./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2674803729 <...> forked to background, child pid 4645 [ 30.834357][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.844579][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 31.215868][ T4735] sshd (4735) used greatest stack depth: 19408 bytes left OK syzkaller Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. execve("./syz-executor2674803729", ["./syz-executor2674803729"], 0x7ffcf5c0c6b0 /* 10 vars */) = 0 brk(NULL) = 0x5555563e7000 brk(0x5555563e7c40) = 0x5555563e7c40 arch_prctl(ARCH_SET_FS, 0x5555563e7300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2674803729", 4096) = 28 brk(0x555556408c40) = 0x555556408c40 brk(0x555556409000) = 0x555556409000 mprotect(0x7f1b60537000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5073 mkdir("./syzkaller.nYpqUL", 0700) = 0 chmod("./syzkaller.nYpqUL", 0777) = 0 chdir("./syzkaller.nYpqUL") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] chdir("./0") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 syzkaller login: [ 53.719300][ T5074] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5074 'syz-executor267' [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5074] munmap(0x7f1b58076000, 16777216) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./bus", 0777) = 0 [ 53.891878][ T5074] loop0: detected capacity change from 0 to 32768 [ 53.905760][ T5074] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5074) [ 53.926923][ T5074] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.936888][ T5074] BTRFS info (device loop0): doing ref verification [ 53.944191][ T5074] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 53.956037][ T5074] BTRFS info (device loop0): force zlib compression, level 3 [ 53.963944][ T5074] BTRFS info (device loop0): allowing degraded mounts [ 53.971076][ T5074] BTRFS info (device loop0): using free space tree [pid 5074] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./bus") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5074] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5074] exit_group(0) = ? [ 53.995083][ T5074] BTRFS info (device loop0): auto enabling async discard [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x5555563e75d0) = 5104 [pid 5104] chdir("./1") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5104] munmap(0x7f1b58076000, 16777216) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] mkdir("./bus", 0777) = 0 [ 54.393216][ T5104] loop0: detected capacity change from 0 to 32768 [ 54.413738][ T5104] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5104) [ 54.432810][ T5104] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.441644][ T5104] BTRFS info (device loop0): doing ref verification [ 54.448297][ T5104] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 54.459770][ T5104] BTRFS info (device loop0): force zlib compression, level 3 [ 54.467263][ T5104] BTRFS info (device loop0): allowing degraded mounts [ 54.474223][ T5104] BTRFS info (device loop0): using free space tree [pid 5104] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./bus") = 0 [pid 5104] ioctl(4, LOOP_CLR_FD) = 0 [pid 5104] close(4) = 0 [pid 5104] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5104] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 54.492888][ T5104] BTRFS info (device loop0): auto enabling async discard umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached , child_tidptr=0x5555563e75d0) = 5122 [pid 5122] chdir("./2") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5122] munmap(0x7f1b58076000, 16777216) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./bus", 0777) = 0 [ 54.845707][ T5122] loop0: detected capacity change from 0 to 32768 [ 54.856600][ T5122] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5122) [ 54.873561][ T5122] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.882511][ T5122] BTRFS info (device loop0): doing ref verification [pid 5122] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5122] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./bus") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5122] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5122] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 54.889155][ T5122] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 54.900308][ T5122] BTRFS info (device loop0): force zlib compression, level 3 [ 54.907699][ T5122] BTRFS info (device loop0): allowing degraded mounts [ 54.914951][ T5122] BTRFS info (device loop0): using free space tree [ 54.933263][ T5122] BTRFS info (device loop0): auto enabling async discard fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] chdir("./3") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5140] munmap(0x7f1b58076000, 16777216) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] mkdir("./bus", 0777) = 0 [ 55.272283][ T5140] loop0: detected capacity change from 0 to 32768 [ 55.282714][ T5140] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5140) [ 55.299851][ T5140] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.308873][ T5140] BTRFS info (device loop0): doing ref verification [pid 5140] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5140] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./bus") = 0 [pid 5140] ioctl(4, LOOP_CLR_FD) = 0 [pid 5140] close(4) = 0 [pid 5140] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5140] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5140] exit_group(0) = ? [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.315739][ T5140] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.327535][ T5140] BTRFS info (device loop0): force zlib compression, level 3 [ 55.335298][ T5140] BTRFS info (device loop0): allowing degraded mounts [ 55.342294][ T5140] BTRFS info (device loop0): using free space tree [ 55.363151][ T5140] BTRFS info (device loop0): auto enabling async discard lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] chdir("./4") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] memfd_create("syzkaller", 0) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5158] munmap(0x7f1b58076000, 16777216) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] mkdir("./bus", 0777) = 0 [ 55.700017][ T5158] loop0: detected capacity change from 0 to 32768 [ 55.710070][ T5158] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5158) [ 55.727648][ T5158] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.736667][ T5158] BTRFS info (device loop0): doing ref verification [pid 5158] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5158] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./bus") = 0 [pid 5158] ioctl(4, LOOP_CLR_FD) = 0 [pid 5158] close(4) = 0 [pid 5158] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5158] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5158] exit_group(0) = ? [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 55.743333][ T5158] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 55.754167][ T5158] BTRFS info (device loop0): force zlib compression, level 3 [ 55.761655][ T5158] BTRFS info (device loop0): allowing degraded mounts [ 55.768441][ T5158] BTRFS info (device loop0): using free space tree [ 55.785563][ T5158] BTRFS info (device loop0): auto enabling async discard fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5176 ./strace-static-x86_64: Process 5176 attached [pid 5176] chdir("./5") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5176] munmap(0x7f1b58076000, 16777216) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] mkdir("./bus", 0777) = 0 [ 56.134498][ T5176] loop0: detected capacity change from 0 to 32768 [ 56.143650][ T5176] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5176) [ 56.160465][ T5176] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.169253][ T5176] BTRFS info (device loop0): doing ref verification [pid 5176] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5176] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./bus") = 0 [pid 5176] ioctl(4, LOOP_CLR_FD) = 0 [pid 5176] close(4) = 0 [pid 5176] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5176] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5176] exit_group(0) = ? [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 56.176161][ T5176] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 56.187015][ T5176] BTRFS info (device loop0): force zlib compression, level 3 [ 56.194751][ T5176] BTRFS info (device loop0): allowing degraded mounts [ 56.201906][ T5176] BTRFS info (device loop0): using free space tree [ 56.220708][ T5176] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5194 ./strace-static-x86_64: Process 5194 attached [pid 5194] chdir("./6") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] memfd_create("syzkaller", 0) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5194] munmap(0x7f1b58076000, 16777216) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] mkdir("./bus", 0777) = 0 [ 56.565594][ T5194] loop0: detected capacity change from 0 to 32768 [ 56.575764][ T5194] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5194) [ 56.592535][ T5194] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.601560][ T5194] BTRFS info (device loop0): doing ref verification [pid 5194] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5194] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] chdir("./bus") = 0 [pid 5194] ioctl(4, LOOP_CLR_FD) = 0 [pid 5194] close(4) = 0 [pid 5194] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5194] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5194] exit_group(0) = ? [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 56.608501][ T5194] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 56.619892][ T5194] BTRFS info (device loop0): force zlib compression, level 3 [ 56.627421][ T5194] BTRFS info (device loop0): allowing degraded mounts [ 56.634384][ T5194] BTRFS info (device loop0): using free space tree [ 56.651857][ T5194] BTRFS info (device loop0): auto enabling async discard umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] chdir("./7") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5212] munmap(0x7f1b58076000, 16777216) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./bus", 0777) = 0 [ 56.987356][ T5212] loop0: detected capacity change from 0 to 32768 [ 56.996537][ T5212] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5212) [ 57.013186][ T5212] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.022179][ T5212] BTRFS info (device loop0): doing ref verification [pid 5212] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5212] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./bus") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5212] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5212] exit_group(0) = ? [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 57.028873][ T5212] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.039915][ T5212] BTRFS info (device loop0): force zlib compression, level 3 [ 57.047337][ T5212] BTRFS info (device loop0): allowing degraded mounts [ 57.054326][ T5212] BTRFS info (device loop0): using free space tree [ 57.072691][ T5212] BTRFS info (device loop0): auto enabling async discard fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] chdir("./8") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5230] munmap(0x7f1b58076000, 16777216) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./bus", 0777) = 0 [ 57.421878][ T5230] loop0: detected capacity change from 0 to 32768 [ 57.432420][ T5230] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5230) [ 57.449524][ T5230] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.458684][ T5230] BTRFS info (device loop0): doing ref verification [pid 5230] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5230] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./bus") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5230] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5230] exit_group(0) = ? [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 57.465642][ T5230] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.476506][ T5230] BTRFS info (device loop0): force zlib compression, level 3 [ 57.484162][ T5230] BTRFS info (device loop0): allowing degraded mounts [ 57.491313][ T5230] BTRFS info (device loop0): using free space tree [ 57.507977][ T5230] BTRFS info (device loop0): auto enabling async discard umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5248 ./strace-static-x86_64: Process 5248 attached [pid 5248] chdir("./9") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5248] munmap(0x7f1b58076000, 16777216) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./bus", 0777) = 0 [ 57.834923][ T5248] loop0: detected capacity change from 0 to 32768 [ 57.845504][ T5248] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5248) [ 57.861574][ T5248] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.870433][ T5248] BTRFS info (device loop0): doing ref verification [pid 5248] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5248] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./bus") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5248] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5248] exit_group(0) = ? [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 57.877026][ T5248] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.888035][ T5248] BTRFS info (device loop0): force zlib compression, level 3 [ 57.895505][ T5248] BTRFS info (device loop0): allowing degraded mounts [ 57.902504][ T5248] BTRFS info (device loop0): using free space tree [ 57.919961][ T5248] BTRFS info (device loop0): auto enabling async discard umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5280 ./strace-static-x86_64: Process 5280 attached [pid 5280] chdir("./10") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] memfd_create("syzkaller", 0) = 3 [pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5280] munmap(0x7f1b58076000, 16777216) = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5280] close(3) = 0 [pid 5280] mkdir("./bus", 0777) = 0 [ 58.249562][ T5280] loop0: detected capacity change from 0 to 32768 [ 58.259811][ T5280] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5280) [ 58.278224][ T5280] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.287114][ T5280] BTRFS info (device loop0): doing ref verification [pid 5280] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5280] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5280] chdir("./bus") = 0 [pid 5280] ioctl(4, LOOP_CLR_FD) = 0 [pid 5280] close(4) = 0 [pid 5280] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5280] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5280] exit_group(0) = ? [pid 5280] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 58.293784][ T5280] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 58.304651][ T5280] BTRFS info (device loop0): force zlib compression, level 3 [ 58.312104][ T5280] BTRFS info (device loop0): allowing degraded mounts [ 58.318890][ T5280] BTRFS info (device loop0): using free space tree [ 58.337098][ T5280] BTRFS info (device loop0): auto enabling async discard umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5298 ./strace-static-x86_64: Process 5298 attached [pid 5298] chdir("./11") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5298] munmap(0x7f1b58076000, 16777216) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5298] close(3) = 0 [pid 5298] mkdir("./bus", 0777) = 0 [ 58.688238][ T5298] loop0: detected capacity change from 0 to 32768 [ 58.697887][ T5298] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5298) [ 58.713149][ T5298] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.721959][ T5298] BTRFS info (device loop0): doing ref verification [pid 5298] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5298] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5298] chdir("./bus") = 0 [pid 5298] ioctl(4, LOOP_CLR_FD) = 0 [pid 5298] close(4) = 0 [pid 5298] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5298] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5298] exit_group(0) = ? [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 58.728568][ T5298] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 58.739396][ T5298] BTRFS info (device loop0): force zlib compression, level 3 [ 58.746845][ T5298] BTRFS info (device loop0): allowing degraded mounts [ 58.753686][ T5298] BTRFS info (device loop0): using free space tree [ 58.770299][ T5298] BTRFS info (device loop0): auto enabling async discard umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5316 ./strace-static-x86_64: Process 5316 attached [pid 5316] chdir("./12") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] memfd_create("syzkaller", 0) = 3 [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5316] munmap(0x7f1b58076000, 16777216) = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5316] close(3) = 0 [pid 5316] mkdir("./bus", 0777) = 0 [ 59.113450][ T5316] loop0: detected capacity change from 0 to 32768 [ 59.123291][ T5316] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5316) [ 59.140220][ T5316] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.149377][ T5316] BTRFS info (device loop0): doing ref verification [pid 5316] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5316] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5316] chdir("./bus") = 0 [pid 5316] ioctl(4, LOOP_CLR_FD) = 0 [pid 5316] close(4) = 0 [pid 5316] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5316] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5316] exit_group(0) = ? [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 59.156519][ T5316] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 59.167474][ T5316] BTRFS info (device loop0): force zlib compression, level 3 [ 59.175444][ T5316] BTRFS info (device loop0): allowing degraded mounts [ 59.182367][ T5316] BTRFS info (device loop0): using free space tree [ 59.200361][ T5316] BTRFS info (device loop0): auto enabling async discard umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5334 ./strace-static-x86_64: Process 5334 attached [pid 5334] chdir("./13") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] memfd_create("syzkaller", 0) = 3 [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5334] munmap(0x7f1b58076000, 16777216) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5334] close(3) = 0 [pid 5334] mkdir("./bus", 0777) = 0 [ 59.539578][ T5334] loop0: detected capacity change from 0 to 32768 [ 59.548880][ T5334] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5334) [ 59.565496][ T5334] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.574686][ T5334] BTRFS info (device loop0): doing ref verification [pid 5334] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5334] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./bus") = 0 [pid 5334] ioctl(4, LOOP_CLR_FD) = 0 [pid 5334] close(4) = 0 [pid 5334] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5334] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5334] exit_group(0) = ? [pid 5334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 59.581662][ T5334] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 59.592716][ T5334] BTRFS info (device loop0): force zlib compression, level 3 [ 59.600345][ T5334] BTRFS info (device loop0): allowing degraded mounts [ 59.607305][ T5334] BTRFS info (device loop0): using free space tree [ 59.626057][ T5334] BTRFS info (device loop0): auto enabling async discard umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5352 ./strace-static-x86_64: Process 5352 attached [pid 5352] chdir("./14") = 0 [pid 5352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5352] setpgid(0, 0) = 0 [pid 5352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5352] write(3, "1000", 4) = 4 [pid 5352] close(3) = 0 [pid 5352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5352] memfd_create("syzkaller", 0) = 3 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5352] munmap(0x7f1b58076000, 16777216) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5352] close(3) = 0 [pid 5352] mkdir("./bus", 0777) = 0 [ 59.952668][ T5352] loop0: detected capacity change from 0 to 32768 [ 59.962882][ T5352] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5352) [ 59.978598][ T5352] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.987434][ T5352] BTRFS info (device loop0): doing ref verification [pid 5352] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5352] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5352] chdir("./bus") = 0 [pid 5352] ioctl(4, LOOP_CLR_FD) = 0 [pid 5352] close(4) = 0 [pid 5352] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5352] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5352] exit_group(0) = ? [pid 5352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5352, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 59.994317][ T5352] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.005177][ T5352] BTRFS info (device loop0): force zlib compression, level 3 [ 60.012722][ T5352] BTRFS info (device loop0): allowing degraded mounts [ 60.019535][ T5352] BTRFS info (device loop0): using free space tree [ 60.038160][ T5352] BTRFS info (device loop0): auto enabling async discard umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5370 ./strace-static-x86_64: Process 5370 attached [pid 5370] chdir("./15") = 0 [pid 5370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] setpgid(0, 0) = 0 [pid 5370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5370] write(3, "1000", 4) = 4 [pid 5370] close(3) = 0 [pid 5370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5370] memfd_create("syzkaller", 0) = 3 [pid 5370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5370] munmap(0x7f1b58076000, 16777216) = 0 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5370] close(3) = 0 [pid 5370] mkdir("./bus", 0777) = 0 [ 60.371118][ T5370] loop0: detected capacity change from 0 to 32768 [ 60.380504][ T5370] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5370) [ 60.396999][ T5370] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 60.405796][ T5370] BTRFS info (device loop0): doing ref verification [pid 5370] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5370] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5370] chdir("./bus") = 0 [pid 5370] ioctl(4, LOOP_CLR_FD) = 0 [pid 5370] close(4) = 0 [pid 5370] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5370] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5370] exit_group(0) = ? [pid 5370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5370, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 60.412545][ T5370] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.423377][ T5370] BTRFS info (device loop0): force zlib compression, level 3 [ 60.430934][ T5370] BTRFS info (device loop0): allowing degraded mounts [ 60.437897][ T5370] BTRFS info (device loop0): using free space tree [ 60.454175][ T5370] BTRFS info (device loop0): auto enabling async discard umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5388 ./strace-static-x86_64: Process 5388 attached [pid 5388] chdir("./16") = 0 [pid 5388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5388] setpgid(0, 0) = 0 [pid 5388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5388] write(3, "1000", 4) = 4 [pid 5388] close(3) = 0 [pid 5388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5388] memfd_create("syzkaller", 0) = 3 [pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5388] munmap(0x7f1b58076000, 16777216) = 0 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5388] close(3) = 0 [pid 5388] mkdir("./bus", 0777) = 0 [ 60.793418][ T5388] loop0: detected capacity change from 