 [ 163.267417][ T7595] BTRFS info (device loop0): allowing degraded mounts [ 163.274530][ T7595] BTRFS info (device loop0): using free space tree [ 163.296935][ T7595] BTRFS info (device loop0): auto enabling async discard umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/bus") = 0 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7612 ./strace-static-x86_64: Process 7612 attached [pid 7612] set_robust_list(0x555557163660, 24) = 0 [pid 7612] chdir("./150") = 0 [pid 7612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7612] setpgid(0, 0) = 0 [pid 7612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7612] write(3, "1000", 4) = 4 [pid 7612] close(3) = 0 [pid 7612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7612] memfd_create("syzkaller", 0) = 3 [pid 7612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7612] munmap(0x7f5790a82000, 16777216) = 0 [pid 7612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7612] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7612] close(3) = 0 [pid 7612] mkdir("./bus", 0777) = 0 [ 163.779047][ T7612] loop0: detected capacity change from 0 to 32768 [ 163.789162][ T7612] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7612) [ 163.804657][ T7612] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 163.813680][ T7612] BTRFS info (device loop0): doing ref verification [pid 7612] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7612] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7612] chdir("./bus") = 0 [pid 7612] ioctl(4, LOOP_CLR_FD) = 0 [pid 7612] close(4) = 0 [pid 7612] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7612] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7612] exit_group(0) = ? [pid 7612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7612, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 163.820397][ T7612] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 163.831271][ T7612] BTRFS info (device loop0): force zlib compression, level 3 [ 163.838935][ T7612] BTRFS info (device loop0): allowing degraded mounts [ 163.845780][ T7612] BTRFS info (device loop0): using free space tree [ 163.866489][ T7612] BTRFS info (device loop0): auto enabling async discard umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/bus") = 0 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7629 ./strace-static-x86_64: Process 7629 attached [pid 7629] set_robust_list(0x555557163660, 24) = 0 [pid 7629] chdir("./151") = 0 [pid 7629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7629] setpgid(0, 0) = 0 [pid 7629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7629] write(3, "1000", 4) = 4 [pid 7629] close(3) = 0 [pid 7629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7629] memfd_create("syzkaller", 0) = 3 [pid 7629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7629] munmap(0x7f5790a82000, 16777216) = 0 [pid 7629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7629] close(3) = 0 [pid 7629] mkdir("./bus", 0777) = 0 [ 164.346624][ T7629] loop0: detected capacity change from 0 to 32768 [ 164.357460][ T7629] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7629) [ 164.372383][ T7629] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 164.381421][ T7629] BTRFS info (device loop0): doing ref verification [pid 7629] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7629] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7629] chdir("./bus") = 0 [pid 7629] ioctl(4, LOOP_CLR_FD) = 0 [pid 7629] close(4) = 0 [pid 7629] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7629] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7629] exit_group(0) = ? [pid 7629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7629, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 164.388371][ T7629] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 164.399786][ T7629] BTRFS info (device loop0): force zlib compression, level 3 [ 164.407496][ T7629] BTRFS info (device loop0): allowing degraded mounts [ 164.414605][ T7629] BTRFS info (device loop0): using free space tree [ 164.433961][ T7629] BTRFS info (device loop0): auto enabling async discard umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/bus") = 0 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7646 ./strace-static-x86_64: Process 7646 attached [pid 7646] set_robust_list(0x555557163660, 24) = 0 [pid 7646] chdir("./152") = 0 [pid 7646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7646] setpgid(0, 0) = 0 [pid 7646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7646] write(3, "1000", 4) = 4 [pid 7646] close(3) = 0 [pid 7646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7646] memfd_create("syzkaller", 0) = 3 [pid 7646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7646] munmap(0x7f5790a82000, 16777216) = 0 [pid 7646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7646] close(3) = 0 [pid 7646] mkdir("./bus", 0777) = 0 [ 164.901557][ T7646] loop0: detected capacity change from 0 to 32768 [ 164.911449][ T7646] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7646) [ 164.928351][ T7646] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 164.937230][ T7646] BTRFS info (device loop0): doing ref verification [pid 7646] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7646] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7646] chdir("./bus") = 0 [pid 7646] ioctl(4, LOOP_CLR_FD) = 0 [pid 7646] close(4) = 0 [pid 7646] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7646] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7646] exit_group(0) = ? [pid 7646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7646, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 164.943867][ T7646] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 164.954848][ T7646] BTRFS info (device loop0): force zlib compression, level 3 [ 164.962563][ T7646] BTRFS info (device loop0): allowing degraded mounts [ 164.969673][ T7646] BTRFS info (device loop0): using free space tree [ 164.989866][ T7646] BTRFS info (device loop0): auto enabling async discard umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/bus") = 0 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7663 ./strace-static-x86_64: Process 7663 attached [pid 7663] set_robust_list(0x555557163660, 24) = 0 [pid 7663] chdir("./153") = 0 [pid 7663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7663] setpgid(0, 0) = 0 [pid 7663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7663] write(3, "1000", 4) = 4 [pid 7663] close(3) = 0 [pid 7663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7663] memfd_create("syzkaller", 0) = 3 [pid 7663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7663] munmap(0x7f5790a82000, 16777216) = 0 [pid 7663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7663] close(3) = 0 [pid 7663] mkdir("./bus", 0777) = 0 [ 165.481512][ T7663] loop0: detected capacity change from 0 to 32768 [ 165.491874][ T7663] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7663) [ 165.507270][ T7663] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 165.516136][ T7663] BTRFS info (device loop0): doing ref verification [pid 7663] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7663] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7663] chdir("./bus") = 0 [pid 7663] ioctl(4, LOOP_CLR_FD) = 0 [pid 7663] close(4) = 0 [pid 7663] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7663] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7663] exit_group(0) = ? [pid 7663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7663, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 165.522767][ T7663] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 165.533925][ T7663] BTRFS info (device loop0): force zlib compression, level 3 [ 165.541710][ T7663] BTRFS info (device loop0): allowing degraded mounts [ 165.548804][ T7663] BTRFS info (device loop0): using free space tree [ 165.568473][ T7663] BTRFS info (device loop0): auto enabling async discard umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/bus") = 0 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7680 ./strace-static-x86_64: Process 7680 attached [pid 7680] set_robust_list(0x555557163660, 24) = 0 [pid 7680] chdir("./154") = 0 [pid 7680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7680] setpgid(0, 0) = 0 [pid 7680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7680] write(3, "1000", 4) = 4 [pid 7680] close(3) = 0 [pid 7680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7680] memfd_create("syzkaller", 0) = 3 [pid 7680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7680] munmap(0x7f5790a82000, 16777216) = 0 [pid 7680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7680] close(3) = 0 [pid 7680] mkdir("./bus", 0777) = 0 [ 166.039034][ T7680] loop0: detected capacity change from 0 to 32768 [ 166.048699][ T7680] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7680) [ 166.064223][ T7680] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 166.073076][ T7680] BTRFS info (device loop0): doing ref verification [pid 7680] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7680] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7680] chdir("./bus") = 0 [pid 7680] ioctl(4, LOOP_CLR_FD) = 0 [pid 7680] close(4) = 0 [pid 7680] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7680] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7680] exit_group(0) = ? [pid 7680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7680, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 166.080104][ T7680] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 166.091598][ T7680] BTRFS info (device loop0): force zlib compression, level 3 [ 166.099521][ T7680] BTRFS info (device loop0): allowing degraded mounts [ 166.106762][ T7680] BTRFS info (device loop0): using free space tree [ 166.126814][ T7680] BTRFS info (device loop0): auto enabling async discard umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/bus") = 0 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7697 ./strace-static-x86_64: Process 7697 attached [pid 7697] set_robust_list(0x555557163660, 24) = 0 [pid 7697] chdir("./155") = 0 [pid 7697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7697] setpgid(0, 0) = 0 [pid 7697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7697] write(3, "1000", 4) = 4 [pid 7697] close(3) = 0 [pid 7697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7697] memfd_create("syzkaller", 0) = 3 [pid 7697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7697] munmap(0x7f5790a82000, 16777216) = 0 [pid 7697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7697] close(3) = 0 [pid 7697] mkdir("./bus", 0777) = 0 [ 166.606142][ T7697] loop0: detected capacity change from 0 to 32768 [ 166.616781][ T7697] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7697) [ 166.632137][ T7697] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 166.641170][ T7697] BTRFS info (device loop0): doing ref verification [pid 7697] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7697] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7697] chdir("./bus") = 0 [pid 7697] ioctl(4, LOOP_CLR_FD) = 0 [pid 7697] close(4) = 0 [pid 7697] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7697] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7697] exit_group(0) = ? [pid 7697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7697, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 166.647875][ T7697] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 166.658714][ T7697] BTRFS info (device loop0): force zlib compression, level 3 [ 166.666182][ T7697] BTRFS info (device loop0): allowing degraded mounts [ 166.672991][ T7697] BTRFS info (device loop0): using free space tree [ 166.692815][ T7697] BTRFS info (device loop0): auto enabling async discard umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/bus") = 0 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7714 ./strace-static-x86_64: Process 7714 attached [pid 7714] set_robust_list(0x555557163660, 24) = 0 [pid 7714] chdir("./156") = 0 [pid 7714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7714] setpgid(0, 0) = 0 [pid 7714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7714] write(3, "1000", 4) = 4 [pid 7714] close(3) = 0 [pid 7714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7714] memfd_create("syzkaller", 0) = 3 [pid 7714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7714] munmap(0x7f5790a82000, 16777216) = 0 [pid 7714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7714] close(3) = 0 [pid 7714] mkdir("./bus", 0777) = 0 [ 167.173686][ T7714] loop0: detected capacity change from 0 to 32768 [ 167.183578][ T7714] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7714) [ 167.198712][ T7714] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 167.207500][ T7714] BTRFS info (device loop0): doing ref verification [pid 7714] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7714] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7714] chdir("./bus") = 0 [pid 7714] ioctl(4, LOOP_CLR_FD) = 0 [pid 7714] close(4) = 0 [pid 7714] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7714] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7714] exit_group(0) = ? [pid 7714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7714, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 167.214126][ T7714] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 167.224994][ T7714] BTRFS info (device loop0): force zlib compression, level 3 [ 167.232534][ T7714] BTRFS info (device loop0): allowing degraded mounts [ 167.239430][ T7714] BTRFS info (device loop0): using free space tree [ 167.259107][ T7714] BTRFS info (device loop0): auto enabling async discard umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/bus") = 0 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7731 ./strace-static-x86_64: Process 7731 attached [pid 7731] set_robust_list(0x555557163660, 24) = 0 [pid 7731] chdir("./157") = 0 [pid 7731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7731] setpgid(0, 0) = 0 [pid 7731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7731] write(3, "1000", 4) = 4 [pid 7731] close(3) = 0 [pid 7731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7731] memfd_create("syzkaller", 0) = 3 [pid 7731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7731] munmap(0x7f5790a82000, 16777216) = 0 [pid 7731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7731] close(3) = 0 [pid 7731] mkdir("./bus", 0777) = 0 [ 167.723224][ T7731] loop0: detected capacity change from 0 to 32768 [ 167.733128][ T7731] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7731) [ 167.750628][ T7731] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 167.759719][ T7731] BTRFS info (device loop0): doing ref verification [pid 7731] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7731] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7731] chdir("./bus") = 0 [pid 7731] ioctl(4, LOOP_CLR_FD) = 0 [pid 7731] close(4) = 0 [pid 7731] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7731] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7731] exit_group(0) = ? [pid 7731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7731, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 167.767023][ T7731] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 167.778370][ T7731] BTRFS info (device loop0): force zlib compression, level 3 [ 167.786250][ T7731] BTRFS info (device loop0): allowing degraded mounts [ 167.793083][ T7731] BTRFS info (device loop0): using free space tree [ 167.813419][ T7731] BTRFS info (device loop0): auto enabling async discard umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/bus") = 0 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7748 ./strace-static-x86_64: Process 7748 attached [pid 7748] set_robust_list(0x555557163660, 24) = 0 [pid 7748] chdir("./158") = 0 [pid 7748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7748] setpgid(0, 0) = 0 [pid 7748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7748] write(3, "1000", 4) = 4 [pid 7748] close(3) = 0 [pid 7748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7748] memfd_create("syzkaller", 0) = 3 [pid 7748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7748] munmap(0x7f5790a82000, 16777216) = 0 [pid 7748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7748] close(3) = 0 [pid 7748] mkdir("./bus", 0777) = 0 [ 168.288131][ T7748] loop0: detected capacity change from 0 to 32768 [ 168.298321][ T7748] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7748) [ 168.313084][ T7748] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 168.321959][ T7748] BTRFS info (device loop0): doing ref verification [pid 7748] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7748] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7748] chdir("./bus") = 0 [pid 7748] ioctl(4, LOOP_CLR_FD) = 0 [pid 7748] close(4) = 0 [pid 7748] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7748] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7748] exit_group(0) = ? [pid 7748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7748, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 168.328930][ T7748] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 168.340062][ T7748] BTRFS info (device loop0): force zlib compression, level 3 [ 168.347785][ T7748] BTRFS info (device loop0): allowing degraded mounts [ 168.355360][ T7748] BTRFS info (device loop0): using free space tree [ 168.375202][ T7748] BTRFS info (device loop0): auto enabling async discard umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/bus") = 0 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7765 ./strace-static-x86_64: Process 7765 attached [pid 7765] set_robust_list(0x555557163660, 24) = 0 [pid 7765] chdir("./159") = 0 [pid 7765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7765] setpgid(0, 0) = 0 [pid 7765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7765] write(3, "1000", 4) = 4 [pid 7765] close(3) = 0 [pid 7765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7765] memfd_create("syzkaller", 0) = 3 [pid 7765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7765] munmap(0x7f5790a82000, 16777216) = 0 [pid 7765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7765] close(3) = 0 [pid 7765] mkdir("./bus", 0777) = 0 [ 168.851272][ T7765] loop0: detected capacity change from 0 to 32768 [ 168.861055][ T7765] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7765) [ 168.878374][ T7765] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 168.887157][ T7765] BTRFS info (device loop0): doing ref verification [pid 7765] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7765] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7765] chdir("./bus") = 0 [pid 7765] ioctl(4, LOOP_CLR_FD) = 0 [pid 7765] close(4) = 0 [pid 7765] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7765] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7765] exit_group(0) = ? [pid 7765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7765, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 168.893778][ T7765] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 168.904644][ T7765] BTRFS info (device loop0): force zlib compression, level 3 [ 168.912147][ T7765] BTRFS info (device loop0): allowing degraded mounts [ 168.919063][ T7765] BTRFS info (device loop0): using free space tree [ 168.937879][ T7765] BTRFS info (device loop0): auto enabling async discard umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/bus") = 0 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7782 ./strace-static-x86_64: Process 7782 attached [pid 