./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1265007454 <...> DUID 00:04:23:68:77:f1:65:66:05:56:fc:6e:24:65:03:30:d5:25 forked to background, child pid 4665 [ 21.500416][ T4666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.513124][ T4666] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. execve("./syz-executor1265007454", ["./syz-executor1265007454"], 0x7ffde79dd720 /* 10 vars */) = 0 brk(NULL) = 0x555555f2e000 brk(0x555555f2ec40) = 0x555555f2ec40 arch_prctl(ARCH_SET_FS, 0x555555f2e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1265007454", 4096) = 28 brk(0x555555f4fc40) = 0x555555f4fc40 brk(0x555555f50000) = 0x555555f50000 mprotect(0x7f24e2c53000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 4997 mkdir("./syzkaller.UIXrj2", 0700) = 0 chmod("./syzkaller.UIXrj2", 0777) = 0 chdir("./syzkaller.UIXrj2") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 4998 ./strace-static-x86_64: Process 4998 attached [pid 4998] chdir("./0") = 0 [pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4998] setpgid(0, 0) = 0 [pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4998] write(3, "1000", 4) = 4 [pid 4998] close(3) = 0 [pid 4998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4998] memfd_create("syzkaller", 0) = 3 [pid 4998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 syzkaller login: [ 41.294261][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor126' [pid 4998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4998] munmap(0x7f24da792000, 16777216) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4998] close(3) = 0 [pid 4998] mkdir("./bus", 0777) = 0 [ 41.403647][ T4998] loop0: detected capacity change from 0 to 32768 [ 41.413635][ T4998] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (4998) [ 41.431018][ T4998] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 41.439921][ T4998] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 41.450731][ T4998] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 41.461532][ T4998] BTRFS warning (device loop0): excessive commit interval 622039222 [ 41.469551][ T4998] BTRFS info (device loop0): force zlib compression, level 3 [ 41.477061][ T4998] BTRFS info (device loop0): using free space tree [ 41.494425][ T4998] BTRFS info (device loop0): enabling ssd optimizations [pid 4998] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 4998] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 4998] chdir("./bus") = 0 [pid 4998] ioctl(4, LOOP_CLR_FD) = 0 [pid 4998] close(4) = 0 [pid 4998] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 4998] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 4998] exit_group(0) = ? [pid 4998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4998, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 41.501468][ T4998] BTRFS info (device loop0): auto enabling async discard umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5023 ./strace-static-x86_64: Process 5023 attached [pid 5023] chdir("./1") = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5023] setpgid(0, 0) = 0 [pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1000", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5023] memfd_create("syzkaller", 0) = 3 [pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5023] munmap(0x7f24da792000, 16777216) = 0 [pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5023] close(3) = 0 [pid 5023] mkdir("./bus", 0777) = 0 [ 41.766873][ T5023] loop0: detected capacity change from 0 to 32768 [ 41.776519][ T5023] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5023) [ 41.791784][ T5023] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 41.800659][ T5023] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 41.811773][ T5023] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 41.822597][ T5023] BTRFS warning (device loop0): excessive commit interval 622039222 [ 41.830614][ T5023] BTRFS info (device loop0): force zlib compression, level 3 [ 41.838026][ T5023] BTRFS info (device loop0): using free space tree [ 41.854020][ T5023] BTRFS info (device loop0): enabling ssd optimizations [pid 5023] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5023] chdir("./bus") = 0 [pid 5023] ioctl(4, LOOP_CLR_FD) = 0 [pid 5023] close(4) = 0 [pid 5023] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5023] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5023] exit_group(0) = ? [pid 5023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5023, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 41.861081][ T5023] BTRFS info (device loop0): auto enabling async discard umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] chdir("./2") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5042] munmap(0x7f24da792000, 16777216) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./bus", 0777) = 0 [ 42.108684][ T5042] loop0: detected capacity change from 0 to 32768 [ 42.117910][ T5042] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5042) [ 42.132098][ T5042] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 42.140879][ T5042] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5042] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./bus") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5042] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5042] exit_group(0) = ? [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 42.151684][ T5042] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 42.162526][ T5042] BTRFS warning (device loop0): excessive commit interval 622039222 [ 42.170583][ T5042] BTRFS info (device loop0): force zlib compression, level 3 [ 42.178033][ T5042] BTRFS