0 to 32768 [ 60.802478][ T5388] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5388) [ 60.819548][ T5388] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 60.828439][ T5388] BTRFS info (device loop0): doing ref verification [pid 5388] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5388] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5388] chdir("./bus") = 0 [pid 5388] ioctl(4, LOOP_CLR_FD) = 0 [pid 5388] close(4) = 0 [pid 5388] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5388] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5388] exit_group(0) = ? [pid 5388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5388, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 60.835294][ T5388] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 60.846119][ T5388] BTRFS info (device loop0): force zlib compression, level 3 [ 60.853541][ T5388] BTRFS info (device loop0): allowing degraded mounts [ 60.860449][ T5388] BTRFS info (device loop0): using free space tree [ 60.877766][ T5388] BTRFS info (device loop0): auto enabling async discard umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5406 ./strace-static-x86_64: Process 5406 attached [pid 5406] chdir("./17") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] memfd_create("syzkaller", 0) = 3 [pid 5406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5406] munmap(0x7f1b58076000, 16777216) = 0 [pid 5406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5406] close(3) = 0 [pid 5406] mkdir("./bus", 0777) = 0 [ 61.212937][ T5406] loop0: detected capacity change from 0 to 32768 [ 61.221952][ T5406] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5406) [ 61.239466][ T5406] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 61.250257][ T5406] BTRFS info (device loop0): doing ref verification [pid 5406] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5406] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5406] chdir("./bus") = 0 [pid 5406] ioctl(4, LOOP_CLR_FD) = 0 [pid 5406] close(4) = 0 [pid 5406] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5406] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5406] exit_group(0) = ? [pid 5406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5406, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 61.256904][ T5406] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 61.267747][ T5406] BTRFS info (device loop0): force zlib compression, level 3 [ 61.275733][ T5406] BTRFS info (device loop0): allowing degraded mounts [ 61.282659][ T5406] BTRFS info (device loop0): using free space tree [ 61.301987][ T5406] BTRFS info (device loop0): auto enabling async discard fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5424 ./strace-static-x86_64: Process 5424 attached [pid 5424] chdir("./18") = 0 [pid 5424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5424] setpgid(0, 0) = 0 [pid 5424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5424] write(3, "1000", 4) = 4 [pid 5424] close(3) = 0 [pid 5424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5424] memfd_create("syzkaller", 0) = 3 [pid 5424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5424] munmap(0x7f1b58076000, 16777216) = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5424] close(3) = 0 [pid 5424] mkdir("./bus", 0777) = 0 [ 61.640092][ T5424] loop0: detected capacity change from 0 to 32768 [ 61.649116][ T5424] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5424) [ 61.667283][ T5424] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 61.676232][ T5424] BTRFS info (device loop0): doing ref verification [pid 5424] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5424] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5424] chdir("./bus") = 0 [pid 5424] ioctl(4, LOOP_CLR_FD) = 0 [pid 5424] close(4) = 0 [pid 5424] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5424] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5424] exit_group(0) = ? [ 61.682919][ T5424] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 61.693770][ T5424] BTRFS info (device loop0): force zlib compression, level 3 [ 61.701234][ T5424] BTRFS info (device loop0): allowing degraded mounts [ 61.708886][ T5424] BTRFS info (device loop0): using free space tree [ 61.728132][ T5424] BTRFS info (device loop0): auto enabling async discard [pid 5424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5424, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5442 ./strace-static-x86_64: Process 5442 attached [pid 5442] chdir("./19") = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5442] setpgid(0, 0) = 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] memfd_create("syzkaller", 0) = 3 [pid 5442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5442] munmap(0x7f1b58076000, 16777216) = 0 [pid 5442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5442] close(3) = 0 [pid 5442] mkdir("./bus", 0777) = 0 [ 62.077624][ T5442] loop0: detected capacity change from 0 to 32768 [ 62.087097][ T5442] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5442) [ 62.105661][ T5442] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.114663][ T5442] BTRFS info (device loop0): doing ref verification [ 62.121510][ T5442] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 62.134207][ T5442] BTRFS info (device loop0): force zlib compression, level 3 [ 62.142359][ T5442] BTRFS info (device loop0): allowing degraded mounts [ 62.154361][ T5442] BTRFS info (device loop0): using free space tree [pid 5442] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5442] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5442] chdir("./bus") = 0 [pid 5442] ioctl(4, LOOP_CLR_FD) = 0 [pid 5442] close(4) = 0 [pid 5442] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5442] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5442] exit_group(0) = ? [ 62.188052][ T5442] BTRFS info (device loop0): auto enabling async discard [pid 5442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5442, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5461 ./strace-static-x86_64: Process 5461 attached [pid 5461] chdir("./20") = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5461] setpgid(0, 0) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] write(3, "1000", 4) = 4 [pid 5461] close(3) = 0 [pid 5461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5461] memfd_create("syzkaller", 0) = 3 [pid 5461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5461] munmap(0x7f1b58076000, 16777216) = 0 [pid 5461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5461] close(3) = 0 [pid 5461] mkdir("./bus", 0777) = 0 [ 62.591081][ T5461] loop0: detected capacity change from 0 to 32768 [ 62.601344][ T5461] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5461) [ 62.618158][ T5461] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.627013][ T5461] BTRFS info (device loop0): doing ref verification [pid 5461] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5461] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5461] chdir("./bus") = 0 [pid 5461] ioctl(4, LOOP_CLR_FD) = 0 [pid 5461] close(4) = 0 [pid 5461] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5461] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5461] exit_group(0) = ? [pid 5461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 62.633643][ T5461] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 62.644473][ T5461] BTRFS info (device loop0): force zlib compression, level 3 [ 62.652032][ T5461] BTRFS info (device loop0): allowing degraded mounts [ 62.658801][ T5461] BTRFS info (device loop0): using free space tree [ 62.677712][ T5461] BTRFS info (device loop0): auto enabling async discard umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5479 ./strace-static-x86_64: Process 5479 attached [pid 5479] chdir("./21") = 0 [pid 5479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5479] setpgid(0, 0) = 0 [pid 5479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5479] write(3, "1000", 4) = 4 [pid 5479] close(3) = 0 [pid 5479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5479] memfd_create("syzkaller", 0) = 3 [pid 5479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5479] munmap(0x7f1b58076000, 16777216) = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5479] close(3) = 0 [pid 5479] mkdir("./bus", 0777) = 0 [ 63.007816][ T5479] loop0: detected capacity change from 0 to 32768 [ 63.017228][ T5479] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5479) [ 63.033666][ T5479] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.042565][ T5479] BTRFS info (device loop0): doing ref verification [pid 5479] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5479] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5479] chdir("./bus") = 0 [pid 5479] ioctl(4, LOOP_CLR_FD) = 0 [pid 5479] close(4) = 0 [pid 5479] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5479] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5479] exit_group(0) = ? [pid 5479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5479, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.049416][ T5479] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.060581][ T5479] BTRFS info (device loop0): force zlib compression, level 3 [ 63.068164][ T5479] BTRFS info (device loop0): allowing degraded mounts [ 63.075026][ T5479] BTRFS info (device loop0): using free space tree [ 63.093584][ T5479] BTRFS info (device loop0): auto enabling async discard lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5497 ./strace-static-x86_64: Process 5497 attached [pid 5497] chdir("./22") = 0 [pid 5497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5497] setpgid(0, 0) = 0 [pid 5497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5497] write(3, "1000", 4) = 4 [pid 5497] close(3) = 0 [pid 5497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5497] memfd_create("syzkaller", 0) = 3 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5497] munmap(0x7f1b58076000, 16777216) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./bus", 0777) = 0 [ 63.431697][ T5497] loop0: detected capacity change from 0 to 32768 [ 63.443991][ T5497] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5497) [ 63.460860][ T5497] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.469679][ T5497] BTRFS info (device loop0): doing ref verification [pid 5497] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5497] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5497] chdir("./bus") = 0 [pid 5497] ioctl(4, LOOP_CLR_FD) = 0 [pid 5497] close(4) = 0 [pid 5497] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5497] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5497] exit_group(0) = ? [pid 5497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5497, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 63.476479][ T5497] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.487322][ T5497] BTRFS info (device loop0): force zlib compression, level 3 [ 63.494755][ T5497] BTRFS info (device loop0): allowing degraded mounts [ 63.501855][ T5497] BTRFS info (device loop0): using free space tree [ 63.519660][ T5497] BTRFS info (device loop0): auto enabling async discard umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5515 ./strace-static-x86_64: Process 5515 attached [pid 5515] chdir("./23") = 0 [pid 5515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5515] setpgid(0, 0) = 0 [pid 5515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5515] write(3, "1000", 4) = 4 [pid 5515] close(3) = 0 [pid 5515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5515] memfd_create("syzkaller", 0) = 3 [pid 5515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5515] munmap(0x7f1b58076000, 16777216) = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5515] close(3) = 0 [pid 5515] mkdir("./bus", 0777) = 0 [ 63.848901][ T5515] loop0: detected capacity change from 0 to 32768 [ 63.860378][ T5515] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5515) [ 63.877468][ T5515] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.886399][ T5515] BTRFS info (device loop0): doing ref verification [pid 5515] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5515] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5515] chdir("./bus") = 0 [pid 5515] ioctl(4, LOOP_CLR_FD) = 0 [pid 5515] close(4) = 0 [pid 5515] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5515] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5515] exit_group(0) = ? [pid 5515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5515, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 63.893178][ T5515] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.904126][ T5515] BTRFS info (device loop0): force zlib compression, level 3 [ 63.912004][ T5515] BTRFS info (device loop0): allowing degraded mounts [ 63.918778][ T5515] BTRFS info (device loop0): using free space tree [ 63.935848][ T5515] BTRFS info (device loop0): auto enabling async discard umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5533 attached , child_tidptr=0x5555563e75d0) = 5533 [pid 5533] chdir("./24") = 0 [pid 5533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5533] setpgid(0, 0) = 0 [pid 5533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5533] write(3, "1000", 4) = 4 [pid 5533] close(3) = 0 [pid 5533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5533] memfd_create("syzkaller", 0) = 3 [pid 5533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5533] munmap(0x7f1b58076000, 16777216) = 0 [pid 5533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5533] close(3) = 0 [pid 5533] mkdir("./bus", 0777) = 0 [ 64.262677][ T5533] loop0: detected capacity change from 0 to 32768 [ 64.272837][ T5533] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5533) [ 64.290598][ T5533] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.299400][ T5533] BTRFS info (device loop0): doing ref verification [pid 5533] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5533] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5533] chdir("./bus") = 0 [pid 5533] ioctl(4, LOOP_CLR_FD) = 0 [pid 5533] close(4) = 0 [pid 5533] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5533] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5533] exit_group(0) = ? [ 64.311007][ T5533] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 64.322027][ T5533] BTRFS info (device loop0): force zlib compression, level 3 [ 64.329428][ T5533] BTRFS info (device loop0): allowing degraded mounts [ 64.336319][ T5533] BTRFS info (device loop0): using free space tree [ 64.353302][ T5533] BTRFS info (device loop0): auto enabling async discard [pid 5533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5533, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5551 ./strace-static-x86_64: Process 5551 attached [pid 5551] chdir("./25") = 0 [pid 5551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5551] setpgid(0, 0) = 0 [pid 5551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5551] write(3, "1000", 4) = 4 [pid 5551] close(3) = 0 [pid 5551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5551] memfd_create("syzkaller", 0) = 3 [pid 5551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5551] munmap(0x7f1b58076000, 16777216) = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5551] close(3) = 0 [pid 5551] mkdir("./bus", 0777) = 0 [ 64.687968][ T5551] loop0: detected capacity change from 0 to 32768 [ 64.697594][ T5551] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5551) [ 64.714308][ T5551] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.723077][ T5551] BTRFS info (device loop0): doing ref verification [pid 5551] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5551] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5551] chdir("./bus") = 0 [pid 5551] ioctl(4, LOOP_CLR_FD) = 0 [pid 5551] close(4) = 0 [pid 5551] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5551] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5551] exit_group(0) = ? [pid 5551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5551, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 64.729687][ T5551] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 64.740744][ T5551] BTRFS info (device loop0): force zlib compression, level 3 [ 64.748163][ T5551] BTRFS info (device loop0): allowing degraded mounts [ 64.755046][ T5551] BTRFS info (device loop0): using free space tree [ 64.771268][ T5551] BTRFS info (device loop0): auto enabling async discard umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5569 ./strace-static-x86_64: Process 5569 attached [pid 5569] chdir("./26") = 0 [pid 5569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5569] setpgid(0, 0) = 0 [pid 5569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5569] write(3, "1000", 4) = 4 [pid 5569] close(3) = 0 [pid 5569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5569] memfd_create("syzkaller", 0) = 3 [pid 5569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5569] munmap(0x7f1b58076000, 16777216) = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5569] close(3) = 0 [pid 5569] mkdir("./bus", 0777) = 0 [ 65.105207][ T5569] loop0: detected capacity change from 0 to 32768 [ 65.116040][ T5569] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5569) [ 65.132915][ T5569] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 65.141742][ T5569] BTRFS info (device loop0): doing ref verification [pid 5569] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5569] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5569] chdir("./bus") = 0 [pid 5569] ioctl(4, LOOP_CLR_FD) = 0 [pid 5569] close(4) = 0 [pid 5569] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5569] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5569] exit_group(0) = ? [pid 5569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5569, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 65.148397][ T5569] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 65.159243][ T5569] BTRFS info (device loop0): force zlib compression, level 3 [ 65.166710][ T5569] BTRFS info (device loop0): allowing degraded mounts [ 65.173520][ T5569] BTRFS info (device loop0): using free space tree [ 65.192705][ T5569] BTRFS info (device loop0): auto enabling async discard umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5587 attached , child_tidptr=0x5555563e75d0) = 5587 [pid 5587] chdir("./27") = 0 [pid 5587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5587] setpgid(0, 0) = 0 [pid 5587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5587] write(3, "1000", 4) = 4 [pid 5587] close(3) = 0 [pid 5587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5587] memfd_create("syzkaller", 0) = 3 [pid 5587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5587] munmap(0x7f1b58076000, 16777216) = 0 [pid 5587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5587] close(3) = 0 [pid 5587] mkdir("./bus", 0777) = 0 [ 65.538243][ T5587] loop0: detected capacity change from 0 to 32768 [ 65.548147][ T5587] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5587) [ 65.564896][ T5587] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 65.574070][ T5587] BTRFS info (device loop0): doing ref verification [pid 5587] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5587] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5587] chdir("./bus") = 0 [pid 5587] ioctl(4, LOOP_CLR_FD) = 0 [pid 5587] close(4) = 0 [pid 5587] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5587] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5587] exit_group(0) = ? [ 65.581107][ T5587] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 65.592460][ T5587] BTRFS info (device loop0): force zlib compression, level 3 [ 65.599991][ T5587] BTRFS info (device loop0): allowing degraded mounts [ 65.606797][ T5587] BTRFS info (device loop0): using free space tree [ 65.624703][ T5587] BTRFS info (device loop0): auto enabling async discard [pid 5587] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5587, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5605 ./strace-static-x86_64: Process 5605 attached [pid 5605] chdir("./28") = 0 [pid 5605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5605] setpgid(0, 0) = 0 [pid 5605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5605] write(3, "1000", 4) = 4 [pid 5605] close(3) = 0 [pid 5605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5605] memfd_create("syzkaller", 0) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5605] munmap(0x7f1b58076000, 16777216) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] mkdir("./bus", 0777) = 0 [ 65.968567][ T5605] loop0: detected capacity change from 0 to 32768 [ 65.977592][ T5605] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5605) [ 65.994437][ T5605] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.003222][ T5605] BTRFS info (device loop0): doing ref verification [pid 5605] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5605] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] chdir("./bus") = 0 [pid 5605] ioctl(4, LOOP_CLR_FD) = 0 [pid 5605] close(4) = 0 [pid 5605] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5605] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5605] exit_group(0) = ? [pid 5605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5605, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 66.009931][ T5605] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.020774][ T5605] BTRFS info (device loop0): force zlib compression, level 3 [ 66.028184][ T5605] BTRFS info (device loop0): allowing degraded mounts [ 66.035129][ T5605] BTRFS info (device loop0): using free space tree [ 66.052967][ T5605] BTRFS info (device loop0): auto enabling async discard umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5623 ./strace-static-x86_64: Process 5623 attached [pid 5623] chdir("./29") = 0 [pid 5623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5623] setpgid(0, 0) = 0 [pid 5623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5623] write(3, "1000", 4) = 4 [pid 5623] close(3) = 0 [pid 5623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5623] memfd_create("syzkaller", 0) = 3 [pid 5623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5623] munmap(0x7f1b58076000, 16777216) = 0 [pid 5623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5623] close(3) = 0 [pid 5623] mkdir("./bus", 0777) = 0 [ 66.374979][ T5623] loop0: detected capacity change from 0 to 32768 [ 66.385343][ T5623] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5623) [ 66.402126][ T5623] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.410927][ T5623] BTRFS info (device loop0): doing ref verification [pid 5623] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5623] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5623] chdir("./bus") = 0 [pid 5623] ioctl(4, LOOP_CLR_FD) = 0 [pid 5623] close(4) = 0 [pid 5623] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5623] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5623] exit_group(0) = ? [pid 5623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5623, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 66.417559][ T5623] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.428433][ T5623] BTRFS info (device loop0): force zlib compression, level 3 [ 66.435883][ T5623] BTRFS info (device loop0): allowing degraded mounts [ 66.442897][ T5623] BTRFS info (device loop0): using free space tree [ 66.462116][ T5623] BTRFS info (device loop0): auto enabling async discard umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5642 ./strace-static-x86_64: Process 5642 attached [pid 5642] chdir("./30") = 0 [pid 5642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] setpgid(0, 0) = 0 [pid 