7782] set_robust_list(0x555557163660, 24) = 0 [pid 7782] chdir("./160") = 0 [pid 7782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7782] setpgid(0, 0) = 0 [pid 7782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7782] write(3, "1000", 4) = 4 [pid 7782] close(3) = 0 [pid 7782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7782] memfd_create("syzkaller", 0) = 3 [pid 7782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7782] munmap(0x7f5790a82000, 16777216) = 0 [pid 7782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7782] close(3) = 0 [pid 7782] mkdir("./bus", 0777) = 0 [ 169.411405][ T7782] loop0: detected capacity change from 0 to 32768 [ 169.421828][ T7782] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7782) [ 169.437559][ T7782] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 169.446369][ T7782] BTRFS info (device loop0): doing ref verification [pid 7782] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7782] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7782] chdir("./bus") = 0 [pid 7782] ioctl(4, LOOP_CLR_FD) = 0 [pid 7782] close(4) = 0 [pid 7782] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7782] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7782] exit_group(0) = ? [pid 7782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7782, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 169.452983][ T7782] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 169.463853][ T7782] BTRFS info (device loop0): force zlib compression, level 3 [ 169.471343][ T7782] BTRFS info (device loop0): allowing degraded mounts [ 169.478189][ T7782] BTRFS info (device loop0): using free space tree [ 169.496214][ T7782] BTRFS info (device loop0): auto enabling async discard umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/bus") = 0 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7799 ./strace-static-x86_64: Process 7799 attached [pid 7799] set_robust_list(0x555557163660, 24) = 0 [pid 7799] chdir("./161") = 0 [pid 7799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7799] setpgid(0, 0) = 0 [pid 7799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7799] write(3, "1000", 4) = 4 [pid 7799] close(3) = 0 [pid 7799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7799] memfd_create("syzkaller", 0) = 3 [pid 7799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7799] munmap(0x7f5790a82000, 16777216) = 0 [pid 7799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7799] close(3) = 0 [pid 7799] mkdir("./bus", 0777) = 0 [ 169.976056][ T7799] loop0: detected capacity change from 0 to 32768 [ 169.986447][ T7799] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7799) [ 170.003331][ T7799] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 170.012501][ T7799] BTRFS info (device loop0): doing ref verification [pid 7799] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7799] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7799] chdir("./bus") = 0 [pid 7799] ioctl(4, LOOP_CLR_FD) = 0 [pid 7799] close(4) = 0 [pid 7799] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7799] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7799] exit_group(0) = ? [pid 7799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7799, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 170.019247][ T7799] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 170.030430][ T7799] BTRFS info (device loop0): force zlib compression, level 3 [ 170.038139][ T7799] BTRFS info (device loop0): allowing degraded mounts [ 170.045342][ T7799] BTRFS info (device loop0): using free space tree [ 170.064317][ T7799] BTRFS info (device loop0): auto enabling async discard umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/bus") = 0 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7816 ./strace-static-x86_64: Process 7816 attached [pid 7816] set_robust_list(0x555557163660, 24) = 0 [pid 7816] chdir("./162") = 0 [pid 7816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7816] setpgid(0, 0) = 0 [pid 7816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7816] write(3, "1000", 4) = 4 [pid 7816] close(3) = 0 [pid 7816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7816] memfd_create("syzkaller", 0) = 3 [pid 7816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7816] munmap(0x7f5790a82000, 16777216) = 0 [pid 7816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7816] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7816] close(3) = 0 [pid 7816] mkdir("./bus", 0777) = 0 [ 170.555901][ T7816] loop0: detected capacity change from 0 to 32768 [ 170.566101][ T7816] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7816) [ 170.582609][ T7816] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 170.591737][ T7816] BTRFS info (device loop0): doing ref verification [pid 7816] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7816] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7816] chdir("./bus") = 0 [pid 7816] ioctl(4, LOOP_CLR_FD) = 0 [pid 7816] close(4) = 0 [pid 7816] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7816] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7816] exit_group(0) = ? [pid 7816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7816, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=26 /* 0.26 s */} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 170.598784][ T7816] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 170.609992][ T7816] BTRFS info (device loop0): force zlib compression, level 3 [ 170.617611][ T7816] BTRFS info (device loop0): allowing degraded mounts [ 170.624420][ T7816] BTRFS info (device loop0): using free space tree [ 170.644976][ T7816] BTRFS info (device loop0): auto enabling async discard umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/bus") = 0 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7833 ./strace-static-x86_64: Process 7833 attached [pid 7833] set_robust_list(0x555557163660, 24) = 0 [pid 7833] chdir("./163") = 0 [pid 7833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7833] setpgid(0, 0) = 0 [pid 7833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7833] write(3, "1000", 4) = 4 [pid 7833] close(3) = 0 [pid 7833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7833] memfd_create("syzkaller", 0) = 3 [pid 7833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7833] munmap(0x7f5790a82000, 16777216) = 0 [pid 7833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7833] close(3) = 0 [pid 7833] mkdir("./bus", 0777) = 0 [ 171.104181][ T7833] loop0: detected capacity change from 0 to 32768 [ 171.114199][ T7833] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7833) [ 171.131228][ T7833] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 171.140368][ T7833] BTRFS info (device loop0): doing ref verification [pid 7833] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7833] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7833] chdir("./bus") = 0 [pid 7833] ioctl(4, LOOP_CLR_FD) = 0 [pid 7833] close(4) = 0 [pid 7833] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7833] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7833] exit_group(0) = ? [pid 7833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7833, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 171.147481][ T7833] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 171.158685][ T7833] BTRFS info (device loop0): force zlib compression, level 3 [ 171.166596][ T7833] BTRFS info (device loop0): allowing degraded mounts [ 171.173397][ T7833] BTRFS info (device loop0): using free space tree [ 171.193341][ T7833] BTRFS info (device loop0): auto enabling async discard umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/bus") = 0 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7850 ./strace-static-x86_64: Process 7850 attached [pid 7850] set_robust_list(0x555557163660, 24) = 0 [pid 7850] chdir("./164") = 0 [pid 7850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7850] setpgid(0, 0) = 0 [pid 7850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7850] write(3, "1000", 4) = 4 [pid 7850] close(3) = 0 [pid 7850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7850] memfd_create("syzkaller", 0) = 3 [pid 7850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7850] munmap(0x7f5790a82000, 16777216) = 0 [pid 7850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7850] close(3) = 0 [pid 7850] mkdir("./bus", 0777) = 0 [ 171.656542][ T7850] loop0: detected capacity change from 0 to 32768 [ 171.666951][ T7850] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7850) [ 171.683714][ T7850] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 171.692677][ T7850] BTRFS info (device loop0): doing ref verification [pid 7850] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7850] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7850] chdir("./bus") = 0 [pid 7850] ioctl(4, LOOP_CLR_FD) = 0 [pid 7850] close(4) = 0 [pid 7850] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7850] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7850] exit_group(0) = ? [pid 7850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7850, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 171.699549][ T7850] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 171.710472][ T7850] BTRFS info (device loop0): force zlib compression, level 3 [ 171.718230][ T7850] BTRFS info (device loop0): allowing degraded mounts [ 171.725518][ T7850] BTRFS info (device loop0): using free space tree [ 171.744710][ T7850] BTRFS info (device loop0): auto enabling async discard umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/bus") = 0 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7867 ./strace-static-x86_64: Process 7867 attached [pid 7867] set_robust_list(0x555557163660, 24) = 0 [pid 7867] chdir("./165") = 0 [pid 7867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7867] setpgid(0, 