info (device loop0): using free space tree [ 42.193448][ T5042] BTRFS info (device loop0): enabling ssd optimizations [ 42.200595][ T5042] BTRFS info (device loop0): auto enabling async discard umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] chdir("./3") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] memfd_create("syzkaller", 0) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5066] munmap(0x7f24da792000, 16777216) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./bus", 0777) = 0 [ 42.438936][ T5066] loop0: detected capacity change from 0 to 32768 [ 42.448157][ T5066] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5066) [ 42.463942][ T5066] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 42.472822][ T5066] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 42.483888][ T5066] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 42.494864][ T5066] BTRFS warning (device loop0): excessive commit interval 622039222 [ 42.502897][ T5066] BTRFS info (device loop0): force zlib compression, level 3 [ 42.510415][ T5066] BTRFS info (device loop0): using free space tree [ 42.526153][ T5066] BTRFS info (device loop0): enabling ssd optimizations [pid 5066] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./bus") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5066] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5066] exit_group(0) = ? [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 42.533143][ T5066] BTRFS info (device loop0): auto enabling async discard umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] chdir("./4") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5084] munmap(0x7f24da792000, 16777216) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./bus", 0777) = 0 [ 42.783729][ T5084] loop0: detected capacity change from 0 to 32768 [ 42.792936][ T5084] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5084) [ 42.807911][ T5084] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 42.816647][ T5084] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5084] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./bus") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5084] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5084] exit_group(0) = ? [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 42.827521][ T5084] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 42.838361][ T5084] BTRFS warning (device loop0): excessive commit interval 622039222 [ 42.846367][ T5084] BTRFS info (device loop0): force zlib compression, level 3 [ 42.853812][ T5084] BTRFS info (device loop0): using free space tree [ 42.869398][ T5084] BTRFS info (device loop0): enabling ssd optimizations [ 42.876365][ T5084] BTRFS info (device loop0): auto enabling async discard umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] chdir("./5") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5102] munmap(0x7f24da792000, 16777216) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./bus", 0777) = 0 [ 43.114078][ T5102] loop0: detected capacity change from 0 to 32768 [ 43.123512][ T5102] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5102) [ 43.138746][ T5102] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 43.147625][ T5102] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 43.158534][ T5102] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 43.169533][ T5102] BTRFS warning (device loop0): excessive commit interval 622039222 [ 43.177592][ T5102] BTRFS info (device loop0): force zlib compression, level 3 [ 43.184976][ T5102] BTRFS info (device loop0): using free space tree [ 43.201569][ T5102] BTRFS info (device loop0): enabling ssd optimizations [pid 5102] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5102] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./bus") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5102] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 43.208532][ T5102] BTRFS info (device loop0): auto enabling async discard umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5120 ./strace-static-x86_64: Process 5120 attached [pid 5120] chdir("./6") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5120] munmap(0x7f24da792000, 16777216) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./bus", 0777) = 0 [ 43.446776][ T5120] loop0: detected capacity change from 0 to 32768 [ 43.455815][ T5120] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5120) [ 43.471662][ T5120] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 43.480415][ T5120] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5120] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5120] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./bus") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5120] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5120] exit_group(0) = ? [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 43.491367][ T5120] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 43.502188][ T5120] BTRFS warning (device loop0): excessive commit interval 622039222 [ 43.510195][ T5120] BTRFS info (device loop0): force zlib compression, level 3 [ 43.517608][ T5120] BTRFS info (device loop0): using free space tree [ 43.532822][ T5120] BTRFS info (device loop0): enabling ssd optimizations [ 43.539890][ T5120] BTRFS info (device loop0): auto enabling async discard umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5138 ./strace-static-x86_64: Process 5138 attached [pid 5138] chdir("./7") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5138] munmap(0x7f24da792000, 16777216) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./bus", 0777) = 0 [ 