5642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] write(3, "1000", 4) = 4 [pid 5642] close(3) = 0 [pid 5642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5642] memfd_create("syzkaller", 0) = 3 [pid 5642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5642] munmap(0x7f1b58076000, 16777216) = 0 [pid 5642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5642] close(3) = 0 [pid 5642] mkdir("./bus", 0777) = 0 [ 66.798628][ T5642] loop0: detected capacity change from 0 to 32768 [ 66.808263][ T5642] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5642) [ 66.824558][ T5642] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.833354][ T5642] BTRFS info (device loop0): doing ref verification [pid 5642] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5642] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5642] chdir("./bus") = 0 [pid 5642] ioctl(4, LOOP_CLR_FD) = 0 [pid 5642] close(4) = 0 [pid 5642] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5642] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [ 66.840044][ T5642] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.850859][ T5642] BTRFS info (device loop0): force zlib compression, level 3 [ 66.858247][ T5642] BTRFS info (device loop0): allowing degraded mounts [ 66.865879][ T5642] BTRFS info (device loop0): using free space tree [ 66.884695][ T5642] BTRFS info (device loop0): auto enabling async discard [pid 5642] exit_group(0) = ? [pid 5642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5642, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5660 ./strace-static-x86_64: Process 5660 attached [pid 5660] chdir("./31") = 0 [pid 5660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5660] setpgid(0, 0) = 0 [pid 5660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5660] write(3, "1000", 4) = 4 [pid 5660] close(3) = 0 [pid 5660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5660] memfd_create("syzkaller", 0) = 3 [pid 5660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5660] munmap(0x7f1b58076000, 16777216) = 0 [pid 5660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5660] close(3) = 0 [pid 5660] mkdir("./bus", 0777) = 0 [ 67.232892][ T5660] loop0: detected capacity change from 0 to 32768 [ 67.242920][ T5660] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5660) [ 67.259468][ T5660] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.268450][ T5660] BTRFS info (device loop0): doing ref verification [pid 5660] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5660] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5660] chdir("./bus") = 0 [pid 5660] ioctl(4, LOOP_CLR_FD) = 0 [pid 5660] close(4) = 0 [pid 5660] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5660] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [ 67.275977][ T5660] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 67.287094][ T5660] BTRFS info (device loop0): force zlib compression, level 3 [ 67.294812][ T5660] BTRFS info (device loop0): allowing degraded mounts [ 67.301827][ T5660] BTRFS info (device loop0): using free space tree [ 67.318427][ T5660] BTRFS info (device loop0): auto enabling async discard [pid 5660] exit_group(0) = ? [pid 5660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5660, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5678 ./strace-static-x86_64: Process 5678 attached [pid 5678] chdir("./32") = 0 [pid 5678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5678] setpgid(0, 0) = 0 [pid 5678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5678] write(3, "1000", 4) = 4 [pid 5678] close(3) = 0 [pid 5678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5678] memfd_create("syzkaller", 0) = 3 [pid 5678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5678] munmap(0x7f1b58076000, 16777216) = 0 [pid 5678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5678] close(3) = 0 [pid 5678] mkdir("./bus", 0777) = 0 [ 67.699434][ T5678] loop0: detected capacity change from 0 to 32768 [ 67.708658][ T5678] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5678) [ 67.726292][ T5678] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.735278][ T5678] BTRFS info (device loop0): doing ref verification [pid 5678] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5678] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5678] chdir("./bus") = 0 [pid 5678] ioctl(4, LOOP_CLR_FD) = 0 [pid 5678] close(4) = 0 [pid 5678] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5678] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5678] exit_group(0) = ? [pid 5678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5678, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 [ 67.742067][ T5678] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 67.753453][ T5678] BTRFS info (device loop0): force zlib compression, level 3 [ 67.760962][ T5678] BTRFS info (device loop0): allowing degraded mounts [ 67.767756][ T5678] BTRFS info (device loop0): using free space tree [ 67.784833][ T5678] BTRFS info (device loop0): auto enabling async discard umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5696 ./strace-static-x86_64: Process 5696 attached [pid 5696] chdir("./33") = 0 [pid 5696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5696] setpgid(0, 0) = 0 [pid 5696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5696] write(3, "1000", 4) = 4 [pid 5696] close(3) = 0 [pid 5696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5696] memfd_create("syzkaller", 0) = 3 [pid 5696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5696] munmap(0x7f1b58076000, 16777216) = 0 [pid 5696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5696] close(3) = 0 [pid 5696] mkdir("./bus", 0777) = 0 [ 68.106730][ T5696] loop0: detected capacity change from 0 to 32768 [ 68.118430][ T5696] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5696) [ 68.136387][ T5696] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.145406][ T5696] BTRFS info (device loop0): doing ref verification [pid 5696] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5696] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5696] chdir("./bus") = 0 [pid 5696] ioctl(4, LOOP_CLR_FD) = 0 [pid 5696] close(4) = 0 [pid 5696] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5696] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5696] exit_group(0) = ? [pid 5696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5696, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 68.152087][ T5696] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.163069][ T5696] BTRFS info (device loop0): force zlib compression, level 3 [ 68.170622][ T5696] BTRFS info (device loop0): allowing degraded mounts [ 68.177403][ T5696] BTRFS info (device loop0): using free space tree [ 68.194381][ T5696] BTRFS info (device loop0): auto enabling async discard unlink("./33/binderfs") = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5714 ./strace-static-x86_64: Process 5714 attached [pid 5714] chdir("./34") = 0 [pid 5714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5714] setpgid(0, 0) = 0 [pid 5714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5714] write(3, "1000", 4) = 4 [pid 5714] close(3) = 0 [pid 5714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5714] memfd_create("syzkaller", 0) = 3 [pid 5714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5714] munmap(0x7f1b58076000, 16777216) = 0 [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5714] close(3) = 0 [pid 5714] mkdir("./bus", 0777) = 0 [ 68.526625][ T5714] loop0: detected capacity change from 0 to 32768 [ 68.536061][ T5714] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5714) [ 68.554764][ T5714] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.563610][ T5714] BTRFS info (device loop0): doing ref verification [pid 5714] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5714] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5714] chdir("./bus") = 0 [pid 5714] ioctl(4, LOOP_CLR_FD) = 0 [pid 5714] close(4) = 0 [pid 5714] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5714] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5714] exit_group(0) = ? [pid 5714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5714, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 68.570416][ T5714] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.581280][ T5714] BTRFS info (device loop0): force zlib compression, level 3 [ 68.588676][ T5714] BTRFS info (device loop0): allowing degraded mounts [ 68.595601][ T5714] BTRFS info (device loop0): using free space tree [ 68.613385][ T5714] BTRFS info (device loop0): auto enabling async discard umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5732 ./strace-static-x86_64: Process 5732 attached [pid 5732] chdir("./35") = 0 [pid 5732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5732] setpgid(0, 0) = 0 [pid 5732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5732] write(3, "1000", 4) = 4 [pid 5732] close(3) = 0 [pid 5732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5732] memfd_create("syzkaller", 0) = 3 [pid 5732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5732] munmap(0x7f1b58076000, 16777216) = 0 [pid 5732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5732] close(3) = 0 [pid 5732] mkdir("./bus", 0777) = 0 [ 68.943877][ T5732] loop0: detected capacity change from 0 to 32768 [ 68.953340][ T5732] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5732) [ 68.971420][ T5732] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.980242][ T5732] BTRFS info (device loop0): doing ref verification [pid 5732] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5732] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5732] chdir("./bus") = 0 [pid 5732] ioctl(4, LOOP_CLR_FD) = 0 [pid 5732] close(4) = 0 [pid 5732] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5732] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5732] exit_group(0) = ? [pid 5732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5732, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 [ 68.986902][ T5732] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 68.997791][ T5732] BTRFS info (device loop0): force zlib compression, level 3 [ 69.005320][ T5732] BTRFS info (device loop0): allowing degraded mounts [ 69.012170][ T5732] BTRFS info (device loop0): using free space tree [ 69.029342][ T5732] BTRFS info (device loop0): auto enabling async discard umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5750 ./strace-static-x86_64: Process 5750 attached [pid 5750] chdir("./36") = 0 [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5750] write(3, "1000", 4) = 4 [pid 5750] close(3) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5750] memfd_create("syzkaller", 0) = 3 [pid 5750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5750] munmap(0x7f1b58076000, 16777216) = 0 [pid 5750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5750] close(3) = 0 [pid 5750] mkdir("./bus", 0777) = 0 [ 69.366495][ T5750] loop0: detected capacity change from 0 to 32768 [ 69.375720][ T5750] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5750) [ 69.393123][ T5750] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.402033][ T5750] BTRFS info (device loop0): doing ref verification [pid 5750] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5750] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5750] chdir("./bus") = 0 [pid 5750] ioctl(4, LOOP_CLR_FD) = 0 [pid 5750] close(4) = 0 [pid 5750] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5750] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5750] exit_group(0) = ? [pid 5750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5750, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 [ 69.409159][ T5750] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 69.420497][ T5750] BTRFS info (device loop0): force zlib compression, level 3 [ 69.427911][ T5750] BTRFS info (device loop0): allowing degraded mounts [ 69.435260][ T5750] BTRFS info (device loop0): using free space tree [ 69.455591][ T5750] BTRFS info (device loop0): auto enabling async discard umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5768 ./strace-static-x86_64: Process 5768 attached [pid 5768] chdir("./37") = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5768] memfd_create("syzkaller", 0) = 3 [pid 5768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5768] munmap(0x7f1b58076000, 16777216) = 0 [pid 5768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5768] close(3) = 0 [pid 5768] mkdir("./bus", 0777) = 0 [ 69.779801][ T5768] loop0: detected capacity change from 0 to 32768 [ 69.790931][ T5768] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5768) [ 69.805792][ T5768] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.814851][ T5768] BTRFS info (device loop0): doing ref verification [pid 5768] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5768] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5768] chdir("./bus") = 0 [pid 5768] ioctl(4, LOOP_CLR_FD) = 0 [pid 5768] close(4) = 0 [pid 5768] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5768] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5768] exit_group(0) = ? [pid 5768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5768, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 69.821721][ T5768] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 69.832870][ T5768] BTRFS info (device loop0): force zlib compression, level 3 [ 69.840796][ T5768] BTRFS info (device loop0): allowing degraded mounts [ 69.847583][ T5768] BTRFS info (device loop0): using free space tree [ 69.866325][ T5768] BTRFS info (device loop0): auto enabling async discard umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5786 ./strace-static-x86_64: Process 5786 attached [pid 5786] chdir("./38") = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5786] memfd_create("syzkaller", 0) = 3 [pid 5786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5786] munmap(0x7f1b58076000, 16777216) = 0 [pid 5786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5786] close(3) = 0 [pid 5786] mkdir("./bus", 0777) = 0 [ 70.209498][ T5786] loop0: detected capacity change from 0 to 32768 [ 70.219121][ T5786] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5786) [ 70.236776][ T5786] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.245923][ T5786] BTRFS info (device loop0): doing ref verification [pid 5786] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5786] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5786] chdir("./bus") = 0 [pid 5786] ioctl(4, LOOP_CLR_FD) = 0 [pid 5786] close(4) = 0 [pid 5786] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5786] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5786] exit_group(0) = ? [pid 5786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5786, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- [ 70.252835][ T5786] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 70.263967][ T5786] BTRFS info (device loop0): force zlib compression, level 3 [ 70.271750][ T5786] BTRFS info (device loop0): allowing degraded mounts [ 70.278557][ T5786] BTRFS info (device loop0): using free space tree [ 70.299525][ T5786] BTRFS info (device loop0): auto enabling async discard umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5804 ./strace-static-x86_64: Process 5804 attached [pid 5804] chdir("./39") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] memfd_create("syzkaller", 0) = 3 [pid 5804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5804] munmap(0x7f1b58076000, 16777216) = 0 [pid 5804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5804] close(3) = 0 [pid 5804] mkdir("./bus", 0777) = 0 [ 70.637761][ T5804] loop0: detected capacity change from 0 to 32768 [ 70.649319][ T5804] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5804) [ 70.666670][ T5804] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.675560][ T5804] BTRFS info (device loop0): doing ref verification [pid 5804] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5804] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5804] chdir("./bus") = 0 [pid 5804] ioctl(4, LOOP_CLR_FD) = 0 [pid 5804] close(4) = 0 [pid 5804] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5804] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5804] exit_group(0) = ? [pid 5804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5804, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [ 70.682532][ T5804] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 70.693734][ T5804] BTRFS info (device loop0): force zlib compression, level 3 [ 70.701340][ T5804] BTRFS info (device loop0): allowing degraded mounts [ 70.708121][ T5804] BTRFS info (device loop0): using free space tree [ 70.726766][ T5804] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5822 ./strace-static-x86_64: Process 5822 attached [pid 5822] chdir("./40") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] memfd_create("syzkaller", 0) = 3 [pid 5822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5822] munmap(0x7f1b58076000, 16777216) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5822] close(3) = 0 [pid 5822] mkdir("./bus", 0777) = 0 [ 71.053256][ T5822] loop0: detected capacity change from 0 to 32768 [ 71.063837][ T5822] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5822) [ 71.080125][ T5822] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.088869][ T5822] BTRFS info (device loop0): doing ref verification [pid 5822] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5822] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5822] chdir("./bus") = 0 [pid 5822] ioctl(4, LOOP_CLR_FD) = 0 [pid 5822] close(4) = 0 [pid 5822] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5822] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5822] exit_group(0) = ? [pid 5822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 71.095552][ T5822] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 71.106414][ T5822] BTRFS info (device loop0): force zlib compression, level 3 [ 71.113861][ T5822] BTRFS info (device loop0): allowing degraded mounts [ 71.120695][ T5822] BTRFS info (device loop0): using free space tree [ 71.137494][ T5822] BTRFS info (device loop0): auto enabling async discard umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5840 ./strace-static-x86_64: Process 5840 attached [pid 5840] chdir("./41") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] memfd_create("syzkaller", 0) = 3 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5840] munmap(0x7f1b58076000, 16777216) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5840] close(3) = 0 [pid 5840] mkdir("./bus", 0777) = 0 [ 71.496637][ T5840] loop0: detected capacity change from 0 to 32768 [ 71.507429][ T5840] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5840) [ 71.533750][ T5840] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.542980][ T5840] BTRFS info (device loop0): doing ref verification [ 71.550540][ T5840] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 71.562355][ T5840] BTRFS info (device loop0): force zlib compression, level 3 [ 71.570440][ T5840] BTRFS info (device loop0): allowing degraded mounts [ 71.577637][ T5840] BTRFS info (device loop0): using free space tree [pid 5840] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5840] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] chdir("./bus") = 0 [pid 5840] ioctl(4, LOOP_CLR_FD) = 0 [pid 5840] close(4) = 0 [pid 5840] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5840] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5840] exit_group(0) = ? [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 71.669869][ T5840] BTRFS info (device loop0): auto enabling async discard umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5858 ./strace-static-x86_64: Process 5858 attached [pid 5858] chdir("./42") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5858] munmap(0x7f1b58076000, 16777216) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] mkdir("./bus", 0777) = 0 [ 72.054902][ T5858] loop0: detected capacity change from 0 to 32768 [ 72.066179][ T5858] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5858) [ 72.083750][ T5858] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.092672][ T5858] BTRFS info (device loop0): doing ref verification [pid 5858] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5858] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./bus") = 0 [pid 5858] ioctl(4, LOOP_CLR_FD) = 0 [pid 5858] close(4) = 0 [pid 5858] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5858] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5858] exit_group(0) = ? [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 72.099331][ T5858] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.110183][ T5858] BTRFS info (device loop0): force zlib compression, level 3 [ 72.117576][ T5858] BTRFS info (device loop0): allowing degraded mounts [ 72.124416][ T5858] BTRFS info (device loop0): using free space tree [ 72.141854][ T5858] BTRFS info (device loop0): auto enabling async discard umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5876 ./strace-static-x86_64: Process 5876 attached [pid 5876] chdir("./43") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5876] munmap(0x7f1b58076000, 16777216) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] mkdir("./bus", 0777) = 0 [ 72.476518][ T5876] loop0: detected capacity change from 0 to 32768 [ 72.485937][ T5876] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5876) [ 72.502955][ T5876] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.511995][ T5876] BTRFS info (device loop0): doing ref verification [pid 5876] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5876] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./bus") = 0 [pid 5876] ioctl(4, LOOP_CLR_FD) = 0 [pid 5876] close(4) = 0 [pid 5876] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5876] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5876] exit_group(0) = ? [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 [ 72.518599][ T5876] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.529668][ T5876] BTRFS info (device loop0): force zlib compression, level 3 [ 72.537302][ T5876] BTRFS info (device loop0): allowing degraded mounts [ 72.544317][ T5876] BTRFS info (device loop0): using free space tree [ 72.563406][ T5876] BTRFS info (device loop0): auto enabling async discard umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5894 ./strace-static-x86_64: Process 5894 attached [pid 5894] chdir("./44") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5894] munmap(0x7f1b58076000, 16777216) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] mkdir("./bus", 0777) = 0 [ 72.898301][ T5894] loop0: detected capacity change from 0 to 32768 [ 72.919260][ T5894] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5894) [ 72.935962][ T5894] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.945212][ T5894] BTRFS info (device loop0): doing ref verification [ 72.953066][ T5894] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.964496][ T5894] BTRFS info (device loop0): force zlib compression, level 3 [ 72.972221][ T5894] BTRFS info (device loop0): allowing degraded mounts [ 72.979102][ T5894] BTRFS info (device loop0): using free space tree [pid 5894] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5894] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./bus") = 0 [pid 5894] ioctl(4, LOOP_CLR_FD) = 0 [pid 5894] close(4) = 0 [pid 5894] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5894] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5894] exit_group(0) = ? [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 [ 72.997657][ T5894] BTRFS info (device loop0): auto enabling