0) = 0 [pid 7867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7867] write(3, "1000", 4) = 4 [pid 7867] close(3) = 0 [pid 7867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7867] memfd_create("syzkaller", 0) = 3 [pid 7867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7867] munmap(0x7f5790a82000, 16777216) = 0 [pid 7867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7867] close(3) = 0 [pid 7867] mkdir("./bus", 0777) = 0 [ 172.214286][ T7867] loop0: detected capacity change from 0 to 32768 [ 172.224558][ T7867] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7867) [ 172.241962][ T7867] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 172.251045][ T7867] BTRFS info (device loop0): doing ref verification [pid 7867] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7867] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7867] chdir("./bus") = 0 [pid 7867] ioctl(4, LOOP_CLR_FD) = 0 [pid 7867] close(4) = 0 [pid 7867] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7867] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7867] exit_group(0) = ? [pid 7867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7867, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 172.257809][ T7867] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 172.268910][ T7867] BTRFS info (device loop0): force zlib compression, level 3 [ 172.276432][ T7867] BTRFS info (device loop0): allowing degraded mounts [ 172.283249][ T7867] BTRFS info (device loop0): using free space tree [ 172.302222][ T7867] BTRFS info (device loop0): auto enabling async discard umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/bus") = 0 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7884 ./strace-static-x86_64: Process 7884 attached [pid 7884] set_robust_list(0x555557163660, 24) = 0 [pid 7884] chdir("./166") = 0 [pid 7884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7884] setpgid(0, 0) = 0 [pid 7884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7884] write(3, "1000", 4) = 4 [pid 7884] close(3) = 0 [pid 7884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7884] memfd_create("syzkaller", 0) = 3 [pid 7884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7884] munmap(0x7f5790a82000, 16777216) = 0 [pid 7884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7884] close(3) = 0 [pid 7884] mkdir("./bus", 0777) = 0 [ 172.782633][ T7884] loop0: detected capacity change from 0 to 32768 [ 172.793066][ T7884] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7884) [ 172.809984][ T7884] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 172.818859][ T7884] BTRFS info (device loop0): doing ref verification [pid 7884] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7884] chdir("./bus") = 0 [pid 7884] ioctl(4, LOOP_CLR_FD) = 0 [pid 7884] close(4) = 0 [pid 7884] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7884] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7884] exit_group(0) = ? [pid 7884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7884, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 172.825828][ T7884] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 172.836905][ T7884] BTRFS info (device loop0): force zlib compression, level 3 [ 172.844383][ T7884] BTRFS info (device loop0): allowing degraded mounts [ 172.851292][ T7884] BTRFS info (device loop0): using free space tree [ 172.870237][ T7884] BTRFS info (device loop0): auto enabling async discard umount2("./166/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/bus") = 0 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7901 ./strace-static-x86_64: Process 7901 attached [pid 7901] set_robust_list(0x555557163660, 24) = 0 [pid 7901] chdir("./167") = 0 [pid 7901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7901] setpgid(0, 0) = 0 [pid 7901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7901] write(3, "1000", 4) = 4 [pid 7901] close(3) = 0 [pid 7901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7901] memfd_create("syzkaller", 0) = 3 [pid 7901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7901] munmap(0x7f5790a82000, 16777216) = 0 [pid 7901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7901] close(3) = 0 [pid 7901] mkdir("./bus", 0777) = 0 [ 173.390147][ T7901] loop0: detected capacity change from 0 to 32768 [ 173.399960][ T7901] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7901) [ 173.416007][ T7901] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 173.424889][ T7901] BTRFS info (device loop0): doing ref verification [pid 7901] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7901] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7901] chdir("./bus") = 0 [pid 7901] ioctl(4, LOOP_CLR_FD) = 0 [pid 7901] close(4) = 0 [pid 7901] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7901] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7901] exit_group(0) = ? [pid 7901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7901, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 173.431518][ T7901] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 173.442377][ T7901] BTRFS info (device loop0): force zlib compression, level 3 [ 173.449813][ T7901] BTRFS info (device loop0): allowing degraded mounts [ 173.456640][ T7901] BTRFS info (device loop0): using free space tree [ 173.477485][ T7901] BTRFS info (device loop0): auto enabling async discard umount2("./167/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/bus") = 0 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7918 ./strace-static-x86_64: Process 7918 attached [pid 7918] set_robust_list(0x555557163660, 24) = 0 [pid 7918] chdir("./168") = 0 [pid 7918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7918] setpgid(0, 0) = 0 [pid 7918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7918] write(3, "1000", 4) = 4 [pid 7918] close(3) = 0 [pid 7918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7918] memfd_create("syzkaller", 0) = 3 [pid 7918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7918] munmap(0x7f5790a82000, 16777216) = 0 [pid 7918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7918] close(3) = 0 [pid 7918] mkdir("./bus", 0777) = 0 [ 173.956039][ T7918] loop0: detected capacity change from 0 to 32768 [ 173.965593][ T7918] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7918) [ 173.982119][ T7918] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 173.990951][ T7918] BTRFS info (device loop0): doing ref verification [pid 7918] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7918] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7918] chdir("./bus") = 0 [pid 7918] ioctl(4, LOOP_CLR_FD) = 0 [pid 7918] close(4) = 0 [pid 7918] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7918] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7918] exit_group(0) = ? [pid 7918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7918, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 173.997662][ T7918] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 174.008476][ T7918] BTRFS info (device loop0): force zlib compression, level 3 [ 174.015988][ T7918] BTRFS info (device loop0): allowing degraded mounts [ 174.022794][ T7918] BTRFS info (device loop0): using free space tree [ 174.042447][ T7918] BTRFS info (device loop0): auto enabling async discard umount2("./168/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/bus") = 0 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7935 ./strace-static-x86_64: Process 7935 attached [pid 7935] set_robust_list(0x555557163660, 24) = 0 [pid 7935] chdir("./169") = 0 [pid 7935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7935] setpgid(0, 0) = 0 [pid 7935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7935] write(3, "1000", 4) = 4 [pid 7935] close(3) = 0 [pid 7935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7935] memfd_create("syzkaller", 0) = 3 [pid 7935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7935] munmap(0x7f5790a82000, 16777216) = 0 [pid 7935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7935] close(3) = 0 [pid 7935] mkdir("./bus", 0777) = 0 [ 174.521157][ T7935] loop0: detected capacity change from 0 to 32768 [ 174.530930][ T7935] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7935) [ 174.546964][ T7935] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 174.556131][ T7935] BTRFS info (device loop0): doing ref verification [pid 7935] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7935] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7935] chdir("./bus") = 0 [pid 7935] ioctl(4, LOOP_CLR_FD) = 0 [pid 7935] close(4) = 0 [pid 7935] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7935] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7935] exit_group(0) = ? [pid 7935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7935, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 174.563049][ T7935] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 174.574358][ T7935] BTRFS info (device loop0): force zlib compression, level 3 [ 174.582089][ T7935] BTRFS info (device loop0): allowing degraded mounts [ 174.589189][ T7935] BTRFS info (device loop0): using free space tree [ 174.609726][ T7935] BTRFS info (device loop0): auto enabling async discard umount2("./169/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/bus") = 0 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7952 ./strace-static-x86_64: Process 7952 attached [pid 7952] set_robust_list(0x555557163660, 24) = 0 [pid 7952] chdir("./170") = 0 [pid 7952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7952] setpgid(0, 0) = 0 [pid 7952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7952] write(3, "1000", 4) = 4 [pid 7952] close(3) = 0 [pid 7952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7952] memfd_create("syzkaller", 