43.774721][ T5138] loop0: detected capacity change from 0 to 32768 [ 43.784205][ T5138] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5138) [ 43.798563][ T5138] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 43.807356][ T5138] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5138] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5138] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./bus") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5138] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5138] exit_group(0) = ? [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 43.818152][ T5138] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 43.829052][ T5138] BTRFS warning (device loop0): excessive commit interval 622039222 [ 43.837067][ T5138] BTRFS info (device loop0): force zlib compression, level 3 [ 43.844426][ T5138] BTRFS info (device loop0): using free space tree [ 43.859701][ T5138] BTRFS info (device loop0): enabling ssd optimizations [ 43.866716][ T5138] BTRFS info (device loop0): auto enabling async discard umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5157 ./strace-static-x86_64: Process 5157 attached [pid 5157] chdir("./8") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5157] munmap(0x7f24da792000, 16777216) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./bus", 0777) = 0 [ 44.121033][ T5157] loop0: detected capacity change from 0 to 32768 [ 44.130031][ T5157] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5157) [ 44.144476][ T5157] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.153235][ T5157] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5157] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5157] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./bus") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5157] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5157] exit_group(0) = ? [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 44.164083][ T5157] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.174875][ T5157] BTRFS warning (device loop0): excessive commit interval 622039222 [ 44.182902][ T5157] BTRFS info (device loop0): force zlib compression, level 3 [ 44.190379][ T5157] BTRFS info (device loop0): using free space tree [ 44.205810][ T5157] BTRFS info (device loop0): enabling ssd optimizations [ 44.212888][ T5157] BTRFS info (device loop0): auto enabling async discard umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5175 ./strace-static-x86_64: Process 5175 attached [pid 5175] chdir("./9") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5175] munmap(0x7f24da792000, 16777216) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [ 44.446170][ T5175] loop0: detected capacity change from 0 to 32768 [ 44.455218][ T5175] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5175) [ 44.470227][ T5175] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.479045][ T5175] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5175] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./bus") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5175] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5175] exit_group(0) = ? [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 44.489838][ T5175] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.500640][ T5175] BTRFS warning (device loop0): excessive commit interval 622039222 [ 44.508776][ T5175] BTRFS info (device loop0): force zlib compression, level 3 [ 44.516151][ T5175] BTRFS info (device loop0): using free space tree [ 44.531609][ T5175] BTRFS info (device loop0): enabling ssd optimizations [ 44.538681][ T5175] BTRFS info (device loop0): auto enabling async discard umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] chdir("./10") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5193] munmap(0x7f24da792000, 16777216) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [ 44.780425][ T5193] loop0: detected capacity change from 0 to 32768 [ 44.789459][ T5193] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5193) [ 44.803921][ T5193] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.812646][ T5193] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.823475][ T5193] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.834304][ T5193] BTRFS warning (device loop0): excessive commit interval 622039222 [ 44.842347][ T5193] BTRFS info (device loop0): force zlib compression, level 3 [ 44.849753][ T5193] BTRFS info (device loop0): using free space tree [ 44.867378][ T5193] BTRFS info (device loop0): enabling ssd optimizations [pid 5193] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./bus") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5193] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5193] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 44.874346][ T5193] BTRFS info (device loop0): auto enabling async discard umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] chdir("./11") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5211] munmap(0x7f24da792000, 16777216) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] mkdir("./bus", 0777) = 0 [ 45.112112][ T5211] loop0: detected capacity change from 0 to 32768 [ 45.121014][ T5211] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5211) [ 45.135943][ T5211] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.144782][ T5211] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5211] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5211] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./bus") = 0 [pid 5211] ioctl(4, LOOP_CLR_FD) = 0 [pid 5211] close(4) = 0 [pid 