async discard umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5912 ./strace-static-x86_64: Process 5912 attached [pid 5912] chdir("./45") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5912] munmap(0x7f1b58076000, 16777216) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] mkdir("./bus", 0777) = 0 [ 73.342888][ T5912] loop0: detected capacity change from 0 to 32768 [ 73.352477][ T5912] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5912) [ 73.369087][ T5912] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.378396][ T5912] BTRFS info (device loop0): doing ref verification [pid 5912] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./bus") = 0 [pid 5912] ioctl(4, LOOP_CLR_FD) = 0 [pid 5912] close(4) = 0 [pid 5912] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5912] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5912] exit_group(0) = ? [pid 5912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 [ 73.385415][ T5912] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 73.396424][ T5912] BTRFS info (device loop0): force zlib compression, level 3 [ 73.404007][ T5912] BTRFS info (device loop0): allowing degraded mounts [ 73.410894][ T5912] BTRFS info (device loop0): using free space tree [ 73.429064][ T5912] BTRFS info (device loop0): auto enabling async discard umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5930 ./strace-static-x86_64: Process 5930 attached [pid 5930] chdir("./46") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5930] munmap(0x7f1b58076000, 16777216) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] mkdir("./bus", 0777) = 0 [ 73.757261][ T5930] loop0: detected capacity change from 0 to 32768 [ 73.766313][ T5930] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5930) [ 73.783768][ T5930] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.792676][ T5930] BTRFS info (device loop0): doing ref verification [pid 5930] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5930] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./bus") = 0 [pid 5930] ioctl(4, LOOP_CLR_FD) = 0 [pid 5930] close(4) = 0 [pid 5930] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5930] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5930] exit_group(0) = ? [pid 5930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 73.799301][ T5930] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 73.810328][ T5930] BTRFS info (device loop0): force zlib compression, level 3 [ 73.817725][ T5930] BTRFS info (device loop0): allowing degraded mounts [ 73.824553][ T5930] BTRFS info (device loop0): using free space tree [ 73.841540][ T5930] BTRFS info (device loop0): auto enabling async discard umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5948 ./strace-static-x86_64: Process 5948 attached [pid 5948] chdir("./47") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] memfd_create("syzkaller", 0) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5948] munmap(0x7f1b58076000, 16777216) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] mkdir("./bus", 0777) = 0 [ 74.156642][ T5948] loop0: detected capacity change from 0 to 32768 [ 74.167389][ T5948] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5948) [ 74.184004][ T5948] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.193487][ T5948] BTRFS info (device loop0): doing ref verification [pid 5948] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5948] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./bus") = 0 [pid 5948] ioctl(4, LOOP_CLR_FD) = 0 [pid 5948] close(4) = 0 [pid 5948] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5948] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5948] exit_group(0) = ? [pid 5948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 [ 74.200319][ T5948] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 74.211360][ T5948] BTRFS info (device loop0): force zlib compression, level 3 [ 74.218882][ T5948] BTRFS info (device loop0): allowing degraded mounts [ 74.225939][ T5948] BTRFS info (device loop0): using free space tree [ 74.243176][ T5948] BTRFS info (device loop0): auto enabling async discard umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5966 ./strace-static-x86_64: Process 5966 attached [pid 5966] chdir("./48") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5966] memfd_create("syzkaller", 0) = 3 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5966] munmap(0x7f1b58076000, 16777216) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5966] close(3) = 0 [pid 5966] mkdir("./bus", 0777) = 0 [ 74.568677][ T5966] loop0: detected capacity change from 0 to 32768 [ 74.578541][ T5966] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5966) [ 74.595215][ T5966] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.604262][ T5966] BTRFS info (device loop0): doing ref verification [pid 5966] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5966] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5966] chdir("./bus") = 0 [pid 5966] ioctl(4, LOOP_CLR_FD) = 0 [pid 5966] close(4) = 0 [pid 5966] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5966] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5966] exit_group(0) = ? [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 [ 74.611229][ T5966] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 74.622234][ T5966] BTRFS info (device loop0): force zlib compression, level 3 [ 74.629619][ T5966] BTRFS info (device loop0): allowing degraded mounts [ 74.636829][ T5966] BTRFS info (device loop0): using free space tree [ 74.654067][ T5966] BTRFS info (device loop0): auto enabling async discard umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 5984 ./strace-static-x86_64: Process 5984 attached [pid 5984] chdir("./49") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5984] munmap(0x7f1b58076000, 16777216) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] close(3) = 0 [pid 5984] mkdir("./bus", 0777) = 0 [ 74.995524][ T5984] loop0: detected capacity change from 0 to 32768 [ 75.016302][ T5984] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (5984) [ 75.032897][ T5984] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.041918][ T5984] BTRFS info (device loop0): doing ref verification [ 75.048792][ T5984] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.060175][ T5984] BTRFS info (device loop0): force zlib compression, level 3 [ 75.067881][ T5984] BTRFS info (device loop0): allowing degraded mounts [ 75.075186][ T5984] BTRFS info (device loop0): using free space tree [pid 5984] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5984] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5984] chdir("./bus") = 0 [pid 5984] ioctl(4, LOOP_CLR_FD) = 0 [pid 5984] close(4) = 0 [pid 5984] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5984] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5984] exit_group(0) = ? [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 [ 75.093439][ T5984] BTRFS info (device loop0): auto enabling async discard umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6002 ./strace-static-x86_64: Process 6002 attached [pid 6002] chdir("./50") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6002] memfd_create("syzkaller", 0) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6002] munmap(0x7f1b58076000, 16777216) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6002] close(3) = 0 [pid 6002] mkdir("./bus", 0777) = 0 [ 75.418100][ T6002] loop0: detected capacity change from 0 to 32768 [ 75.427842][ T6002] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6002) [ 75.444740][ T6002] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.453775][ T6002] BTRFS info (device loop0): doing ref verification [pid 6002] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./bus") = 0 [pid 6002] ioctl(4, LOOP_CLR_FD) = 0 [pid 6002] close(4) = 0 [pid 6002] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6002] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6002] exit_group(0) = ? [pid 6002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 [ 75.460797][ T6002] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.472295][ T6002] BTRFS info (device loop0): force zlib compression, level 3 [ 75.480150][ T6002] BTRFS info (device loop0): allowing degraded mounts [ 75.487235][ T6002] BTRFS info (device loop0): using free space tree [ 75.506166][ T6002] BTRFS info (device loop0): auto enabling async discard umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6020 ./strace-static-x86_64: Process 6020 attached [pid 6020] chdir("./51") = 0 [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6020] setpgid(0, 0) = 0 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6020] write(3, "1000", 4) = 4 [pid 6020] close(3) = 0 [pid 6020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6020] memfd_create("syzkaller", 0) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6020] munmap(0x7f1b58076000, 16777216) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6020] close(3) = 0 [pid 6020] mkdir("./bus", 0777) = 0 [ 75.842359][ T6020] loop0: detected capacity change from 0 to 32768 [ 75.851366][ T6020] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6020) [ 75.868291][ T6020] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.877548][ T6020] BTRFS info (device loop0): doing ref verification [pid 6020] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6020] chdir("./bus") = 0 [pid 6020] ioctl(4, LOOP_CLR_FD) = 0 [pid 6020] close(4) = 0 [pid 6020] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6020] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6020] exit_group(0) = ? [pid 6020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.885225][ T6020] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.896271][ T6020] BTRFS info (device loop0): force zlib compression, level 3 [ 75.904086][ T6020] BTRFS info (device loop0): allowing degraded mounts [ 75.911051][ T6020] BTRFS info (device loop0): using free space tree [ 75.929462][ T6020] BTRFS info (device loop0): auto enabling async discard lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6038 ./strace-static-x86_64: Process 6038 attached [pid 6038] chdir("./52") = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6038] setpgid(0, 0) = 0 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6038] write(3, "1000", 4) = 4 [pid 6038] close(3) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6038] memfd_create("syzkaller", 0) = 3 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6038] munmap(0x7f1b58076000, 16777216) = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6038] close(3) = 0 [pid 6038] mkdir("./bus", 0777) = 0 [ 76.268851][ T6038] loop0: detected capacity change from 0 to 32768 [ 76.279840][ T6038] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6038) [ 76.296387][ T6038] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.305234][ T6038] BTRFS info (device loop0): doing ref verification [pid 6038] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6038] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6038] chdir("./bus") = 0 [pid 6038] ioctl(4, LOOP_CLR_FD) = 0 [pid 6038] close(4) = 0 [pid 6038] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6038] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6038] exit_group(0) = ? [pid 6038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 [ 76.311884][ T6038] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 76.322722][ T6038] BTRFS info (device loop0): force zlib compression, level 3 [ 76.330166][ T6038] BTRFS info (device loop0): allowing degraded mounts [ 76.336955][ T6038] BTRFS info (device loop0): using free space tree [ 76.354473][ T6038] BTRFS info (device loop0): auto enabling async discard umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6056 attached , child_tidptr=0x5555563e75d0) = 6056 [pid 6056] chdir("./53") = 0 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6056] setpgid(0, 0) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6056] write(3, "1000", 4) = 4 [pid 6056] close(3) = 0 [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6056] memfd_create("syzkaller", 0) = 3 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [ 76.555697][ T7] cfg80211: failed to load regulatory.db [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6056] munmap(0x7f1b58076000, 16777216) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6056] close(3) = 0 [pid 6056] mkdir("./bus", 0777) = 0 [ 76.686202][ T6056] loop0: detected capacity change from 0 to 32768 [ 76.695396][ T6056] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6056) [ 76.712293][ T6056] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.721263][ T6056] BTRFS info (device loop0): doing ref verification [pid 6056] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6056] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6056] chdir("./bus") = 0 [pid 6056] ioctl(4, LOOP_CLR_FD) = 0 [pid 6056] close(4) = 0 [pid 6056] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6056] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6056] exit_group(0) = ? [pid 6056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 76.727952][ T6056] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 76.738840][ T6056] BTRFS info (device loop0): force zlib compression, level 3 [ 76.746284][ T6056] BTRFS info (device loop0): allowing degraded mounts [ 76.753100][ T6056] BTRFS info (device loop0): using free space tree [ 76.769981][ T6056] BTRFS info (device loop0): auto enabling async discard umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6074 ./strace-static-x86_64: Process 6074 attached [pid 6074] chdir("./54") = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6074] setpgid(0, 0) = 0 [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6074] write(3, "1000", 4) = 4 [pid 6074] close(3) = 0 [pid 6074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6074] memfd_create("syzkaller", 0) = 3 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6074] munmap(0x7f1b58076000, 16777216) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6074] close(3) = 0 [pid 6074] mkdir("./bus", 0777) = 0 [ 77.113322][ T6074] loop0: detected capacity change from 0 to 32768 [ 77.122716][ T6074] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6074) [ 77.139694][ T6074] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.148598][ T6074] BTRFS info (device loop0): doing ref verification [pid 6074] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6074] chdir("./bus") = 0 [pid 6074] ioctl(4, LOOP_CLR_FD) = 0 [pid 6074] close(4) = 0 [pid 6074] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6074] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6074] exit_group(0) = ? [pid 6074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6074, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.155316][ T6074] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.166149][ T6074] BTRFS info (device loop0): force zlib compression, level 3 [ 77.173579][ T6074] BTRFS info (device loop0): allowing degraded mounts [ 77.180435][ T6074] BTRFS info (device loop0): using free space tree [ 77.198146][ T6074] BTRFS info (device loop0): auto enabling async discard lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6092 ./strace-static-x86_64: Process 6092 attached [pid 6092] chdir("./55") = 0 [pid 6092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6092] setpgid(0, 0) = 0 [pid 6092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6092] write(3, "1000", 4) = 4 [pid 6092] close(3) = 0 [pid 6092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6092] memfd_create("syzkaller", 0) = 3 [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6092] munmap(0x7f1b58076000, 16777216) = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6092] close(3) = 0 [pid 6092] mkdir("./bus", 0777) = 0 [ 77.527372][ T6092] loop0: detected capacity change from 0 to 32768 [ 77.547438][ T6092] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6092) [ 77.566766][ T6092] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.575935][ T6092] BTRFS info (device loop0): doing ref verification [ 77.582647][ T6092] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.593672][ T6092] BTRFS info (device loop0): force zlib compression, level 3 [ 77.601292][ T6092] BTRFS info (device loop0): allowing degraded mounts [ 77.608074][ T6092] BTRFS info (device loop0): using free space tree [pid 6092] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6092] chdir("./bus") = 0 [pid 6092] ioctl(4, LOOP_CLR_FD) = 0 [pid 6092] close(4) = 0 [pid 6092] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6092] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6092] exit_group(0) = ? [pid 6092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6092, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 77.625907][ T6092] BTRFS info (device loop0): auto enabling async discard fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6110 ./strace-static-x86_64: Process 6110 attached [pid 6110] chdir("./56") = 0 [pid 6110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6110] setpgid(0, 0) = 0 [pid 6110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6110] write(3, "1000", 4) = 4 [pid 6110] close(3) = 0 [pid 6110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6110] memfd_create("syzkaller", 0) = 3 [pid 6110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6110] munmap(0x7f1b58076000, 16777216) = 0 [pid 6110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6110] close(3) = 0 [pid 6110] mkdir("./bus", 0777) = 0 [ 77.963803][ T6110] loop0: detected capacity change from 0 to 32768 [ 77.974402][ T6110] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6110) [ 77.990914][ T6110] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.000010][ T6110] BTRFS info (device loop0): doing ref verification [pid 6110] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6110] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6110] chdir("./bus") = 0 [pid 6110] ioctl(4, LOOP_CLR_FD) = 0 [pid 6110] close(4) = 0 [pid 6110] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6110] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6110] exit_group(0) = ? [pid 6110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6110, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 [ 78.006759][ T6110] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.017829][ T6110] BTRFS info (device loop0): force zlib compression, level 3 [ 78.025788][ T6110] BTRFS info (device loop0): allowing degraded mounts [ 78.032822][ T6110] BTRFS info (device loop0): using free space tree [ 78.050664][ T6110] BTRFS info (device loop0): auto enabling async discard umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6128 ./strace-static-x86_64: Process 6128 attached [pid 6128] chdir("./57") = 0 [pid 6128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6128] setpgid(0, 0) = 0 [pid 6128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6128] write(3, "1000", 4) = 4 [pid 6128] close(3) = 0 [pid 6128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6128] memfd_create("syzkaller", 0) = 3 [pid 6128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6128] munmap(0x7f1b58076000, 16777216) = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6128] close(3) = 0 [pid 6128] mkdir("./bus", 0777) = 0 [ 78.377928][ T6128] loop0: detected capacity change from 0 to 32768 [ 78.389133][ T6128] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6128) [ 78.405597][ T6128] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.414489][ T6128] BTRFS info (device loop0): doing ref verification [pid 6128] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6128] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6128] chdir("./bus") = 0 [pid 6128] ioctl(4, LOOP_CLR_FD) = 0 [pid 6128] close(4) = 0 [pid 6128] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6128] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6128] exit_group(0) = ? [pid 6128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6128, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 [ 78.421533][ T6128] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.432963][ T6128] BTRFS info (device loop0): force zlib compression, level 3 [ 78.440718][ T6128] BTRFS info (device loop0): allowing degraded mounts [ 78.447543][ T6128] BTRFS info (device loop0): using free space tree [ 78.465825][ T6128] BTRFS info (device loop0): auto enabling async discard umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6146 ./strace-static-x86_64: Process 6146 attached [pid 6146] chdir("./58") = 0 [pid 6146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6146] setpgid(0, 0) = 0 [pid 6146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6146] write(3, "1000", 4) = 4 [pid 6146] close(3) = 0 [pid 6146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6146] memfd_create("syzkaller", 0) = 3 [pid 6146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6146] munmap(0x7f1b58076000, 16777216) = 0 [pid 6146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6146] close(3) = 0 [pid 6146] mkdir("./bus", 0777) = 0 [ 78.790288][ T6146] loop0: detected capacity change from 0 to 32768 [ 78.800418][ T6146] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6146) [ 78.817277][ T6146] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.826160][ T6146] BTRFS info (device loop0): doing ref verification [pid 6146] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6146] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6146] chdir("./bus") = 0 [pid 6146] ioctl(4, LOOP_CLR_FD) = 0 [pid 6146] close(4) = 0 [pid 6146] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6146] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6146] exit_group(0) = ? [pid 6146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6146, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.832886][ T6146] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.844444][ T6146] BTRFS info (device loop0): force zlib compression, level 3 [ 78.852092][ T6146] BTRFS info (device loop0): allowing degraded mounts [ 78.858927][ T6146] BTRFS info (device loop0): using free space tree [ 78.876738][ T6146] BTRFS info (device loop0): auto enabling async discard lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6164 ./strace-static-x86_64: Process 6164 attached [pid 6164] chdir("./59") = 0 [pid 6164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6164] setpgid(0, 0) = 0 [pid 6164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6164] write(3, "1000", 4) = 4 [pid 6164] close(3) = 0 [pid 6164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6164] memfd_create("syzkaller", 0) = 3 [pid 6164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6164] munmap(0x7f1b58076000, 16777216) = 0 [pid 6164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6164] close(3) = 0 [pid 6164] mkdir("./bus", 0777) = 0 [ 79.210172][ T6164] loop0: detected capacity change from 0 to 32768 [ 79.221237][ T6164] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6164) [ 79.237778][ T6164] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.246657][ T6164] BTRFS info (device loop0): doing ref verification [pid 6164] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6164] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6164] chdir("./bus") = 0 [pid 6164] ioctl(4, LOOP_CLR_FD) = 0 [pid 6164] close(4) = 0 [pid 6164] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6164] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6164] exit_group(0) = ? [pid 6164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6164, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 [ 79.253471][ T6164] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 79.264355][ T6164] BTRFS info (device loop0): force zlib compression, level 3 [ 79.273077][ T6164] BTRFS info (device loop0): allowing degraded mounts [ 79.280037][ T6164] BTRFS info (device loop0): using free space tree [ 79.297827][ T6164] BTRFS info (device loop0): auto enabling async discard umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6182 ./strace-static-x86_64: Process 6182 attached [pid 6182] chdir("./60") = 0 [pid 6182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6182] setpgid(0, 0) = 0 [pid 6182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6182] write(3, "1000", 4) = 4 [pid 6182] close(3) = 0 [pid 6182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6182] memfd_create("syzkaller", 0) = 3 [pid 6182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6182] munmap(0x7f1b58076000, 16777216) = 0 [pid 6182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6182] close(3) = 0 [pid 6182] mkdir("./bus", 0777) = 0 [ 79.618253][ T6182] loop0: detected capacity change from 0 to 32768 [ 79.632296][ T6182] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6182) [ 79.648944][ T6182] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.657830][ T6182] BTRFS info (device loop0): doing ref verification [pid 6182] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6182] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6182] chdir("./bus") = 0 [pid 6182] ioctl(4, LOOP_CLR_FD) = 0 [pid 6182] close(4) = 0 [pid 6182] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6182] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6182] exit_group(0) = ? [pid 6182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6182, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 [ 79.664493][ T6182] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 79.675394][ T6182] BTRFS info (device loop0): force zlib compression, level 3 [ 79.682971][ T6182] BTRFS info (device loop0): allowing degraded mounts [ 79.689826][ T6182] BTRFS info (device loop0): using free space tree [ 79.707723][ T6182] BTRFS info (device loop0): auto enabling async discard umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6200 ./strace-static-x86_64: Process 6200 attached [pid 6200] chdir("./61") = 0 [pid 6200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6200] setpgid(0, 0) = 0 [pid 6200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6200] write(3, "1000", 4) = 4 [pid 6200] close(3) = 0 [pid 6200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6200] memfd_create("syzkaller", 0) = 3 [pid 6200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6200] munmap(0x7f1b58076000, 16777216) = 0 [pid 6200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6200] close(3) = 0 [pid 6200] mkdir("./bus", 0777) = 0 [ 80.032457][ T6200] loop0: detected capacity change from 0 to 32768 [ 80.041780][ T6200] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6200) [ 80.058585][ T6200] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.067857][ T6200] BTRFS info (device loop0): doing ref verification [pid 6200] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6200] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6200] chdir("./bus") = 0 [pid 6200] ioctl(4, LOOP_CLR_FD) = 0 [pid 6200] close(4) = 0 [pid 6200] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6200] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6200] exit_group(0) = ? [pid 6200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6200, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 [ 80.074697][ T6200] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.085748][ T6200] BTRFS info (device loop0): force zlib compression, level 3 [ 80.093530][ T6200] BTRFS info (device loop0): allowing degraded mounts [ 80.100404][ T6200] BTRFS info (device loop0): using free space tree [ 80.116058][ T6200] BTRFS info (device loop0): auto enabling async discard umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6218 ./strace-static-x86_64: Process 6218 attached [pid 6218] chdir("./62") = 0 [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6218] setpgid(0, 0) = 0 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6218] write(3, "1000", 4) = 4 [pid 6218] close(3) = 0 [pid 6218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6218] memfd_create("syzkaller", 0) = 3 [pid 6218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6218] munmap(0x7f1b58076000, 16777216) = 0 [pid 6218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6218] close(3) = 0 [pid 6218] mkdir("./bus", 0777) = 0 [ 80.441679][ T6218] loop0: detected capacity change from 0 to 32768 [ 80.450682][ T6218] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6218) [ 80.466433][ T6218] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.476851][ T6218] BTRFS info (device loop0): doing ref verification [pid 6218] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6218] chdir("./bus") = 0 [pid 6218] ioctl(4, LOOP_CLR_FD) = 0 [pid 6218] close(4) = 0 [pid 6218] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6218] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6218] exit_group(0) = ? [pid 6218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 [ 80.483530][ T6218] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.494600][ T6218] BTRFS info (device loop0): force zlib compression, level 3 [ 80.502122][ T6218] BTRFS info (device loop0): allowing degraded mounts [ 80.508905][ T6218] BTRFS info (device loop0): using free space tree [ 80.527672][ T6218] BTRFS info (device loop0): auto enabling async discard umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6236 ./strace-static-x86_64: Process 6236 attached [pid 6236] chdir("./63") = 0 [pid 6236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6236] setpgid(0, 0) = 0 [pid 6236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6236] write(3, "1000", 4) = 4 [pid 6236] close(3) = 0 [pid 6236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6236] memfd_create("syzkaller", 0) = 3 [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6236] munmap(0x7f1b58076000, 16777216) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6236] close(3) = 0 [pid 6236] mkdir("./bus", 0777) = 0 [ 80.849279][ T6236] loop0: detected capacity change from 0 to 32768 [ 80.860415][ T6236] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6236) [ 80.877548][ T6236] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.886430][ T6236] BTRFS info (device loop0): doing ref verification [pid 6236] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6236] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6236] chdir("./bus") = 0 [pid 6236] ioctl(4, LOOP_CLR_FD) = 0 [pid 6236] close(4) = 0 [pid 6236] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6236] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6236] exit_group(0) = ? [pid 6236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6236, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 [ 80.893102][ T6236] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.903962][ T6236] BTRFS info (device loop0): force zlib compression, level 3 [ 80.911502][ T6236] BTRFS info (device loop0): allowing degraded mounts [ 80.918275][ T6236] BTRFS info (device loop0): using free space tree [ 80.936204][ T6236] BTRFS info (device loop0): auto enabling async discard umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6254 ./strace-static-x86_64: Process 6254 attached [pid 6254] chdir("./64") = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6254] setpgid(0, 0) = 0 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6254] write(3, "1000", 4) = 4 [pid 6254] close(3) = 0 [pid 6254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6254] memfd_create("syzkaller", 0) = 3 [pid 6254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6254] munmap(0x7f1b58076000, 16777216) = 0 [pid 6254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6254] close(3) = 0 [pid 6254] mkdir("./bus", 0777) = 0 [ 81.261022][ T6254] loop0: detected capacity change from 0 to 32768 [ 81.270823][ T6254] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6254) [ 81.287340][ T6254] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.296190][ T6254] BTRFS info (device loop0): doing ref verification [pid 6254] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6254] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6254] chdir("./bus") = 0 [pid 6254] ioctl(4, LOOP_CLR_FD) = 0 [pid 6254] close(4) = 0 [pid 6254] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6254] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6254] exit_group(0) = ? [pid 6254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 [ 81.302889][ T6254] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.313837][ T6254] BTRFS info (device loop0): force zlib compression, level 3 [ 81.321612][ T6254] BTRFS info (device loop0): allowing degraded mounts [ 81.328393][ T6254] BTRFS info (device loop0): using free space tree [ 81.346638][ T6254] BTRFS info (device loop0): auto enabling async discard umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6272 ./strace-static-x86_64: Process 6272 attached [pid 6272] chdir("./65") = 0 [pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6272] setpgid(0, 0) = 0 [pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6272] write(3, "1000", 4) = 4 [pid 6272] close(3) = 0 [pid 6272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6272] memfd_create("syzkaller", 0) = 3 [pid 6272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6272] munmap(0x7f1b58076000, 16777216) = 0 [pid 6272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6272] close(3) = 0 [pid 6272] mkdir("./bus", 0777) = 0 [ 81.664453][ T6272] loop0: detected capacity change from 0 to 32768 [ 81.675548][ T6272] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6272) [ 81.692274][ T6272] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.701170][ T6272] BTRFS info (device loop0): doing ref verification [pid 6272] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6272] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6272] chdir("./bus") = 0 [pid 6272] ioctl(4, LOOP_CLR_FD) = 0 [pid 6272] close(4) = 0 [pid 6272] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6272] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6272] exit_group(0) = ? [pid 6272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6272, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 [ 81.707774][ T6272] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.718703][ T6272] BTRFS info (device loop0): force zlib compression, level 3 [ 81.727215][ T6272] BTRFS info (device loop0): allowing degraded mounts [ 81.734864][ T6272] BTRFS info (device loop0): using free space tree [ 81.751141][ T6272] BTRFS info (device loop0): auto enabling async discard umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6290 ./strace-static-x86_64: Process 6290 attached [pid 6290] chdir("./66") = 0 [pid 6290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6290] setpgid(0, 0) = 0 [pid 6290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6290] write(3, "1000", 4) = 4 [pid 6290] close(3) = 0 [pid 6290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6290] memfd_create("syzkaller", 0) = 3 [pid 6290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6290] munmap(0x7f1b58076000, 16777216) = 0 [pid 6290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6290] close(3) = 0 [pid 6290] mkdir("./bus", 0777) = 0 [ 82.067874][ T6290] loop0: detected capacity change from 0 to 32768 [ 82.078332][ T6290] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6290) [ 82.095354][ T6290] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.104523][ T6290] BTRFS info (device loop0): doing ref verification [pid 6290] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6290] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6290] chdir("./bus") = 0 [pid 6290] ioctl(4, LOOP_CLR_FD) = 0 [pid 6290] close(4) = 0 [pid 6290] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6290] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6290] exit_group(0) = ? [pid 6290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6290, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 [ 82.111359][ T6290] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.122372][ T6290] BTRFS info (device loop0): force zlib compression, level 3 [ 82.130120][ T6290] BTRFS info (device loop0): allowing degraded mounts [ 82.136908][ T6290] BTRFS info (device loop0): using free space tree [ 82.153237][ T6290] BTRFS info (device loop0): auto enabling async discard umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6308 ./strace-static-x86_64: Process 6308 attached [pid 6308] chdir("./67") = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6308] memfd_create("syzkaller", 0) = 3 [pid 6308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6308] munmap(0x7f1b58076000, 16777216) = 0 [pid 6308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6308] close(3) = 0 [pid 6308] mkdir("./bus", 0777) = 0 [ 82.483359][ T6308] loop0: detected capacity change from 0 to 32768 [ 82.493587][ T6308] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6308) [ 82.509982][ T6308] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.518773][ T6308] BTRFS info (device loop0): doing ref verification [pid 6308] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6308] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6308] chdir("./bus") = 0 [pid 6308] ioctl(4, LOOP_CLR_FD) = 0 [pid 6308] close(4) = 0 [pid 6308] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6308] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6308] exit_group(0) = ? [pid 6308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 [ 82.525530][ T6308] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.536382][ T6308] BTRFS info (device loop0): force zlib compression, level 3 [ 82.544047][ T6308] BTRFS info (device loop0): allowing degraded mounts [ 82.550966][ T6308] BTRFS info (device loop0): using free space tree [ 82.568619][ T6308] BTRFS info (device loop0): auto enabling async discard umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6326 ./strace-static-x86_64: Process 6326 attached [pid 6326] chdir("./68") = 0 [pid 6326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6326] setpgid(0, 0) = 0 [pid 6326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6326] write(3, "1000", 4) = 4 [pid 6326] close(3) = 0 [pid 6326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6326] memfd_create("syzkaller", 0) = 3 [pid 6326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6326] munmap(0x7f1b58076000, 16777216) = 0 [pid 6326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6326] close(3) = 0 [pid 6326] mkdir("./bus", 0777) = 0 [ 82.902276][ T6326] loop0: detected capacity change from 0 to 32768 [ 82.911353][ T6326] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6326) [ 82.927939][ T6326] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.936962][ T6326] BTRFS info (device loop0): doing ref verification [pid 6326] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6326] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6326] chdir("./bus") = 0 [pid 6326] ioctl(4, LOOP_CLR_FD) = 0 [pid 6326] close(4) = 0 [pid 6326] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6326] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6326] exit_group(0) = ? [pid 6326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6326, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 [ 82.943661][ T6326] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.957205][ T6326] BTRFS info (device loop0): force zlib compression, level 3 [ 82.964708][ T6326] BTRFS info (device loop0): allowing degraded mounts [ 82.972971][ T6326] BTRFS info (device loop0): using free space tree [ 82.991272][ T6326] BTRFS info (device loop0): auto enabling async discard umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6344 ./strace-static-x86_64: Process 6344 attached [pid 6344] chdir("./69") = 0 [pid 6344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6344] setpgid(0, 0) = 0 [pid 6344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6344] write(3, "1000", 4) = 4 [pid 6344] close(3) = 0 [pid 6344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6344] memfd_create("syzkaller", 0) = 3 [pid 6344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6344] munmap(0x7f1b58076000, 16777216) = 0 [pid 6344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6344] close(3) = 0 [pid 6344] mkdir("./bus", 0777) = 0 [ 83.310200][ T6344] loop0: detected capacity change from 0 to 32768 [ 83.320588][ T6344] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6344) [ 83.337142][ T6344] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.346487][ T6344] BTRFS info (device loop0): doing ref verification [pid 6344] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6344] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6344] chdir("./bus") = 0 [pid 6344] ioctl(4, LOOP_CLR_FD) = 0 [pid 6344] close(4) = 0 [pid 6344] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6344] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6344] exit_group(0) = ? [pid 6344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6344, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 83.353427][ T6344] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.364498][ T6344] BTRFS info (device loop0): force zlib compression, level 3 [ 83.372316][ T6344] BTRFS info (device loop0): allowing degraded mounts [ 83.379133][ T6344] BTRFS info (device loop0): using free space tree [ 83.396979][ T6344] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6362 ./strace-static-x86_64: Process 6362 attached [pid 6362] chdir("./70") = 0 [pid 6362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6362] setpgid(0, 0) = 0 [pid 6362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6362] write(3, "1000", 4) = 4 [pid 6362] close(3) = 0 [pid 6362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6362] memfd_create("syzkaller", 0) = 3 [pid 6362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6362] munmap(0x7f1b58076000, 16777216) = 0 [pid 6362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6362] close(3) = 0 [pid 6362] mkdir("./bus", 0777) = 0 [ 83.729457][ T6362] loop0: detected capacity change from 0 to 32768 [ 83.743392][ T6362] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6362) [ 83.760357][ T6362] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.769245][ T6362] BTRFS info (device loop0): doing ref verification [pid 6362] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6362] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6362] chdir("./bus") = 0 [pid 6362] ioctl(4, LOOP_CLR_FD) = 0 [pid 6362] close(4) = 0 [ 83.775968][ T6362] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.786982][ T6362] BTRFS info (device loop0): force zlib compression, level 3 [ 83.794472][ T6362] BTRFS info (device loop0): allowing degraded mounts [ 83.801541][ T6362] BTRFS info (device loop0): using free space tree [ 83.819634][ T6362] BTRFS info (device loop0): auto enabling async discard [pid 6362] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6362] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6362] exit_group(0) = ? [pid 6362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6362, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6380 ./strace-static-x86_64: Process 6380 attached [pid 6380] chdir("./71") = 0 [pid 6380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6380] setpgid(0, 0) = 0 [pid 6380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6380] write(3, "1000", 4) = 4 [pid 6380] close(3) = 0 [pid 6380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6380] memfd_create("syzkaller", 0) = 3 [pid 6380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6380] munmap(0x7f1b58076000, 16777216) = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6380] close(3) = 0 [pid 6380] mkdir("./bus", 0777) = 0 [ 84.167473][ T6380] loop0: detected capacity change from 0 to 32768 [ 84.177436][ T6380] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6380) [ 84.195482][ T6380] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.204608][ T6380] BTRFS info (device loop0): doing ref verification [pid 6380] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6380] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6380] chdir("./bus") = 0 [pid 6380] ioctl(4, LOOP_CLR_FD) = 0 [pid 6380] close(4) = 0 [pid 6380] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6380] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6380] exit_group(0) = ? [pid 6380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6380, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 [ 84.211600][ T6380] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 84.222716][ T6380] BTRFS info (device loop0): force zlib compression, level 3 [ 84.230619][ T6380] BTRFS info (device loop0): allowing degraded mounts [ 84.237489][ T6380] BTRFS info (device loop0): using free space tree [ 84.256587][ T6380] BTRFS info (device loop0): auto enabling async discard umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6398 ./strace-static-x86_64: Process 6398 attached [pid 6398] chdir("./72") = 0 [pid 6398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6398] setpgid(0, 0) = 0 [pid 6398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6398] write(3, "1000", 4) = 4 [pid 6398] close(3) = 0 [pid 6398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6398] memfd_create("syzkaller", 0) = 3 [pid 6398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6398] munmap(0x7f1b58076000, 16777216) = 0 [pid 6398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6398] close(3) = 0 [pid 6398] mkdir("./bus", 0777) = 0 [ 84.583870][ T6398] loop0: detected capacity change from 0 to 32768 [ 84.594675][ T6398] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6398) [ 84.612048][ T6398] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.620916][ T6398] BTRFS info (device loop0): doing ref verification [pid 6398] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6398] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6398] chdir("./bus") = 0 [pid 6398] ioctl(4, LOOP_CLR_FD) = 0 [pid 6398] close(4) = 0 [pid 6398] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6398] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6398] exit_group(0) = ? [pid 6398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6398, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 [ 84.627667][ T6398] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 84.638651][ T6398] BTRFS info (device loop0): force zlib compression, level 3 [ 84.646148][ T6398] BTRFS info (device loop0): allowing degraded mounts [ 84.653024][ T6398] BTRFS info (device loop0): using free space tree [ 84.670513][ T6398] BTRFS info (device loop0): auto enabling async discard umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6416 ./strace-static-x86_64: Process 6416 attached [pid 6416] chdir("./73") = 0 [pid 6416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6416] setpgid(0, 0) = 0 [pid 6416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6416] write(3, "1000", 4) = 4 [pid 6416] close(3) = 0 [pid 6416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6416] memfd_create("syzkaller", 0) = 3 [pid 6416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6416] munmap(0x7f1b58076000, 16777216) = 0 [pid 6416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6416] close(3) = 0 [pid 6416] mkdir("./bus", 0777) = 0 [ 84.991566][ T6416] loop0: detected capacity change from 0 to 32768 [ 85.001161][ T6416] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6416) [ 85.017505][ T6416] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.026301][ T6416] BTRFS info (device loop0): doing ref verification [pid 6416] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6416] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6416] chdir("./bus") = 0 [pid 6416] ioctl(4, LOOP_CLR_FD) = 0 [pid 6416] close(4) = 0 [pid 6416] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6416] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6416] exit_group(0) = ? [pid 6416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6416, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 [ 85.033190][ T6416] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.044272][ T6416] BTRFS info (device loop0): force zlib compression, level 3 [ 85.051911][ T6416] BTRFS info (device loop0): allowing degraded mounts [ 85.058692][ T6416] BTRFS info (device loop0): using free space tree [ 85.076530][ T6416] BTRFS info (device loop0): auto enabling async discard umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6434 ./strace-static-x86_64: Process 6434 attached [pid 6434] chdir("./74") = 0 [pid 6434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6434] setpgid(0, 0) = 0 [pid 6434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6434] write(3, "1000", 4) = 4 [pid 6434] close(3) = 0 [pid 6434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6434] memfd_create("syzkaller", 0) = 3 [pid 6434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6434] munmap(0x7f1b58076000, 16777216) = 0 [pid 6434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6434] close(3) = 0 [pid 6434] mkdir("./bus", 0777) = 0 [ 85.399621][ T6434] loop0: detected capacity change from 0 to 32768 [ 85.410917][ T6434] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6434) [ 85.429137][ T6434] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.438136][ T6434] BTRFS info (device loop0): doing ref verification [pid 6434] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6434] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6434] chdir("./bus") = 0 [pid 6434] ioctl(4, LOOP_CLR_FD) = 0 [pid 6434] close(4) = 0 [pid 6434] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6434] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6434] exit_group(0) = ? [pid 6434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6434, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 [ 85.444810][ T6434] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.455938][ T6434] BTRFS info (device loop0): force zlib compression, level 3 [ 85.463568][ T6434] BTRFS info (device loop0): allowing degraded mounts [ 85.470412][ T6434] BTRFS info (device loop0): using free space tree [ 85.488415][ T6434] BTRFS info (device loop0): auto enabling async discard umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6452 ./strace-static-x86_64: Process 6452 attached [pid 6452] chdir("./75") = 0 [pid 6452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6452] setpgid(0, 0) = 0 [pid 6452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6452] write(3, "1000", 4) = 4 [pid 6452] close(3) = 0 [pid 6452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6452] memfd_create("syzkaller", 0) = 3 [pid 6452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6452] munmap(0x7f1b58076000, 16777216) = 0 [pid 6452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6452] close(3) = 0 [pid 6452] mkdir("./bus", 0777) = 0 [ 85.821680][ T6452] loop0: detected capacity change from 0 to 32768 [ 85.832262][ T6452] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6452) [ 85.848830][ T6452] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.857648][ T6452] BTRFS info (device loop0): doing ref verification [pid 6452] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6452] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6452] chdir("./bus") = 0 [pid 6452] ioctl(4, LOOP_CLR_FD) = 0 [pid 6452] close(4) = 0 [pid 6452] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6452] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6452] exit_group(0) = ? [pid 6452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6452, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 [ 85.864289][ T6452] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.875817][ T6452] BTRFS info (device loop0): force zlib compression, level 3 [ 85.884063][ T6452] BTRFS info (device loop0): allowing degraded mounts [ 85.890912][ T6452] BTRFS info (device loop0): using free space tree [ 85.907830][ T6452] BTRFS info (device loop0): auto enabling async discard umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6470 ./strace-static-x86_64: Process 6470 attached [pid 6470] chdir("./76") = 0 [pid 6470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6470] setpgid(0, 0) = 0 [pid 6470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6470] write(3, "1000", 4) = 4 [pid 6470] close(3) = 0 [pid 6470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6470] memfd_create("syzkaller", 0) = 3 [pid 6470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6470] munmap(0x7f1b58076000, 16777216) = 0 [pid 6470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6470] close(3) = 0 [pid 6470] mkdir("./bus", 0777) = 0 [ 86.235469][ T6470] loop0: detected capacity change from 0 to 32768 [ 86.246072][ T6470] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6470) [ 86.262750][ T6470] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.271555][ T6470] BTRFS info (device loop0): doing ref verification [pid 6470] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6470] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6470] chdir("./bus") = 0 [pid 6470] ioctl(4, LOOP_CLR_FD) = 0 [pid 6470] close(4) = 0 [pid 6470] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6470] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6470] exit_group(0) = ? [pid 6470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6470, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 [ 86.278177][ T6470] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.289033][ T6470] BTRFS info (device loop0): force zlib compression, level 3 [ 86.296499][ T6470] BTRFS info (device loop0): allowing degraded mounts [ 86.303339][ T6470] BTRFS info (device loop0): using free space tree [ 86.320905][ T6470] BTRFS info (device loop0): auto enabling async discard umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6488 ./strace-static-x86_64: Process 6488 attached [pid 6488] chdir("./77") = 0 [pid 6488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6488] setpgid(0, 0) = 0 [pid 6488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6488] write(3, "1000", 4) = 4 [pid 6488] close(3) = 0 [pid 6488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6488] memfd_create("syzkaller", 0) = 3 [pid 6488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6488] munmap(0x7f1b58076000, 16777216) = 0 [pid 6488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6488] close(3) = 0 [pid 6488] mkdir("./bus", 0777) = 0 [ 86.653884][ T6488] loop0: detected capacity change from 0 to 32768 [ 86.662876][ T6488] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6488) [ 86.679384][ T6488] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.688268][ T6488] BTRFS info (device loop0): doing ref verification [pid 6488] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6488] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6488] chdir("./bus") = 0 [pid 6488] ioctl(4, LOOP_CLR_FD) = 0 [pid 6488] close(4) = 0 [pid 6488] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6488] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6488] exit_group(0) = ? [pid 6488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6488, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 [ 86.694982][ T6488] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.705854][ T6488] BTRFS info (device loop0): force zlib compression, level 3 [ 86.713650][ T6488] BTRFS info (device loop0): allowing degraded mounts [ 86.720500][ T6488] BTRFS info (device loop0): using free space tree [ 86.737059][ T6488] BTRFS info (device loop0): auto enabling async discard umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6506 ./strace-static-x86_64: Process 6506 attached [pid 6506] chdir("./78") = 0 [pid 6506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6506] setpgid(0, 0) = 0 [pid 6506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6506] write(3, "1000", 4) = 4 [pid 6506] close(3) = 0 [pid 6506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6506] memfd_create("syzkaller", 0) = 3 [pid 6506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6506] munmap(0x7f1b58076000, 16777216) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6506] close(3) = 0 [pid 6506] mkdir("./bus", 0777) = 0 [ 87.049376][ T6506] loop0: detected capacity change from 0 to 32768 [ 87.061014][ T6506] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6506) [ 87.077332][ T6506] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.086192][ T6506] BTRFS info (device loop0): doing ref verification [pid 6506] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6506] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6506] chdir("./bus") = 0 [pid 6506] ioctl(4, LOOP_CLR_FD) = 0 [pid 6506] close(4) = 0 [pid 6506] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6506] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6506] exit_group(0) = ? [pid 6506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6506, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 [ 87.092919][ T6506] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 87.103812][ T6506] BTRFS info (device loop0): force zlib compression, level 3 [ 87.111384][ T6506] BTRFS info (device loop0): allowing degraded mounts [ 87.118181][ T6506] BTRFS info (device loop0): using free space tree [ 87.134605][ T6506] BTRFS info (device loop0): auto enabling async discard umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6524 ./strace-static-x86_64: Process 6524 attached [pid 6524] chdir("./79") = 0 [pid 6524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6524] setpgid(0, 0) = 0 [pid 6524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6524] write(3, "1000", 4) = 4 [pid 6524] close(3) = 0 [pid 6524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6524] memfd_create("syzkaller", 0) = 3 [pid 6524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6524] munmap(0x7f1b58076000, 16777216) = 0 [pid 6524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6524] close(3) = 0 [pid 6524] mkdir("./bus", 0777) = 0 [ 87.456262][ T6524] loop0: detected capacity change from 0 to 32768 [ 87.465599][ T6524] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6524) [ 87.481911][ T6524] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.490704][ T6524] BTRFS info (device loop0): doing ref verification [pid 6524] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6524] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6524] chdir("./bus") = 0 [pid 6524] ioctl(4, LOOP_CLR_FD) = 0 [pid 6524] close(4) = 0 [pid 6524] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6524] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6524] exit_group(0) = ? [pid 6524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6524, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 [ 87.497305][ T6524] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 87.508155][ T6524] BTRFS info (device loop0): force zlib compression, level 3 [ 87.515657][ T6524] BTRFS info (device loop0): allowing degraded mounts [ 87.522513][ T6524] BTRFS info (device loop0): using free space tree [ 87.538532][ T6524] BTRFS info (device loop0): auto enabling async discard umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6542 ./strace-static-x86_64: Process 6542 attached [pid 6542] chdir("./80") = 0 [pid 6542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6542] setpgid(0, 0) = 0 [pid 6542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6542] write(3, "1000", 4) = 4 [pid 6542] close(3) = 0 [pid 6542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6542] memfd_create("syzkaller", 0) = 3 [pid 6542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6542] munmap(0x7f1b58076000, 16777216) = 0 [pid 6542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6542] close(3) = 0 [pid 6542] mkdir("./bus", 0777) = 0 [ 87.867445][ T6542] loop0: detected capacity change from 0 to 32768 [ 87.877745][ T6542] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6542) [ 87.894663][ T6542] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.903658][ T6542] BTRFS info (device loop0): doing ref verification [pid 6542] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6542] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6542] chdir("./bus") = 0 [pid 6542] ioctl(4, LOOP_CLR_FD) = 0 [pid 6542] close(4) = 0 [pid 6542] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6542] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6542] exit_group(0) = ? [pid 6542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6542, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 [ 87.910564][ T6542] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 87.921664][ T6542] BTRFS info (device loop0): force zlib compression, level 3 [ 87.929068][ T6542] BTRFS info (device loop0): allowing degraded mounts [ 87.936343][ T6542] BTRFS info (device loop0): using free space tree [ 87.953749][ T6542] BTRFS info (device loop0): auto enabling async discard umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6560 attached , child_tidptr=0x5555563e75d0) = 6560 [pid 6560] chdir("./81") = 0 [pid 6560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6560] setpgid(0, 0) = 0 [pid 6560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6560] write(3, "1000", 4) = 4 [pid 6560] close(3) = 0 [pid 6560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6560] memfd_create("syzkaller", 0) = 3 [pid 6560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6560] munmap(0x7f1b58076000, 16777216) = 0 [pid 6560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6560] close(3) = 0 [pid 6560] mkdir("./bus", 0777) = 0 [ 88.292596][ T6560] loop0: detected capacity change from 0 to 32768 [ 88.301662][ T6560] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6560) [ 88.317943][ T6560] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.326785][ T6560] BTRFS info (device loop0): doing ref verification [pid 6560] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6560] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6560] chdir("./bus") = 0 [pid 6560] ioctl(4, LOOP_CLR_FD) = 0 [pid 6560] close(4) = 0 [pid 6560] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6560] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6560] exit_group(0) = ? [pid 6560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6560, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 [ 88.333462][ T6560] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 88.344716][ T6560] BTRFS info (device loop0): force zlib compression, level 3 [ 88.352198][ T6560] BTRFS info (device loop0): allowing degraded mounts [ 88.358997][ T6560] BTRFS info (device loop0): using free space tree [ 88.376528][ T6560] BTRFS info (device loop0): auto enabling async discard umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6578 ./strace-static-x86_64: Process 6578 attached [pid 6578] chdir("./82") = 0 [pid 6578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] setpgid(0, 0) = 0 [pid 6578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6578] write(3, "1000", 4) = 4 [pid 6578] close(3) = 0 [pid 6578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6578] memfd_create("syzkaller", 0) = 3 [pid 6578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6578] munmap(0x7f1b58076000, 16777216) = 0 [pid 6578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6578] close(3) = 0 [pid 6578] mkdir("./bus", 0777) = 0 [ 88.701705][ T6578] loop0: detected capacity change from 0 to 32768 [ 88.713292][ T6578] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6578) [ 88.730115][ T6578] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.738952][ T6578] BTRFS info (device loop0): doing ref verification [pid 6578] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6578] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6578] chdir("./bus") = 0 [pid 6578] ioctl(4, LOOP_CLR_FD) = 0 [pid 6578] close(4) = 0 [pid 6578] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6578] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6578] exit_group(0) = ? [pid 6578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6578, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 [ 88.745717][ T6578] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 88.756579][ T6578] BTRFS info (device loop0): force zlib compression, level 3 [ 88.764038][ T6578] BTRFS info (device loop0): allowing degraded mounts [ 88.770987][ T6578] BTRFS info (device loop0): using free space tree [ 88.790274][ T6578] BTRFS info (device loop0): auto enabling async discard umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6596 ./strace-static-x86_64: Process 6596 attached [pid 6596] chdir("./83") = 0 [pid 6596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6596] setpgid(0, 0) = 0 [pid 6596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6596] write(3, "1000", 4) = 4 [pid 6596] close(3) = 0 [pid 6596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6596] memfd_create("syzkaller", 0) = 3 [pid 6596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6596] munmap(0x7f1b58076000, 16777216) = 0 [pid 6596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6596] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6596] close(3) = 0 [pid 6596] mkdir("./bus", 0777) = 0 [ 89.135213][ T6596] loop0: detected capacity change from 0 to 32768 [ 89.146023][ T6596] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6596) [ 89.161714][ T6596] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.170577][ T6596] BTRFS info (device loop0): doing ref verification [pid 6596] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6596] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6596] chdir("./bus") = 0 [pid 6596] ioctl(4, LOOP_CLR_FD) = 0 [pid 6596] close(4) = 0 [pid 6596] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6596] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6596] exit_group(0) = ? [pid 6596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6596, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 [ 89.177384][ T6596] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 89.188254][ T6596] BTRFS info (device loop0): force zlib compression, level 3 [ 89.195954][ T6596] BTRFS info (device loop0): allowing degraded mounts [ 89.202809][ T6596] BTRFS info (device loop0): using free space tree [ 89.220633][ T6596] BTRFS info (device loop0): auto enabling async discard umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6614 ./strace-static-x86_64: Process 6614 attached [pid 6614] chdir("./84") = 0 [pid 6614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6614] setpgid(0, 0) = 0 [pid 6614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6614] write(3, "1000", 4) = 4 [pid 6614] close(3) = 0 [pid 6614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6614] memfd_create("syzkaller", 0) = 3 [pid 6614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6614] munmap(0x7f1b58076000, 16777216) = 0 [pid 6614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6614] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6614] close(3) = 0 [pid 6614] mkdir("./bus", 0777) = 0 [ 89.557463][ T6614] loop0: detected capacity change from 0 to 32768 [ 89.567584][ T6614] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6614) [ 89.583750][ T6614] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.592589][ T6614] BTRFS info (device loop0): doing ref verification [pid 6614] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6614] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6614] chdir("./bus") = 0 [pid 6614] ioctl(4, LOOP_CLR_FD) = 0 [pid 6614] close(4) = 0 [pid 6614] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6614] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6614] exit_group(0) = ? [pid 6614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6614, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 [ 89.599220][ T6614] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 89.610067][ T6614] BTRFS info (device loop0): force zlib compression, level 3 [ 89.617471][ T6614] BTRFS info (device loop0): allowing degraded mounts [ 89.624303][ T6614] BTRFS info (device loop0): using free space tree [ 89.642502][ T6614] BTRFS info (device loop0): auto enabling async discard umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6632 ./strace-static-x86_64: Process 6632 attached [pid 6632] chdir("./85") = 0 [pid 6632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6632] setpgid(0, 0) = 0 [pid 6632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6632] write(3, "1000", 4) = 4 [pid 6632] close(3) = 0 [pid 6632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6632] memfd_create("syzkaller", 0) = 3 [pid 6632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6632] munmap(0x7f1b58076000, 16777216) = 0 [pid 6632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6632] close(3) = 0 [pid 6632] mkdir("./bus", 0777) = 0 [ 89.961168][ T6632] loop0: detected capacity change from 0 to 32768 [ 89.970377][ T6632] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6632) [ 89.986572][ T6632] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.995385][ T6632] BTRFS info (device loop0): doing ref verification [pid 6632] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6632] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6632] chdir("./bus") = 0 [pid 6632] ioctl(4, LOOP_CLR_FD) = 0 [pid 6632] close(4) = 0 [pid 6632] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6632] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6632] exit_group(0) = ? [pid 6632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6632, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=14 /* 0.14 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 [ 90.002081][ T6632] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 90.013152][ T6632] BTRFS info (device loop0): force zlib compression, level 3 [ 90.020597][ T6632] BTRFS info (device loop0): allowing degraded mounts [ 90.027365][ T6632] BTRFS info (device loop0): using free space tree [ 90.044542][ T6632] BTRFS info (device loop0): auto enabling async discard umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6650 ./strace-static-x86_64: Process 6650 attached [pid 6650] chdir("./86") = 0 [pid 6650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6650] setpgid(0, 0) = 0 [pid 6650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6650] write(3, "1000", 4) = 4 [pid 6650] close(3) = 0 [pid 6650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6650] memfd_create("syzkaller", 0) = 3 [pid 6650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6650] munmap(0x7f1b58076000, 16777216) = 0 [pid 6650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6650] close(3) = 0 [pid 6650] mkdir("./bus", 0777) = 0 [ 90.388760][ T6650] loop0: detected capacity change from 0 to 32768 [ 90.398128][ T6650] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6650) [ 90.414136][ T6650] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.423248][ T6650] BTRFS info (device loop0): doing ref verification [pid 6650] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6650] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6650] chdir("./bus") = 0 [pid 6650] ioctl(4, LOOP_CLR_FD) = 0 [pid 6650] close(4) = 