0) = 3 [pid 7952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7952] munmap(0x7f5790a82000, 16777216) = 0 [pid 7952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7952] close(3) = 0 [pid 7952] mkdir("./bus", 0777) = 0 [ 175.086712][ T7952] loop0: detected capacity change from 0 to 32768 [ 175.097219][ T7952] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7952) [ 175.112489][ T7952] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 175.121841][ T7952] BTRFS info (device loop0): doing ref verification [pid 7952] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7952] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7952] chdir("./bus") = 0 [pid 7952] ioctl(4, LOOP_CLR_FD) = 0 [pid 7952] close(4) = 0 [pid 7952] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7952] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7952] exit_group(0) = ? [pid 7952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7952, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 175.128600][ T7952] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 175.139782][ T7952] BTRFS info (device loop0): force zlib compression, level 3 [ 175.147453][ T7952] BTRFS info (device loop0): allowing degraded mounts [ 175.154355][ T7952] BTRFS info (device loop0): using free space tree [ 175.173959][ T7952] BTRFS info (device loop0): auto enabling async discard umount2("./170/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/bus") = 0 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7969 ./strace-static-x86_64: Process 7969 attached [pid 7969] set_robust_list(0x555557163660, 24) = 0 [pid 7969] chdir("./171") = 0 [pid 7969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7969] setpgid(0, 0) = 0 [pid 7969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7969] write(3, "1000", 4) = 4 [pid 7969] close(3) = 0 [pid 7969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7969] memfd_create("syzkaller", 0) = 3 [pid 7969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7969] munmap(0x7f5790a82000, 16777216) = 0 [pid 7969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7969] close(3) = 0 [pid 7969] mkdir("./bus", 0777) = 0 [ 175.655210][ T7969] loop0: detected capacity change from 0 to 32768 [ 175.665382][ T7969] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7969) [ 175.680913][ T7969] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 175.689728][ T7969] BTRFS info (device loop0): doing ref verification [pid 7969] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7969] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7969] chdir("./bus") = 0 [pid 7969] ioctl(4, LOOP_CLR_FD) = 0 [pid 7969] close(4) = 0 [pid 7969] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7969] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7969] exit_group(0) = ? [pid 7969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7969, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 175.696432][ T7969] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 175.707313][ T7969] BTRFS info (device loop0): force zlib compression, level 3 [ 175.714723][ T7969] BTRFS info (device loop0): allowing degraded mounts [ 175.721570][ T7969] BTRFS info (device loop0): using free space tree [ 175.741270][ T7969] BTRFS info (device loop0): auto enabling async discard umount2("./171/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/bus") = 0 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 7986 ./strace-static-x86_64: Process 7986 attached [pid 7986] set_robust_list(0x555557163660, 24) = 0 [pid 7986] chdir("./172") = 0 [pid 7986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7986] setpgid(0, 0) = 0 [pid 7986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7986] write(3, "1000", 4) = 4 [pid 7986] close(3) = 0 [pid 7986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7986] memfd_create("syzkaller", 0) = 3 [pid 7986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 7986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7986] munmap(0x7f5790a82000, 16777216) = 0 [pid 7986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7986] close(3) = 0 [pid 7986] mkdir("./bus", 0777) = 0 [ 176.205467][ T7986] loop0: detected capacity change from 0 to 32768 [ 176.216108][ T7986] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (7986) [ 176.231157][ T7986] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 176.240276][ T7986] BTRFS info (device loop0): doing ref verification [pid 7986] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7986] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7986] chdir("./bus") = 0 [pid 7986] ioctl(4, LOOP_CLR_FD) = 0 [pid 7986] close(4) = 0 [pid 7986] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7986] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7986] exit_group(0) = ? [pid 7986] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7986, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 176.247012][ T7986] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 176.257886][ T7986] BTRFS info (device loop0): force zlib compression, level 3 [ 176.265452][ T7986] BTRFS info (device loop0): allowing degraded mounts [ 176.272260][ T7986] BTRFS info (device loop0): using free space tree [ 176.291997][ T7986] BTRFS info (device loop0): auto enabling async discard umount2("./172/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/bus") = 0 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8003 ./strace-static-x86_64: Process 8003 attached [pid 8003] set_robust_list(0x555557163660, 24) = 0 [pid 8003] chdir("./173") = 0 [pid 8003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8003] setpgid(0, 0) = 0 [pid 8003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8003] write(3, "1000", 4) = 4 [pid 8003] close(3) = 0 [pid 8003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8003] memfd_create("syzkaller", 0) = 3 [pid 8003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8003] munmap(0x7f5790a82000, 16777216) = 0 [pid 8003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8003] close(3) = 0 [pid 8003] mkdir("./bus", 0777) = 0 [ 176.763325][ T8003] loop0: detected capacity change from 0 to 32768 [ 176.773947][ T8003] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8003) [ 176.789096][ T8003] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 176.797959][ T8003] BTRFS info (device loop0): doing ref verification [pid 8003] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8003] chdir("./bus") = 0 [pid 8003] ioctl(4, LOOP_CLR_FD) = 0 [pid 8003] close(4) = 0 [pid 8003] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8003] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8003] exit_group(0) = ? [pid 8003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8003, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 176.804610][ T8003] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 176.815477][ T8003] BTRFS info (device loop0): force zlib compression, level 3 [ 176.822913][ T8003] BTRFS info (device loop0): allowing degraded mounts [ 176.829872][ T8003] BTRFS info (device loop0): using free space tree [ 176.848944][ T8003] BTRFS info (device loop0): auto enabling async discard umount2("./173/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/bus") = 0 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8020 ./strace-static-x86_64: Process 8020 attached [pid 8020] set_robust_list(0x555557163660, 24) = 0 [pid 8020] chdir("./174") = 0 [pid 8020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8020] setpgid(0, 0) = 0 [pid 8020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8020] write(3, "1000", 4) = 4 [pid 8020] close(3) = 0 [pid 8020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8020] memfd_create("syzkaller", 0) = 3 [pid 8020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8020] munmap(0x7f5790a82000, 16777216) = 0 [pid 8020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8020] close(3) = 0 [pid 8020] mkdir("./bus", 0777) = 0 [ 177.326486][ T8020] loop0: detected capacity change from 0 to 32768 [ 177.336915][ T8020] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8020) [ 177.353799][ T8020] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 177.362592][ T8020] BTRFS info (device loop0): doing ref verification [pid 8020] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8020] chdir("./bus") = 0 [pid 8020] ioctl(4, LOOP_CLR_FD) = 0 [pid 8020] close(4) = 0 [pid 8020] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8020] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8020] exit_group(0) = ? [pid 8020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8020, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 177.369507][ T8020] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 177.380395][ T8020] BTRFS info (device loop0): force zlib compression, level 3 [ 177.387839][ T8020] BTRFS info (device loop0): allowing degraded mounts [ 177.394615][ T8020] BTRFS info (device loop0): using free space tree [ 177.414344][ T8020] BTRFS info (device loop0): auto enabling async discard umount2("./174/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/bus") = 0 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8037 ./strace-static-x86_64: Process 8037 attached [pid 8037] set_robust_list(0x555557163660, 24) = 0 [pid 8037] chdir("./175") = 0 [pid 8037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8037] setpgid(0, 0) = 0 [pid 8037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8037] write(3, "1000", 4) = 4 [pid 8037] close(3) = 0 [pid 8037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8037] memfd_create("syzkaller", 0) = 3 [pid 8037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8037] munmap(0x7f5790a82000, 16777216) = 0 [pid 8037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8037] close(3) = 0 [pid 8037] mkdir("./bus", 0777) = 