5211] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5211] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5211] exit_group(0) = ? [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 45.155633][ T5211] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.166503][ T5211] BTRFS warning (device loop0): excessive commit interval 622039222 [ 45.174523][ T5211] BTRFS info (device loop0): force zlib compression, level 3 [ 45.181942][ T5211] BTRFS info (device loop0): using free space tree [ 45.197266][ T5211] BTRFS info (device loop0): enabling ssd optimizations [ 45.204244][ T5211] BTRFS info (device loop0): auto enabling async discard umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] chdir("./12") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] memfd_create("syzkaller", 0) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5229] munmap(0x7f24da792000, 16777216) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] mkdir("./bus", 0777) = 0 [ 45.443588][ T5229] loop0: detected capacity change from 0 to 32768 [ 45.452417][ T5229] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5229) [ 45.467005][ T5229] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.475717][ T5229] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5229] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5229] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./bus") = 0 [pid 5229] ioctl(4, LOOP_CLR_FD) = 0 [pid 5229] close(4) = 0 [pid 5229] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5229] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5229] exit_group(0) = ? [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 45.486561][ T5229] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.497384][ T5229] BTRFS warning (device loop0): excessive commit interval 622039222 [ 45.505386][ T5229] BTRFS info (device loop0): force zlib compression, level 3 [ 45.512808][ T5229] BTRFS info (device loop0): using free space tree [ 45.528498][ T5229] BTRFS info (device loop0): enabling ssd optimizations [ 45.535497][ T5229] BTRFS info (device loop0): auto enabling async discard umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5247 ./strace-static-x86_64: Process 5247 attached [pid 5247] chdir("./13") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5247] munmap(0x7f24da792000, 16777216) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] mkdir("./bus", 0777) = 0 [ 45.781837][ T5247] loop0: detected capacity change from 0 to 32768 [ 45.790590][ T5247] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5247) [ 45.806079][ T5247] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.814870][ T5247] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5247] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5247] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./bus") = 0 [pid 5247] ioctl(4, LOOP_CLR_FD) = 0 [pid 5247] close(4) = 0 [pid 5247] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5247] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5247] exit_group(0) = ? [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=18 /* 0.18 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 45.825706][ T5247] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.836629][ T5247] BTRFS warning (device loop0): excessive commit interval 622039222 [ 45.844644][ T5247] BTRFS info (device loop0): force zlib compression, level 3 [ 45.852086][ T5247] BTRFS info (device loop0): using free space tree [ 45.867370][ T5247] BTRFS info (device loop0): enabling ssd optimizations [ 45.874341][ T5247] BTRFS info (device loop0): auto enabling async discard umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5265 ./strace-static-x86_64: Process 5265 attached [pid 5265] chdir("./14") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] memfd_create("syzkaller", 0) = 3 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5265] munmap(0x7f24da792000, 16777216) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5265] close(3) = 0 [pid 5265] mkdir("./bus", 0777) = 0 [ 46.108018][ T5265] loop0: detected capacity change from 0 to 32768 [ 46.116910][ T5265] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5265) [ 46.131371][ T5265] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 46.140178][ T5265] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5265] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5265] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5265] chdir("./bus") = 0 [pid 5265] ioctl(4, LOOP_CLR_FD) = 0 [pid 5265] close(4) = 0 [pid 5265] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5265] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5265] exit_group(0) = ? [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 46.151069][ T5265] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 46.161917][ T5265] BTRFS warning (device loop0): excessive commit interval 622039222 [ 46.169945][ T5265] BTRFS info (device loop0): force zlib compression, level 3 [ 46.177377][ T5265] BTRFS info (device loop0): using free space tree [ 46.193052][ T5265] BTRFS info (device loop0): enabling ssd optimizations [ 46.200083][ T5265] BTRFS info (device loop0): auto enabling async discard umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f37660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f37660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555555f2f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2e5d0) = 5284 ./strace-static-x86_64: Process 5284 attached [pid 5284] chdir("./15") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f24da792000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5284] munmap(0x7f24da792000, 16777216) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] mkdir("./bus", 0777) = 0 [ 46.445834][ T5284] loop0: detected capacity change from 0 to 32768 [ 46.454796][ T5284] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor126 (5284) [ 46.469968][ T5284] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 46.478813][ T5284] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5284] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0 [pid 5284] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./bus") = 0 [pid 5284] ioctl(4, LOOP_CLR_FD) = 0 [pid 5284] close(4) = 0 [pid 5284] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5284] write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x75\x73\x65\x72\x5f\x73\x75\x62\x76\x6f\x6c\x5f\x72\x6d\x5f\x61\x6c\x6c\x6f\x77\x65\x64\x2c\x6e\x6f\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65"..., 65983) = 65983 [pid 5284] exit_group(0) = ? [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f2f620 /* 4 entries */, 32768) = 104 [ 46.489662][ T5284] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 46.500496][ T5284] BTRFS warning (device loop0): excessive commit interval 622039222 [ 46.508585][ T5284] BTRFS info (device loop0): force zlib compression, level 3 [ 46.515970][ T5284] BTRFS info (device loop0): using free space tree [ 46.531626][ T5284] BTRFS info (device loop0): enabling ssd optimizations [ 46.538591][ T5284] BTRFS info (device loop0): auto enabling async discard [ 46.618260][ T4997] VFS: Busy inodes after unmount of loop0 (btrfs) [ 46.618428][ T4997] ------------[ cut here ]------------ [ 46.630642][ T4997] kernel BUG at fs/super.c:502! [ 46.636748][ T4997] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 46.642819][ T4997] CPU: 0 PID: 4997 Comm: syz-executor126 Not tainted 6.4.0-rc2-syzkaller-00163-g2d1bcbc6cd70 #0 [ 46.653233][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 46.663284][ T4997] RIP: 0010:generic_shutdown_super+0x3bb/0x480 [ 46.669460][ T4997] Code: 6b 28 48 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 c4 00 00 00 48 8b 55 00 48 8d b3 a8 06 00 00 48 c7 c7 20 ca 5b 8a e8 d5 99 81 ff <0f> 0b e8 3e 7d f0 ff e9 6a fc ff ff e8 34 7d f0 ff e9 f1 fd ff ff [ 46.689068][ T4997] RSP: 0018:ffffc900039afd58 EFLAGS: 00010282 [ 46.695129][ T4997] RAX: 000000000000002f RBX: ffff888022c9c000 RCX: 0000000000000000 [ 46.703082][ T4997] RDX: 0000000000000000 RSI: ffffffff8168b8fc RDI: 0000000000000005 [ 46.711038][ T4997] RBP: ffffffff8ce8c1e0 R08: 0000000000000005 R09: 0000000000000000 [ 46.719017][ T4997] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888022c9c7d8 [ 46.726971][ T4997] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880187456c0 [ 46.734924][ T4997] FS: 0000555555f2e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 46.743837][ T4997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.750410][ T4997] CR2: 00007f89803b68e5 CR3: 0000000075cde000 CR4: 0000000000350ef0 [ 46.758372][ T4997] Call Trace: [ 46.761635][ T4997] [ 46.764550][ T4997] kill_anon_super+0x3a/0x60 [ 46.769137][ T4997] btrfs_kill_super+0x3c/0x50 [ 46.773807][ T4997] deactivate_locked_super+0x98/0x160 [ 46.779177][ T4997] deactivate_super+0xb1/0xd0 [ 46.783850][ T4997] cleanup_mnt+0x2ae/0x3d0 [ 46.788259][ T4997] task_work_run+0x16f/0x270 [ 46.792846][ T4997] ? task_work_cancel+0x30/0x30 [ 46.797686][ T4997] ? __x64_sys_umount+0x118/0x190 [ 46.802699][ T4997] ptrace_notify+0x118/0x140 [ 46.807284][ T4997] syscall_exit_to_user_mode_prepare+0x129/0x220 [ 46.813699][ T4997] syscall_exit_to_user_mode+0xd/0x50 [ 46.819074][ T4997] do_syscall_64+0x46/0xb0 [ 46.823489][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.829383][ T4997] RIP: 0033:0x7f24e2be0d27 [ 46.833788][ T4997] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 46.853389][ T4997] RSP: 002b:00007ffc4968b128 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 46.861788][ T4997] RAX: 0000000000000000 RBX: 000000000000b4bb RCX: 00007f24e2be0d27 [ 46.869742][ T4997] RDX: 00007ffc4968b1e8 RSI: 000000000000000a RDI: 00007ffc4968b1e0 [ 46.877696][ T4997] RBP: 00007ffc4968b1e0 R08: 00000000ffffffff R09: 00007ffc4968afc0 [ 46.885651][ T4997] R10: 0000555555f2f633 R11: 0000000000000206 R12: 00007ffc4968c250 [ 46.893616][ T4997] R13: 0000555555f2f5f0 R14: 00007ffc4968b150 R15: 0000000000000010 [ 46.901581][ T4997] [ 46.904585][ T4997] Modules linked in: [ 46.908873][ T4997] ---[ end trace 0000000000000000 ]--- [ 46.914353][ T4997] RIP: 0010:generic_shutdown_super+0x3bb/0x480 [ 46.920544][ T4997] Code: 6b 28 48 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 c4 00 00 00 48 8b 55 00 48 8d b3 a8 06 00 00 48 c7 c7 20 ca 5b 8a e8 d5 99 81 ff <0f> 0b e8 3e 7d f0 ff e9 6a fc ff ff e8 34 7d f0 ff e9 f1 fd ff ff [ 46.940200][ T4997] RSP: 0018:ffffc900039afd58 EFLAGS: 00010282 [ 46.946270][ T4997] RAX: 000000000000002f RBX: ffff888022c9c000 RCX: 0000000000000000 [ 46.954256][ T4997] RDX: 0000000000000000 RSI: ffffffff8168b8fc RDI: 0000000000000005 [ 46.962252][ T4997] RBP: ffffffff8ce8c1e0 R08: 0000000000000005 R09: 0000000000000000 [ 46.970241][ T4997] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888022c9c7d8 [ 46.978232][ T4997] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880187456c0 [ 46.986185][ T4997] FS: 0000555555f2e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 46.995195][ T4997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.001817][ T4997] CR2: 00007f89803b68e5 CR3: 0000000075cde000 CR4: 0000000000350ef0 [ 47.009943][ T4997] Kernel panic - not syncing: Fatal exception [ 47.016741][ T4997] Kernel Offset: disabled [ 47.021052][ T4997] Rebooting in 86400 seconds..