0 [ 177.892353][ T8037] loop0: detected capacity change from 0 to 32768 [ 177.902315][ T8037] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8037) [ 177.919914][ T8037] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 177.928985][ T8037] BTRFS info (device loop0): doing ref verification [pid 8037] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8037] chdir("./bus") = 0 [pid 8037] ioctl(4, LOOP_CLR_FD) = 0 [pid 8037] close(4) = 0 [pid 8037] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8037] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8037] exit_group(0) = ? [pid 8037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8037, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 177.935891][ T8037] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 177.946968][ T8037] BTRFS info (device loop0): force zlib compression, level 3 [ 177.954371][ T8037] BTRFS info (device loop0): allowing degraded mounts [ 177.961536][ T8037] BTRFS info (device loop0): using free space tree [ 177.980489][ T8037] BTRFS info (device loop0): auto enabling async discard umount2("./175/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/bus") = 0 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8054 ./strace-static-x86_64: Process 8054 attached [pid 8054] set_robust_list(0x555557163660, 24) = 0 [pid 8054] chdir("./176") = 0 [pid 8054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8054] setpgid(0, 0) = 0 [pid 8054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8054] write(3, "1000", 4) = 4 [pid 8054] close(3) = 0 [pid 8054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8054] memfd_create("syzkaller", 0) = 3 [pid 8054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8054] munmap(0x7f5790a82000, 16777216) = 0 [pid 8054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8054] close(3) = 0 [pid 8054] mkdir("./bus", 0777) = 0 [ 178.460357][ T8054] loop0: detected capacity change from 0 to 32768 [ 178.470907][ T8054] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8054) [ 178.487510][ T8054] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 178.496825][ T8054] BTRFS info (device loop0): doing ref verification [pid 8054] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8054] chdir("./bus") = 0 [pid 8054] ioctl(4, LOOP_CLR_FD) = 0 [pid 8054] close(4) = 0 [pid 8054] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8054] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8054] exit_group(0) = ? [pid 8054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8054, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 178.503822][ T8054] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 178.515189][ T8054] BTRFS info (device loop0): force zlib compression, level 3 [ 178.522966][ T8054] BTRFS info (device loop0): allowing degraded mounts [ 178.530272][ T8054] BTRFS info (device loop0): using free space tree [ 178.550217][ T8054] BTRFS info (device loop0): auto enabling async discard umount2("./176/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/bus") = 0 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8071 ./strace-static-x86_64: Process 8071 attached [pid 8071] set_robust_list(0x555557163660, 24) = 0 [pid 8071] chdir("./177") = 0 [pid 8071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8071] setpgid(0, 0) = 0 [pid 8071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8071] write(3, "1000", 4) = 4 [pid 8071] close(3) = 0 [pid 8071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8071] memfd_create("syzkaller", 0) = 3 [pid 8071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8071] munmap(0x7f5790a82000, 16777216) = 0 [pid 8071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8071] close(3) = 0 [pid 8071] mkdir("./bus", 0777) = 0 [ 179.020764][ T8071] loop0: detected capacity change from 0 to 32768 [ 179.031135][ T8071] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8071) [ 179.048163][ T8071] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 179.056958][ T8071] BTRFS info (device loop0): doing ref verification [pid 8071] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8071] chdir("./bus") = 0 [pid 8071] ioctl(4, LOOP_CLR_FD) = 0 [pid 8071] close(4) = 0 [pid 8071] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8071] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8071] exit_group(0) = ? [pid 8071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8071, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 179.063568][ T8071] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 179.074403][ T8071] BTRFS info (device loop0): force zlib compression, level 3 [ 179.081885][ T8071] BTRFS info (device loop0): allowing degraded mounts [ 179.088764][ T8071] BTRFS info (device loop0): using free space tree [ 179.106921][ T8071] BTRFS info (device loop0): auto enabling async discard umount2("./177/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/bus") = 0 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8088 ./strace-static-x86_64: Process 8088 attached [pid 8088] set_robust_list(0x555557163660, 24) = 0 [pid 8088] chdir("./178") = 0 [pid 8088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8088] setpgid(0, 0) = 0 [pid 8088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8088] write(3, "1000", 4) = 4 [pid 8088] close(3) = 0 [pid 8088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8088] memfd_create("syzkaller", 0) = 3 [pid 8088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8088] munmap(0x7f5790a82000, 16777216) = 0 [pid 8088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8088] close(3) = 0 [pid 8088] mkdir("./bus", 0777) = 0 [ 179.582792][ T8088] loop0: detected capacity change from 0 to 32768 [ 179.593004][ T8088] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8088) [ 179.608924][ T8088] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 179.618019][ T8088] BTRFS info (device loop0): doing ref verification [pid 8088] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8088] chdir("./bus") = 0 [pid 8088] ioctl(4, LOOP_CLR_FD) = 0 [pid 8088] close(4) = 0 [pid 8088] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8088] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8088] exit_group(0) = ? [pid 8088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8088, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 179.625076][ T8088] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 179.636215][ T8088] BTRFS info (device loop0): force zlib compression, level 3 [ 179.643919][ T8088] BTRFS info (device loop0): allowing degraded mounts [ 179.651426][ T8088] BTRFS info (device loop0): using free space tree [ 179.670873][ T8088] BTRFS info (device loop0): auto enabling async discard umount2("./178/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/bus") = 0 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8105 ./strace-static-x86_64: Process 8105 attached [pid 8105] set_robust_list(0x555557163660, 24) = 0 [pid 8105] chdir("./179") = 0 [pid 8105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8105] setpgid(0, 0) = 0 [pid 8105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8105] write(3, "1000", 4) = 4 [pid 8105] close(3) = 0 [pid 8105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8105] memfd_create("syzkaller", 0) = 3 [pid 8105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8105] munmap(0x7f5790a82000, 16777216) = 0 [pid 8105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8105] close(3) = 0 [pid 8105] mkdir("./bus", 0777) = 0 [ 180.156546][ T8105] loop0: detected capacity change from 0 to 32768 [ 180.166951][ T8105] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8105) [ 180.184006][ T8105] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 180.192822][ T8105] BTRFS info (device loop0): doing ref verification [pid 8105] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8105] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8105] chdir("./bus") = 0 [pid 8105] ioctl(4, LOOP_CLR_FD) = 0 [pid 8105] close(4) = 0 [pid 8105] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8105] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8105] exit_group(0) = ? [pid 8105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8105, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 180.199548][ T8105] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 180.210599][ T8105] BTRFS info (device loop0): force zlib compression, level 3 [ 180.218123][ T8105] BTRFS info (device loop0): allowing degraded mounts [ 180.225265][ T8105] BTRFS info (device loop0): using free space tree [ 180.246571][ T8105] BTRFS info (device loop0): auto enabling async discard umount2("./179/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/bus") = 0 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8122 ./strace-static-x86_64: Process 8122 attached [pid 8122] set_robust_list(0x555557163660, 24) = 0 [pid 8122] chdir("./180") = 0 [pid 8122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8122] setpgid(0, 0) = 0 [pid 8122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8122] write(3, "1000", 4) = 4 [pid 8122] close(3) = 0 [pid 8122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8122] memfd_create("syzkaller", 0) = 3 [pid 8122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8122] munmap(0x7f5790a82000, 16777216) = 0 [pid 8122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8122] close(3) = 0 [pid 8122] mkdir("./bus", 0777) = 0 [ 180.734192][ T8122] loop0: detected capacity change from 0 to 32768 [ 180.743875][ T8122] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8122) [ 180.760616][ T8122] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 180.769726][ T8122] BTRFS info (device loop0): doing ref verification [pid 8122] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8122] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8122] chdir("./bus") = 0 [pid 8122] ioctl(4, LOOP_CLR_FD) = 0 [pid 8122] close(4) = 0 [pid 8122] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8122] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8122] exit_group(0) = ? [pid 8122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8122, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 180.776758][ T8122] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 180.787896][ T8122] BTRFS info (device loop0): force zlib compression, level 3 [ 180.795457][ T8122] BTRFS info (device loop0): allowing degraded mounts [ 180.802285][ T8122] BTRFS info (device loop0): using free space tree [ 180.821470][ T8122] BTRFS info (device loop0): auto enabling async discard umount2("./180/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/bus") = 0 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8139 ./strace-static-x86_64: Process 8139 attached [pid 8139] set_robust_list(0x555557163660, 24) = 0 [pid 8139] chdir("./181") = 0 [pid 8139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8139] setpgid(0, 0) = 0 [pid 8139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8139] write(3, "1000", 4) = 4 [pid 8139] close(3) = 0 [pid 8139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8139] memfd_create("syzkaller", 0) = 3 [pid 8139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8139] munmap(0x7f5790a82000, 16777216) = 0 [pid 8139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8139] close(3) = 0 [pid 8139] mkdir("./bus", 0777) = 0 [ 181.295802][ T8139] loop0: detected capacity change from 0 to 32768 [ 181.306177][ T8139] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8139) [ 181.321737][ T8139] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 181.330822][ T8139] BTRFS info (device loop0): doing ref verification [pid 8139] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8139] chdir("./bus") = 0 [pid 8139] ioctl(4, LOOP_CLR_FD) = 0 [pid 8139] close(4) = 0 [pid 8139] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8139] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8139] exit_group(0) = ? [pid 8139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8139, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 181.337677][ T8139] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 181.348775][ T8139] BTRFS info (device loop0): force zlib compression, level 3 [ 181.356591][ T8139] BTRFS info (device loop0): allowing degraded mounts [ 181.363703][ T8139] BTRFS info (device loop0): using free space tree [ 181.383458][ T8139] BTRFS info (device loop0): auto enabling async discard umount2("./181/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/bus") = 0 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8156 ./strace-static-x86_64: Process 8156 attached [pid 8156] set_robust_list(0x555557163660, 24) = 0 [pid 8156] chdir("./182") = 0 [pid 8156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8156] setpgid(0, 0) = 0 [pid 8156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8156] write(3, "1000", 4) = 4 [pid 8156] close(3) = 0 [pid 8156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8156] memfd_create("syzkaller", 0) = 3 [pid 8156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8156] munmap(0x7f5790a82000, 16777216) = 0 [pid 8156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8156] close(3) = 0 [pid 8156] mkdir("./bus", 0777) = 0 [ 181.856997][ T8156] loop0: detected capacity change from 0 to 32768 [ 181.866552][ T8156] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8156) [ 181.883568][ T8156] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 181.892585][ T8156] BTRFS info (device loop0): doing ref verification [pid 8156] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8156] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8156] chdir("./bus") = 0 [pid 8156] ioctl(4, LOOP_CLR_FD) = 0 [pid 8156] close(4) = 0 [pid 8156] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8156] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8156] exit_group(0) = ? [pid 8156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8156, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 181.899324][ T8156] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 181.910516][ T8156] BTRFS info (device loop0): force zlib compression, level 3 [ 181.918196][ T8156] BTRFS info (device loop0): allowing degraded mounts [ 181.925326][ T8156] BTRFS info (device loop0): using free space tree [ 181.945207][ T8156] BTRFS info (device loop0): auto enabling async discard umount2("./182/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/bus") = 0 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8173 ./strace-static-x86_64: Process 8173 attached [pid 8173] set_robust_list(0x555557163660, 24) = 0 [pid 8173] chdir("./183") = 0 [pid 8173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8173] setpgid(0, 0) = 0 [pid 8173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8173] write(3, "1000", 4) = 4 [pid 8173] close(3) = 0 [pid 8173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8173] memfd_create("syzkaller", 0) = 3 [pid 8173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8173] munmap(0x7f5790a82000, 16777216) = 0 [pid 8173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8173] close(3) = 0 [pid 8173] mkdir("./bus", 0777) = 0 [ 182.431369][ T8173] loop0: detected capacity change from 0 to 32768 [ 182.441150][ T8173] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8173) [ 182.456140][ T8173] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 182.464916][ T8173] BTRFS info (device loop0): doing ref verification [pid 8173] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8173] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8173] chdir("./bus") = 0 [pid 8173] ioctl(4, LOOP_CLR_FD) = 0 [pid 8173] close(4) = 0 [pid 8173] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8173] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8173] exit_group(0) = ? [pid 8173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8173, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 182.471524][ T8173] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 182.482711][ T8173] BTRFS info (device loop0): force zlib compression, level 3 [ 182.490206][ T8173] BTRFS info (device loop0): allowing degraded mounts [ 182.497074][ T8173] BTRFS info (device loop0): using free space tree [ 182.516632][ T8173] BTRFS info (device loop0): auto enabling async discard umount2("./183/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/bus") = 0 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8190 ./strace-static-x86_64: Process 8190 attached [pid 8190] set_robust_list(0x555557163660, 24) = 0 [pid 8190] chdir("./184") = 0 [pid 8190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8190] setpgid(0, 0) = 0 [pid 8190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8190] write(3, "1000", 4) = 4 [pid 8190] close(3) = 0 [pid 8190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8190] memfd_create("syzkaller", 0) = 3 [pid 8190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8190] munmap(0x7f5790a82000, 16777216) = 0 [pid 8190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8190] close(3) = 0 [pid 8190] mkdir("./bus", 0777) = 0 [ 183.008309][ T8190] loop0: detected capacity change from 0 to 32768 [ 183.018032][ T8190] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8190) [ 183.033913][ T8190] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 183.043000][ T8190] BTRFS info (device loop0): doing ref verification [pid 8190] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8190] chdir("./bus") = 0 [pid 8190] ioctl(4, LOOP_CLR_FD) = 0 [pid 8190] close(4) = 0 [pid 8190] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8190] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8190] exit_group(0) = ? [pid 8190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8190, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 183.049740][ T8190] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 183.060788][ T8190] BTRFS info (device loop0): force zlib compression, level 3 [ 183.068240][ T8190] BTRFS info (device loop0): allowing degraded mounts [ 183.075130][ T8190] BTRFS info (device loop0): using free space tree [ 183.094889][ T8190] BTRFS info (device loop0): auto enabling async discard umount2("./184/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/bus") = 0 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8207 ./strace-static-x86_64: Process 8207 attached [pid 8207] set_robust_list(0x555557163660, 24) = 0 [pid 8207] chdir("./185") = 0 [pid 8207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8207] setpgid(0, 0) = 0 [pid 8207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8207] write(3, "1000", 4) = 4 [pid 8207] close(3) = 0 [pid 8207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8207] memfd_create("syzkaller", 0) = 3 [pid 8207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8207] munmap(0x7f5790a82000, 16777216) = 0 [pid 8207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8207] close(3) = 0 [pid 8207] mkdir("./bus", 0777) = 0 [ 183.570237][ T8207] loop0: detected capacity change from 0 to 32768 [ 183.580979][ T8207] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8207) [ 183.598169][ T8207] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 183.607236][ T8207] BTRFS info (device loop0): doing ref verification [pid 8207] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8207] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8207] chdir("./bus") = 0 [pid 8207] ioctl(4, LOOP_CLR_FD) = 0 [pid 8207] close(4) = 0 [pid 8207] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8207] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8207] exit_group(0) = ? [pid 8207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8207, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 183.614139][ T8207] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 183.625088][ T8207] BTRFS info (device loop0): force zlib compression, level 3 [ 183.632583][ T8207] BTRFS info (device loop0): allowing degraded mounts [ 183.639658][ T8207] BTRFS info (device loop0): using free space tree [ 183.660261][ T8207] BTRFS info (device loop0): auto enabling async discard umount2("./185/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/bus") = 0 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8224 ./strace-static-x86_64: Process 8224 attached [pid 8224] set_robust_list(0x555557163660, 24) = 0 [pid 8224] chdir("./186") = 0 [pid 8224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8224] setpgid(0, 0) = 0 [pid 8224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8224] write(3, "1000", 4) = 4 [pid 8224] close(3) = 0 [pid 8224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8224] memfd_create("syzkaller", 0) = 3 [pid 8224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8224] munmap(0x7f5790a82000, 16777216) = 0 [pid 8224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8224] close(3) = 0 [pid 8224] mkdir("./bus", 0777) = 0 [ 184.141709][ T8224] loop0: detected capacity change from 0 to 32768 [ 184.151833][ T8224] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8224) [ 184.168289][ T8224] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 184.177127][ T8224] BTRFS info (device loop0): doing ref verification [pid 8224] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8224] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8224] chdir("./bus") = 0 [pid 8224] ioctl(4, LOOP_CLR_FD) = 0 [pid 8224] close(4) = 0 [pid 8224] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8224] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8224] exit_group(0) = ? [pid 8224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8224, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 184.183758][ T8224] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 184.195202][ T8224] BTRFS info (device loop0): force zlib compression, level 3 [ 184.202648][ T8224] BTRFS info (device loop0): allowing degraded mounts [ 184.209670][ T8224] BTRFS info (device loop0): using free space tree [ 184.228807][ T8224] BTRFS info (device loop0): auto enabling async discard umount2("./186/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555716c730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/bus") = 0 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 8241 ./strace-static-x86_64: Process 8241 attached [pid 8241] set_robust_list(0x555557163660, 24) = 0 [pid 8241] chdir("./187") = 0 [pid 8241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8241] setpgid(0, 0) = 0 [pid 8241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8241] write(3, "1000", 4) = 4 [pid 8241] close(3) = 0 [pid 8241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8241] memfd_create("syzkaller", 0) = 3 [pid 8241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5790a82000 [pid 8241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8241] munmap(0x7f5790a82000, 16777216) = 0 [pid 8241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8241] close(3) = 0 [pid 8241] mkdir("./bus", 0777) = 0 [ 184.705781][ T8241] loop0: detected capacity change from 0 to 32768 [ 184.714872][ T8241] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor411 (8241) [ 184.730239][ T8241] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 184.739092][ T8241] BTRFS info (device loop0): doing ref verification [pid 8241] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8241] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8241] chdir("./bus") = 0 [pid 8241] ioctl(4, LOOP_CLR_FD) = 0 [pid 8241] close(4) = 0 [pid 8241] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8241] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8241] exit_group(0) = ? [pid 8241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8241, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 104 [ 184.745804][ T8241] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 184.756751][ T8241] BTRFS info (device loop0): force zlib compression, level 3 [ 184.764170][ T8241] BTRFS info (device loop0): allowing degraded mounts [ 184.771334][ T8241] BTRFS info (device loop0): using free space tree [ 184.791287][ T8241] BTRFS info (device loop0): auto enabling async discard [ 184.855518][ T5032] assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4360 [ 184.865913][ T5032] ------------[ cut here ]------------ [ 184.871404][ T5032] kernel BUG at fs/btrfs/disk-io.c:4360! [ 184.877656][ T5032] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 184.883768][ T5032] CPU: 0 PID: 5032 Comm: syz-executor411 Not tainted 6.5.0-rc1-next-20230714-syzkaller #0 [ 184.893693][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 184.903778][ T5032] RIP: 0010:close_ctree+0xbc7/0xdd0 [ 184.909054][ T5032] Code: fd e9 51 f7 ff ff e8 68 86 14 fe b9 08 11 00 00 48 c7 c2 a0 af b5 8a 48 c7 c6 20 e9 b5 8a 48 c7 c7 20 b0 b5 8a e8 49 d8 f7 fd <0f> 0b e8 42 86 14 fe b9 11 11 00 00 48 c7 c2 a0 af b5 8a 48 c7 c6 [ 184.928700][ T5032] RSP: 0018:ffffc90003b0fbe0 EFLAGS: 00010286 [ 184.934800][ T5032] RAX: 0000000000000051 RBX: ffff88807a0e8d48 RCX: 0000000000000000 [ 184.942791][ T5032] RDX: 0000000000000000 RSI: ffffffff816a8cc0 RDI: 0000000000000005 [ 184.950777][ T5032] RBP: ffff88807a0e8010 R08: 0000000000000005 R09: 0000000000000000 [ 184.958775][ T5032] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000 [ 184.966756][ T5032] R13: 0000000000000000 R14: ffff88807a0e8000 R15: ffff88801b4e8c40 [ 184.974789][ T5032] FS: 0000555557163380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 184.983739][ T5032] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.990339][ T5032] CR2: 000055555716c6f8 CR3: 000000007dc7c000 CR4: 00000000003506f0 [ 184.998324][ T5032] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 185.006305][ T5032] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 185.014287][ T5032] Call Trace: [ 185.017579][ T5032] [ 185.020517][ T5032] ? die+0x31/0x80 [ 185.024265][ T5032] ? do_trap+0x1ab/0x3b0 [ 185.028537][ T5032] ? close_ctree+0xbc7/0xdd0 [ 185.033158][ T5032] ? do_error_trap+0x9e/0x160 [ 185.037863][ T5032] ? close_ctree+0xbc7/0xdd0 [ 185.042487][ T5032] ? handle_invalid_op+0x2c/0x30 [ 185.047459][ T5032] ? close_ctree+0xbc7/0xdd0 [ 185.052076][ T5032] ? exc_invalid_op+0x2d/0x40 [ 185.056797][ T5032] ? asm_exc_invalid_op+0x1a/0x20 [ 185.061851][ T5032] ? vprintk+0x90/0xa0 [ 185.065949][ T5032] ? close_ctree+0xbc7/0xdd0 [ 185.070573][ T5032] ? btrfs_cleanup_transaction.isra.0+0x1200/0x1200 [ 185.077196][ T5032] ? find_rule+0x370/0x370 [ 185.081628][ T5032] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 185.087377][ T5032] ? dispose_list+0x1e0/0x1e0 [ 185.092079][ T5032] ? fscrypt_destroy_keyring+0x1e/0x390 [ 185.097738][ T5032] ? btrfs_set_super+0x70/0x70 [ 185.102539][ T5032] generic_shutdown_super+0x158/0x480 [ 185.107958][ T5032] kill_anon_super+0x3a/0x60 [ 185.112578][ T5032] btrfs_kill_super+0x3b/0x50 [ 185.117287][ T5032] deactivate_locked_super+0x9a/0x170 [ 185.122690][ T5032] deactivate_super+0xde/0x100 [ 185.127568][ T5032] cleanup_mnt+0x222/0x3d0 [ 185.132007][ T5032] task_work_run+0x14d/0x240 [ 185.136640][ T5032] ? task_work_cancel+0x30/0x30 [ 185.141527][ T5032] ptrace_notify+0x10c/0x130 [ 185.146134][ T5032] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 185.152501][ T5032] syscall_exit_to_user_mode+0xd/0x50 [ 185.157908][ T5032] do_syscall_64+0x44/0xb0 [ 185.162348][ T5032] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 185.168269][ T5032] RIP: 0033:0x7f5798ec2487 [ 185.172696][ T5032] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 185.192322][ T5032] RSP: 002b:00007ffee2184d58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 185.200749][ T5032] RAX: 0000000000000000 RBX: 000000000002d00a RCX: 00007f5798ec2487 [ 185.208738][ T5032] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffee2184e10 [ 185.216721][ T5032] RBP: 00007ffee2184e10 R08: 0000000000000000 R09: 0000000000000000 [ 185.224699][ T5032] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffee2185e80 [ 185.232698][ T5032] R13: 00005555571646c0 R14: 431bde82d7b634db R15: 00007ffee2185ea0 [ 185.240712][ T5032] [ 185.243745][ T5032] Modules linked in: [ 185.252979][ T5032] ---[ end trace 0000000000000000 ]--- [ 185.260907][ T5032] RIP: 0010:close_ctree+0xbc7/0xdd0 [ 185.266544][ T5032] Code: fd e9 51 f7 ff ff e8 68 86 14 fe b9 08 11 00 00 48 c7 c2 a0 af b5 8a 48 c7 c6 20 e9 b5 8a 48 c7 c7 20 b0 b5 8a e8 49 d8 f7 fd <0f> 0b e8 42 86 14 fe b9 11 11 00 00 48 c7 c2 a0 af b5 8a 48 c7 c6 [ 185.286430][ T5032] RSP: 0018:ffffc90003b0fbe0 EFLAGS: 00010286 [ 185.292516][ T5032] RAX: 0000000000000051 RBX: ffff88807a0e8d48 RCX: 0000000000000000 [ 185.300611][ T5032] RDX: 0000000000000000 RSI: ffffffff816a8cc0 RDI: 0000000000000005 [ 185.309373][ T5032] RBP: ffff88807a0e8010 R08: 0000000000000005 R09: 0000000000000000 [ 185.317457][ T5032] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000 [ 185.325500][ T5032] R13: 0000000000000000 R14: ffff88807a0e8000 R15: ffff88801b4e8c40 [ 185.333515][ T5032] FS: 0000555557163380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 185.342497][ T5032] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 185.349146][ T5032] CR2: 0000560b3b7778a8 CR3: 000000007dc7c000 CR4: 00000000003506f0 [ 185.357175][ T5032] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 185.365219][ T5032] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 185.373215][ T5032] Kernel panic - not syncing: Fatal exception [ 185.379635][ T5032] Kernel Offset: disabled [ 185.383984][ T5032] Rebooting in 86400 seconds..