0 [pid 6650] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6650] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6650] exit_group(0) = ? [pid 6650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6650, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 [ 90.430296][ T6650] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 90.441551][ T6650] BTRFS info (device loop0): force zlib compression, level 3 [ 90.449967][ T6650] BTRFS info (device loop0): allowing degraded mounts [ 90.456765][ T6650] BTRFS info (device loop0): using free space tree [ 90.473380][ T6650] BTRFS info (device loop0): auto enabling async discard umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6668 ./strace-static-x86_64: Process 6668 attached [pid 6668] chdir("./87") = 0 [pid 6668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6668] setpgid(0, 0) = 0 [pid 6668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6668] write(3, "1000", 4) = 4 [pid 6668] close(3) = 0 [pid 6668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6668] memfd_create("syzkaller", 0) = 3 [pid 6668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6668] munmap(0x7f1b58076000, 16777216) = 0 [pid 6668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6668] close(3) = 0 [pid 6668] mkdir("./bus", 0777) = 0 [ 90.805455][ T6668] loop0: detected capacity change from 0 to 32768 [ 90.815781][ T6668] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6668) [ 90.832501][ T6668] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.841395][ T6668] BTRFS info (device loop0): doing ref verification [pid 6668] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6668] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6668] chdir("./bus") = 0 [pid 6668] ioctl(4, LOOP_CLR_FD) = 0 [pid 6668] close(4) = 0 [pid 6668] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6668] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6668] exit_group(0) = ? [pid 6668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6668, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 90.848074][ T6668] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 90.859014][ T6668] BTRFS info (device loop0): force zlib compression, level 3 [ 90.866501][ T6668] BTRFS info (device loop0): allowing degraded mounts [ 90.873338][ T6668] BTRFS info (device loop0): using free space tree [ 90.890995][ T6668] BTRFS info (device loop0): auto enabling async discard unlink("./87/binderfs") = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6686 ./strace-static-x86_64: Process 6686 attached [pid 6686] chdir("./88") = 0 [pid 6686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6686] setpgid(0, 0) = 0 [pid 6686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6686] write(3, "1000", 4) = 4 [pid 6686] close(3) = 0 [pid 6686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6686] memfd_create("syzkaller", 0) = 3 [pid 6686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6686] munmap(0x7f1b58076000, 16777216) = 0 [pid 6686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6686] close(3) = 0 [pid 6686] mkdir("./bus", 0777) = 0 [ 91.232860][ T6686] loop0: detected capacity change from 0 to 32768 [ 91.242454][ T6686] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6686) [ 91.259211][ T6686] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.268377][ T6686] BTRFS info (device loop0): doing ref verification [pid 6686] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6686] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6686] chdir("./bus") = 0 [pid 6686] ioctl(4, LOOP_CLR_FD) = 0 [pid 6686] close(4) = 0 [pid 6686] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6686] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6686] exit_group(0) = ? [pid 6686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6686, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.275271][ T6686] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 91.286187][ T6686] BTRFS info (device loop0): force zlib compression, level 3 [ 91.293915][ T6686] BTRFS info (device loop0): allowing degraded mounts [ 91.301546][ T6686] BTRFS info (device loop0): using free space tree [ 91.320551][ T6686] BTRFS info (device loop0): auto enabling async discard lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6704 ./strace-static-x86_64: Process 6704 attached [pid 6704] chdir("./89") = 0 [pid 6704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6704] setpgid(0, 0) = 0 [pid 6704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6704] write(3, "1000", 4) = 4 [pid 6704] close(3) = 0 [pid 6704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6704] memfd_create("syzkaller", 0) = 3 [pid 6704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6704] munmap(0x7f1b58076000, 16777216) = 0 [pid 6704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6704] close(3) = 0 [pid 6704] mkdir("./bus", 0777) = 0 [ 91.639638][ T6704] loop0: detected capacity change from 0 to 32768 [ 91.650444][ T6704] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6704) [ 91.666421][ T6704] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.675834][ T6704] BTRFS info (device loop0): doing ref verification [pid 6704] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6704] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6704] chdir("./bus") = 0 [pid 6704] ioctl(4, LOOP_CLR_FD) = 0 [pid 6704] close(4) = 0 [pid 6704] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6704] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6704] exit_group(0) = ? [pid 6704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6704, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 [ 91.683013][ T6704] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 91.694879][ T6704] BTRFS info (device loop0): force zlib compression, level 3 [ 91.702825][ T6704] BTRFS info (device loop0): allowing degraded mounts [ 91.710202][ T6704] BTRFS info (device loop0): using free space tree [ 91.731183][ T6704] BTRFS info (device loop0): auto enabling async discard umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6722 ./strace-static-x86_64: Process 6722 attached [pid 6722] chdir("./90") = 0 [pid 6722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6722] setpgid(0, 0) = 0 [pid 6722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6722] write(3, "1000", 4) = 4 [pid 6722] close(3) = 0 [pid 6722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6722] memfd_create("syzkaller", 0) = 3 [pid 6722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6722] munmap(0x7f1b58076000, 16777216) = 0 [pid 6722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6722] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6722] close(3) = 0 [pid 6722] mkdir("./bus", 0777) = 0 [ 92.055189][ T6722] loop0: detected capacity change from 0 to 32768 [ 92.065344][ T6722] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6722) [ 92.082095][ T6722] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.090888][ T6722] BTRFS info (device loop0): doing ref verification [pid 6722] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6722] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6722] chdir("./bus") = 0 [pid 6722] ioctl(4, LOOP_CLR_FD) = 0 [pid 6722] close(4) = 0 [pid 6722] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6722] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6722] exit_group(0) = ? [pid 6722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6722, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 92.097489][ T6722] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 92.108545][ T6722] BTRFS info (device loop0): force zlib compression, level 3 [ 92.116152][ T6722] BTRFS info (device loop0): allowing degraded mounts [ 92.123260][ T6722] BTRFS info (device loop0): using free space tree [ 92.139805][ T6722] BTRFS info (device loop0): auto enabling async discard unlink("./90/binderfs") = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6740 ./strace-static-x86_64: Process 6740 attached [pid 6740] chdir("./91") = 0 [pid 6740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6740] setpgid(0, 0) = 0 [pid 6740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6740] write(3, "1000", 4) = 4 [pid 6740] close(3) = 0 [pid 6740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6740] memfd_create("syzkaller", 0) = 3 [pid 6740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6740] munmap(0x7f1b58076000, 16777216) = 0 [pid 6740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6740] close(3) = 0 [pid 6740] mkdir("./bus", 0777) = 0 [ 92.470232][ T6740] loop0: detected capacity change from 0 to 32768 [ 92.479754][ T6740] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6740) [ 92.496216][ T6740] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.505026][ T6740] BTRFS info (device loop0): doing ref verification [pid 6740] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6740] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6740] chdir("./bus") = 0 [pid 6740] ioctl(4, LOOP_CLR_FD) = 0 [pid 6740] close(4) = 0 [pid 6740] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6740] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6740] exit_group(0) = ? [pid 6740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6740, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 [ 92.511676][ T6740] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 92.522494][ T6740] BTRFS info (device loop0): force zlib compression, level 3 [ 92.529952][ T6740] BTRFS info (device loop0): allowing degraded mounts [ 92.536723][ T6740] BTRFS info (device loop0): using free space tree [ 92.556610][ T6740] BTRFS info (device loop0): auto enabling async discard umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6758 ./strace-static-x86_64: Process 6758 attached [pid 6758] chdir("./92") = 0 [pid 6758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6758] setpgid(0, 0) = 0 [pid 6758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6758] write(3, "1000", 4) = 4 [pid 6758] close(3) = 0 [pid 6758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6758] memfd_create("syzkaller", 0) = 3 [pid 6758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6758] munmap(0x7f1b58076000, 16777216) = 0 [pid 6758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6758] close(3) = 0 [pid 6758] mkdir("./bus", 0777) = 0 [ 92.878311][ T6758] loop0: detected capacity change from 0 to 32768 [ 92.889169][ T6758] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6758) [ 92.904964][ T6758] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.914083][ T6758] BTRFS info (device loop0): doing ref verification [pid 6758] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6758] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6758] chdir("./bus") = 0 [pid 6758] ioctl(4, LOOP_CLR_FD) = 0 [pid 6758] close(4) = 0 [pid 6758] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6758] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6758] exit_group(0) = ? [pid 6758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6758, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 [ 92.920787][ T6758] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 92.931634][ T6758] BTRFS info (device loop0): force zlib compression, level 3 [ 92.939146][ T6758] BTRFS info (device loop0): allowing degraded mounts [ 92.946133][ T6758] BTRFS info (device loop0): using free space tree [ 92.963302][ T6758] BTRFS info (device loop0): auto enabling async discard umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6777 ./strace-static-x86_64: Process 6777 attached [pid 6777] chdir("./93") = 0 [pid 6777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6777] setpgid(0, 0) = 0 [pid 6777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6777] write(3, "1000", 4) = 4 [pid 6777] close(3) = 0 [pid 6777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6777] memfd_create("syzkaller", 0) = 3 [pid 6777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6777] munmap(0x7f1b58076000, 16777216) = 0 [pid 6777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6777] close(3) = 0 [pid 6777] mkdir("./bus", 0777) = 0 [ 93.287094][ T6777] loop0: detected capacity change from 0 to 32768 [ 93.297639][ T6777] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6777) [ 93.314177][ T6777] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.323263][ T6777] BTRFS info (device loop0): doing ref verification [pid 6777] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6777] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6777] chdir("./bus") = 0 [pid 6777] ioctl(4, LOOP_CLR_FD) = 0 [pid 6777] close(4) = 0 [pid 6777] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6777] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6777] exit_group(0) = ? [pid 6777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6777, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 [ 93.330534][ T6777] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 93.341678][ T6777] BTRFS info (device loop0): force zlib compression, level 3 [ 93.349267][ T6777] BTRFS info (device loop0): allowing degraded mounts [ 93.356130][ T6777] BTRFS info (device loop0): using free space tree [ 93.373414][ T6777] BTRFS info (device loop0): auto enabling async discard umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6795 ./strace-static-x86_64: Process 6795 attached [pid 6795] chdir("./94") = 0 [pid 6795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6795] setpgid(0, 0) = 0 [pid 6795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6795] write(3, "1000", 4) = 4 [pid 6795] close(3) = 0 [pid 6795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6795] memfd_create("syzkaller", 0) = 3 [pid 6795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6795] munmap(0x7f1b58076000, 16777216) = 0 [pid 6795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6795] close(3) = 0 [pid 6795] mkdir("./bus", 0777) = 0 [ 93.686091][ T6795] loop0: detected capacity change from 0 to 32768 [ 93.697252][ T6795] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6795) [ 93.712615][ T6795] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.721423][ T6795] BTRFS info (device loop0): doing ref verification [pid 6795] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6795] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6795] chdir("./bus") = 0 [pid 6795] ioctl(4, LOOP_CLR_FD) = 0 [pid 6795] close(4) = 0 [pid 6795] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6795] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6795] exit_group(0) = ? [pid 6795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6795, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=16 /* 0.16 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 [ 93.728438][ T6795] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 93.740198][ T6795] BTRFS info (device loop0): force zlib compression, level 3 [ 93.747622][ T6795] BTRFS info (device loop0): allowing degraded mounts [ 93.754511][ T6795] BTRFS info (device loop0): using free space tree [ 93.771720][ T6795] BTRFS info (device loop0): auto enabling async discard umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6815 ./strace-static-x86_64: Process 6815 attached [pid 6815] chdir("./95") = 0 [pid 6815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6815] setpgid(0, 0) = 0 [pid 6815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6815] write(3, "1000", 4) = 4 [pid 6815] close(3) = 0 [pid 6815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6815] memfd_create("syzkaller", 0) = 3 [pid 6815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6815] munmap(0x7f1b58076000, 16777216) = 0 [pid 6815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6815] close(3) = 0 [pid 6815] mkdir("./bus", 0777) = 0 [ 94.118110][ T6815] loop0: detected capacity change from 0 to 32768 [ 94.127378][ T6815] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6815) [ 94.143069][ T6815] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.151880][ T6815] BTRFS info (device loop0): doing ref verification [pid 6815] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6815] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6815] chdir("./bus") = 0 [pid 6815] ioctl(4, LOOP_CLR_FD) = 0 [pid 6815] close(4) = 0 [pid 6815] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6815] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6815] exit_group(0) = ? [pid 6815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6815, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 [ 94.158491][ T6815] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 94.169341][ T6815] BTRFS info (device loop0): force zlib compression, level 3 [ 94.176764][ T6815] BTRFS info (device loop0): allowing degraded mounts [ 94.183581][ T6815] BTRFS info (device loop0): using free space tree [ 94.199775][ T6815] BTRFS info (device loop0): auto enabling async discard umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6835 ./strace-static-x86_64: Process 6835 attached [pid 6835] chdir("./96") = 0 [pid 6835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6835] setpgid(0, 0) = 0 [pid 6835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6835] write(3, "1000", 4) = 4 [pid 6835] close(3) = 0 [pid 6835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6835] memfd_create("syzkaller", 0) = 3 [pid 6835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6835] munmap(0x7f1b58076000, 16777216) = 0 [pid 6835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6835] close(3) = 0 [pid 6835] mkdir("./bus", 0777) = 0 [ 94.528125][ T6835] loop0: detected capacity change from 0 to 32768 [ 94.538483][ T6835] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6835) [ 94.553636][ T6835] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.562694][ T6835] BTRFS info (device loop0): doing ref verification [pid 6835] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6835] chdir("./bus") = 0 [pid 6835] ioctl(4, LOOP_CLR_FD) = 0 [pid 6835] close(4) = 0 [pid 6835] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6835] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6835] exit_group(0) = ? [pid 6835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6835, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 [ 94.569307][ T6835] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 94.580196][ T6835] BTRFS info (device loop0): force zlib compression, level 3 [ 94.587598][ T6835] BTRFS info (device loop0): allowing degraded mounts [ 94.594446][ T6835] BTRFS info (device loop0): using free space tree [ 94.612019][ T6835] BTRFS info (device loop0): auto enabling async discard umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6853 ./strace-static-x86_64: Process 6853 attached [pid 6853] chdir("./97") = 0 [pid 6853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6853] setpgid(0, 0) = 0 [pid 6853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6853] write(3, "1000", 4) = 4 [pid 6853] close(3) = 0 [pid 6853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6853] memfd_create("syzkaller", 0) = 3 [pid 6853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6853] munmap(0x7f1b58076000, 16777216) = 0 [pid 6853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6853] close(3) = 0 [pid 6853] mkdir("./bus", 0777) = 0 [ 94.952881][ T6853] loop0: detected capacity change from 0 to 32768 [ 94.962575][ T6853] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6853) [ 94.978467][ T6853] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.987757][ T6853] BTRFS info (device loop0): doing ref verification [pid 6853] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6853] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6853] chdir("./bus") = 0 [pid 6853] ioctl(4, LOOP_CLR_FD) = 0 [pid 6853] close(4) = 0 [pid 6853] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6853] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6853] exit_group(0) = ? [pid 6853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6853, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 [ 94.994456][ T6853] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 95.005388][ T6853] BTRFS info (device loop0): force zlib compression, level 3 [ 95.012878][ T6853] BTRFS info (device loop0): allowing degraded mounts [ 95.019685][ T6853] BTRFS info (device loop0): using free space tree [ 95.037502][ T6853] BTRFS info (device loop0): auto enabling async discard umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6872 ./strace-static-x86_64: Process 6872 attached [pid 6872] chdir("./98") = 0 [pid 6872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6872] setpgid(0, 0) = 0 [pid 6872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6872] write(3, "1000", 4) = 4 [pid 6872] close(3) = 0 [pid 6872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6872] memfd_create("syzkaller", 0) = 3 [pid 6872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6872] munmap(0x7f1b58076000, 16777216) = 0 [pid 6872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6872] close(3) = 0 [pid 6872] mkdir("./bus", 0777) = 0 [ 95.355311][ T6872] loop0: detected capacity change from 0 to 32768 [ 95.365572][ T6872] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6872) [ 95.380564][ T6872] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.389315][ T6872] BTRFS info (device loop0): doing ref verification [pid 6872] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6872] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6872] chdir("./bus") = 0 [pid 6872] ioctl(4, LOOP_CLR_FD) = 0 [pid 6872] close(4) = 0 [pid 6872] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6872] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6872] exit_group(0) = ? [pid 6872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6872, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 [ 95.396116][ T6872] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 95.407066][ T6872] BTRFS info (device loop0): force zlib compression, level 3 [ 95.414707][ T6872] BTRFS info (device loop0): allowing degraded mounts [ 95.421918][ T6872] BTRFS info (device loop0): using free space tree [ 95.439212][ T6872] BTRFS info (device loop0): auto enabling async discard umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6890 ./strace-static-x86_64: Process 6890 attached [pid 6890] chdir("./99") = 0 [pid 6890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6890] setpgid(0, 0) = 0 [pid 6890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6890] write(3, "1000", 4) = 4 [pid 6890] close(3) = 0 [pid 6890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6890] memfd_create("syzkaller", 0) = 3 [pid 6890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6890] munmap(0x7f1b58076000, 16777216) = 0 [pid 6890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6890] close(3) = 0 [pid 6890] mkdir("./bus", 0777) = 0 [ 95.763316][ T6890] loop0: detected capacity change from 0 to 32768 [ 95.773845][ T6890] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6890) [ 95.790408][ T6890] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.799148][ T6890] BTRFS info (device loop0): doing ref verification [pid 6890] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6890] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6890] chdir("./bus") = 0 [pid 6890] ioctl(4, LOOP_CLR_FD) = 0 [pid 6890] close(4) = 0 [pid 6890] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6890] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6890] exit_group(0) = ? [pid 6890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6890, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 [ 95.805944][ T6890] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 95.816794][ T6890] BTRFS info (device loop0): force zlib compression, level 3 [ 95.824259][ T6890] BTRFS info (device loop0): allowing degraded mounts [ 95.831201][ T6890] BTRFS info (device loop0): using free space tree [ 95.848358][ T6890] BTRFS info (device loop0): auto enabling async discard umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6908 ./strace-static-x86_64: Process 6908 attached [pid 6908] chdir("./100") = 0 [pid 6908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6908] setpgid(0, 0) = 0 [pid 6908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6908] write(3, "1000", 4) = 4 [pid 6908] close(3) = 0 [pid 6908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6908] memfd_create("syzkaller", 0) = 3 [pid 6908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6908] munmap(0x7f1b58076000, 16777216) = 0 [pid 6908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6908] close(3) = 0 [pid 6908] mkdir("./bus", 0777) = 0 [ 96.186331][ T6908] loop0: detected capacity change from 0 to 32768 [ 96.196371][ T6908] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6908) [ 96.212413][ T6908] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.221256][ T6908] BTRFS info (device loop0): doing ref verification [pid 6908] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6908] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6908] chdir("./bus") = 0 [pid 6908] ioctl(4, LOOP_CLR_FD) = 0 [pid 6908] close(4) = 0 [pid 6908] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6908] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6908] exit_group(0) = ? [pid 6908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6908, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 [ 96.227848][ T6908] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 96.238735][ T6908] BTRFS info (device loop0): force zlib compression, level 3 [ 96.246255][ T6908] BTRFS info (device loop0): allowing degraded mounts [ 96.253130][ T6908] BTRFS info (device loop0): using free space tree [ 96.270416][ T6908] BTRFS info (device loop0): auto enabling async discard umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6926 ./strace-static-x86_64: Process 6926 attached [pid 6926] chdir("./101") = 0 [pid 6926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6926] setpgid(0, 0) = 0 [pid 6926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6926] write(3, "1000", 4) = 4 [pid 6926] close(3) = 0 [pid 6926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6926] memfd_create("syzkaller", 0) = 3 [pid 6926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6926] munmap(0x7f1b58076000, 16777216) = 0 [pid 6926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6926] close(3) = 0 [pid 6926] mkdir("./bus", 0777) = 0 [ 96.594478][ T6926] loop0: detected capacity change from 0 to 32768 [ 96.605527][ T6926] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6926) [ 96.622928][ T6926] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.631739][ T6926] BTRFS info (device loop0): doing ref verification [pid 6926] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6926] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6926] chdir("./bus") = 0 [pid 6926] ioctl(4, LOOP_CLR_FD) = 0 [pid 6926] close(4) = 0 [pid 6926] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6926] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6926] exit_group(0) = ? [pid 6926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6926, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 96.638347][ T6926] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 96.649503][ T6926] BTRFS info (device loop0): force zlib compression, level 3 [ 96.657328][ T6926] BTRFS info (device loop0): allowing degraded mounts [ 96.664375][ T6926] BTRFS info (device loop0): using free space tree [ 96.683852][ T6926] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6944 ./strace-static-x86_64: Process 6944 attached [pid 6944] chdir("./102") = 0 [pid 6944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6944] setpgid(0, 0) = 0 [pid 6944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6944] write(3, "1000", 4) = 4 [pid 6944] close(3) = 0 [pid 6944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6944] memfd_create("syzkaller", 0) = 3 [pid 6944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6944] munmap(0x7f1b58076000, 16777216) = 0 [pid 6944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6944] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6944] close(3) = 0 [pid 6944] mkdir("./bus", 0777) = 0 [ 97.013539][ T6944] loop0: detected capacity change from 0 to 32768 [ 97.022915][ T6944] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6944) [ 97.039016][ T6944] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.048081][ T6944] BTRFS info (device loop0): doing ref verification [pid 6944] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6944] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6944] chdir("./bus") = 0 [pid 6944] ioctl(4, LOOP_CLR_FD) = 0 [pid 6944] close(4) = 0 [pid 6944] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6944] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6944] exit_group(0) = ? [pid 6944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6944, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 [ 97.055032][ T6944] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 97.066293][ T6944] BTRFS info (device loop0): force zlib compression, level 3 [ 97.074275][ T6944] BTRFS info (device loop0): allowing degraded mounts [ 97.081467][ T6944] BTRFS info (device loop0): using free space tree [ 97.100801][ T6944] BTRFS info (device loop0): auto enabling async discard umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6962 ./strace-static-x86_64: Process 6962 attached [pid 6962] chdir("./103") = 0 [pid 6962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6962] setpgid(0, 0) = 0 [pid 6962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6962] write(3, "1000", 4) = 4 [pid 6962] close(3) = 0 [pid 6962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6962] memfd_create("syzkaller", 0) = 3 [pid 6962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6962] munmap(0x7f1b58076000, 16777216) = 0 [pid 6962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6962] close(3) = 0 [pid 6962] mkdir("./bus", 0777) = 0 [ 97.426954][ T6962] loop0: detected capacity change from 0 to 32768 [ 97.436099][ T6962] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6962) [ 97.453490][ T6962] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.462260][ T6962] BTRFS info (device loop0): doing ref verification [pid 6962] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6962] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6962] chdir("./bus") = 0 [pid 6962] ioctl(4, LOOP_CLR_FD) = 0 [pid 6962] close(4) = 0 [pid 6962] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6962] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6962] exit_group(0) = ? [pid 6962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6962, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 [ 97.469653][ T6962] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 97.480502][ T6962] BTRFS info (device loop0): force zlib compression, level 3 [ 97.487925][ T6962] BTRFS info (device loop0): allowing degraded mounts [ 97.494762][ T6962] BTRFS info (device loop0): using free space tree [ 97.511444][ T6962] BTRFS info (device loop0): auto enabling async discard umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6980 ./strace-static-x86_64: Process 6980 attached [pid 6980] chdir("./104") = 0 [pid 6980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6980] setpgid(0, 0) = 0 [pid 6980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6980] write(3, "1000", 4) = 4 [pid 6980] close(3) = 0 [pid 6980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6980] memfd_create("syzkaller", 0) = 3 [pid 6980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6980] munmap(0x7f1b58076000, 16777216) = 0 [pid 6980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6980] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6980] close(3) = 0 [pid 6980] mkdir("./bus", 0777) = 0 [ 97.849999][ T6980] loop0: detected capacity change from 0 to 32768 [ 97.860652][ T6980] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6980) [ 97.877107][ T6980] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.886229][ T6980] BTRFS info (device loop0): doing ref verification [pid 6980] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6980] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6980] chdir("./bus") = 0 [pid 6980] ioctl(4, LOOP_CLR_FD) = 0 [pid 6980] close(4) = 0 [pid 6980] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6980] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6980] exit_group(0) = ? [pid 6980] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6980, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 [ 97.893038][ T6980] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 97.904088][ T6980] BTRFS info (device loop0): force zlib compression, level 3 [ 97.911861][ T6980] BTRFS info (device loop0): allowing degraded mounts [ 97.918654][ T6980] BTRFS info (device loop0): using free space tree [ 97.934885][ T6980] BTRFS info (device loop0): auto enabling async discard umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 6998 ./strace-static-x86_64: Process 6998 attached [pid 6998] chdir("./105") = 0 [pid 6998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6998] setpgid(0, 0) = 0 [pid 6998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6998] write(3, "1000", 4) = 4 [pid 6998] close(3) = 0 [pid 6998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6998] memfd_create("syzkaller", 0) = 3 [pid 6998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 6998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6998] munmap(0x7f1b58076000, 16777216) = 0 [pid 6998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6998] close(3) = 0 [pid 6998] mkdir("./bus", 0777) = 0 [ 98.273598][ T6998] loop0: detected capacity change from 0 to 32768 [ 98.282772][ T6998] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (6998) [ 98.300670][ T6998] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.309387][ T6998] BTRFS info (device loop0): doing ref verification [pid 6998] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6998] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6998] chdir("./bus") = 0 [pid 6998] ioctl(4, LOOP_CLR_FD) = 0 [pid 6998] close(4) = 0 [pid 6998] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6998] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 6998] exit_group(0) = ? [pid 6998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6998, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 [ 98.316417][ T6998] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 98.327511][ T6998] BTRFS info (device loop0): force zlib compression, level 3 [ 98.335148][ T6998] BTRFS info (device loop0): allowing degraded mounts [ 98.342233][ T6998] BTRFS info (device loop0): using free space tree [ 98.359912][ T6998] BTRFS info (device loop0): auto enabling async discard umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7016 ./strace-static-x86_64: Process 7016 attached [pid 7016] chdir("./106") = 0 [pid 7016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7016] setpgid(0, 0) = 0 [pid 7016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7016] write(3, "1000", 4) = 4 [pid 7016] close(3) = 0 [pid 7016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7016] memfd_create("syzkaller", 0) = 3 [pid 7016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7016] munmap(0x7f1b58076000, 16777216) = 0 [pid 7016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7016] close(3) = 0 [pid 7016] mkdir("./bus", 0777) = 0 [ 98.693064][ T7016] loop0: detected capacity change from 0 to 32768 [ 98.712978][ T7016] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7016) [ 98.729675][ T7016] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.738776][ T7016] BTRFS info (device loop0): doing ref verification [ 98.745774][ T7016] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 98.757081][ T7016] BTRFS info (device loop0): force zlib compression, level 3 [ 98.764838][ T7016] BTRFS info (device loop0): allowing degraded mounts [ 98.772102][ T7016] BTRFS info (device loop0): using free space tree [pid 7016] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7016] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7016] chdir("./bus") = 0 [pid 7016] ioctl(4, LOOP_CLR_FD) = 0 [pid 7016] close(4) = 0 [pid 7016] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7016] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7016] exit_group(0) = ? [pid 7016] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7016, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 [ 98.790028][ T7016] BTRFS info (device loop0): auto enabling async discard umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7034 ./strace-static-x86_64: Process 7034 attached [pid 7034] chdir("./107") = 0 [pid 7034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7034] setpgid(0, 0) = 0 [pid 7034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7034] write(3, "1000", 4) = 4 [pid 7034] close(3) = 0 [pid 7034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7034] memfd_create("syzkaller", 0) = 3 [pid 7034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7034] munmap(0x7f1b58076000, 16777216) = 0 [pid 7034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7034] close(3) = 0 [pid 7034] mkdir("./bus", 0777) = 0 [ 99.119009][ T7034] loop0: detected capacity change from 0 to 32768 [ 99.129098][ T7034] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7034) [ 99.145070][ T7034] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.153850][ T7034] BTRFS info (device loop0): doing ref verification [pid 7034] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7034] chdir("./bus") = 0 [pid 7034] ioctl(4, LOOP_CLR_FD) = 0 [pid 7034] close(4) = 0 [pid 7034] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7034] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7034] exit_group(0) = ? [pid 7034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7034, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 [ 99.160519][ T7034] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 99.171364][ T7034] BTRFS info (device loop0): force zlib compression, level 3 [ 99.178850][ T7034] BTRFS info (device loop0): allowing degraded mounts [ 99.185670][ T7034] BTRFS info (device loop0): using free space tree [ 99.203949][ T7034] BTRFS info (device loop0): auto enabling async discard umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7052 attached , child_tidptr=0x5555563e75d0) = 7052 [pid 7052] chdir("./108") = 0 [pid 7052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7052] setpgid(0, 0) = 0 [pid 7052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7052] write(3, "1000", 4) = 4 [pid 7052] close(3) = 0 [pid 7052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7052] memfd_create("syzkaller", 0) = 3 [pid 7052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7052] munmap(0x7f1b58076000, 16777216) = 0 [pid 7052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7052] close(3) = 0 [pid 7052] mkdir("./bus", 0777) = 0 [ 99.530555][ T7052] loop0: detected capacity change from 0 to 32768 [ 99.540612][ T7052] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7052) [ 99.557217][ T7052] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.566240][ T7052] BTRFS info (device loop0): doing ref verification [pid 7052] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7052] chdir("./bus") = 0 [pid 7052] ioctl(4, LOOP_CLR_FD) = 0 [pid 7052] close(4) = 0 [pid 7052] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7052] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7052] exit_group(0) = ? [pid 7052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7052, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 99.573168][ T7052] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 99.584210][ T7052] BTRFS info (device loop0): force zlib compression, level 3 [ 99.592142][ T7052] BTRFS info (device loop0): allowing degraded mounts [ 99.598927][ T7052] BTRFS info (device loop0): using free space tree [ 99.617064][ T7052] BTRFS info (device loop0): auto enabling async discard unlink("./108/binderfs") = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7070 ./strace-static-x86_64: Process 7070 attached [pid 7070] chdir("./109") = 0 [pid 7070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7070] setpgid(0, 0) = 0 [pid 7070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7070] write(3, "1000", 4) = 4 [pid 7070] close(3) = 0 [pid 7070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7070] memfd_create("syzkaller", 0) = 3 [pid 7070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7070] munmap(0x7f1b58076000, 16777216) = 0 [pid 7070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7070] close(3) = 0 [pid 7070] mkdir("./bus", 0777) = 0 [ 99.944009][ T7070] loop0: detected capacity change from 0 to 32768 [ 99.957690][ T7070] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7070) [ 99.974440][ T7070] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.984024][ T7070] BTRFS info (device loop0): doing ref verification [pid 7070] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7070] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7070] chdir("./bus") = 0 [pid 7070] ioctl(4, LOOP_CLR_FD) = 0 [pid 7070] close(4) = 0 [pid 7070] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7070] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7070] exit_group(0) = ? [pid 7070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7070, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=16 /* 0.16 s */} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 [ 99.990761][ T7070] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 100.001748][ T7070] BTRFS info (device loop0): force zlib compression, level 3 [ 100.009136][ T7070] BTRFS info (device loop0): allowing degraded mounts [ 100.016155][ T7070] BTRFS info (device loop0): using free space tree [ 100.033159][ T7070] BTRFS info (device loop0): auto enabling async discard umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7088 ./strace-static-x86_64: Process 7088 attached [pid 7088] chdir("./110") = 0 [pid 7088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7088] setpgid(0, 0) = 0 [pid 7088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7088] write(3, "1000", 4) = 4 [pid 7088] close(3) = 0 [pid 7088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7088] memfd_create("syzkaller", 0) = 3 [pid 7088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7088] munmap(0x7f1b58076000, 16777216) = 0 [pid 7088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7088] close(3) = 0 [pid 7088] mkdir("./bus", 0777) = 0 [ 100.365571][ T7088] loop0: detected capacity change from 0 to 32768 [ 100.374746][ T7088] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7088) [ 100.391467][ T7088] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.400450][ T7088] BTRFS info (device loop0): doing ref verification [pid 7088] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7088] chdir("./bus") = 0 [pid 7088] ioctl(4, LOOP_CLR_FD) = 0 [pid 7088] close(4) = 0 [pid 7088] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7088] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7088] exit_group(0) = ? [pid 7088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7088, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 [ 100.407136][ T7088] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 100.418110][ T7088] BTRFS info (device loop0): force zlib compression, level 3 [ 100.425577][ T7088] BTRFS info (device loop0): allowing degraded mounts [ 100.432399][ T7088] BTRFS info (device loop0): using free space tree [ 100.450925][ T7088] BTRFS info (device loop0): auto enabling async discard umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7106 ./strace-static-x86_64: Process 7106 attached [pid 7106] chdir("./111") = 0 [pid 7106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7106] setpgid(0, 0) = 0 [pid 7106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7106] write(3, "1000", 4) = 4 [pid 7106] close(3) = 0 [pid 7106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7106] memfd_create("syzkaller", 0) = 3 [pid 7106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7106] munmap(0x7f1b58076000, 16777216) = 0 [pid 7106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7106] close(3) = 0 [pid 7106] mkdir("./bus", 0777) = 0 [ 100.770627][ T7106] loop0: detected capacity change from 0 to 32768 [ 100.780212][ T7106] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7106) [ 100.795938][ T7106] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.805056][ T7106] BTRFS info (device loop0): doing ref verification [pid 7106] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7106] chdir("./bus") = 0 [pid 7106] ioctl(4, LOOP_CLR_FD) = 0 [pid 7106] close(4) = 0 [pid 7106] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7106] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7106] exit_group(0) = ? [pid 7106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7106, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 [ 100.812083][ T7106] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 100.823109][ T7106] BTRFS info (device loop0): force zlib compression, level 3 [ 100.830793][ T7106] BTRFS info (device loop0): allowing degraded mounts [ 100.837708][ T7106] BTRFS info (device loop0): using free space tree [ 100.854658][ T7106] BTRFS info (device loop0): auto enabling async discard umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7124 ./strace-static-x86_64: Process 7124 attached [pid 7124] chdir("./112") = 0 [pid 7124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7124] setpgid(0, 0) = 0 [pid 7124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7124] write(3, "1000", 4) = 4 [pid 7124] close(3) = 0 [pid 7124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7124] memfd_create("syzkaller", 0) = 3 [pid 7124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7124] munmap(0x7f1b58076000, 16777216) = 0 [pid 7124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7124] close(3) = 0 [pid 7124] mkdir("./bus", 0777) = 0 [ 101.178640][ T7124] loop0: detected capacity change from 0 to 32768 [ 101.187985][ T7124] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7124) [ 101.203850][ T7124] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.213184][ T7124] BTRFS info (device loop0): doing ref verification [pid 7124] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7124] chdir("./bus") = 0 [pid 7124] ioctl(4, LOOP_CLR_FD) = 0 [pid 7124] close(4) = 0 [pid 7124] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7124] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7124] exit_group(0) = ? [pid 7124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7124, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 [ 101.220093][ T7124] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 101.231020][ T7124] BTRFS info (device loop0): force zlib compression, level 3 [ 101.238441][ T7124] BTRFS info (device loop0): allowing degraded mounts [ 101.245364][ T7124] BTRFS info (device loop0): using free space tree [ 101.262309][ T7124] BTRFS info (device loop0): auto enabling async discard umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7142 ./strace-static-x86_64: Process 7142 attached [pid 7142] chdir("./113") = 0 [pid 7142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7142] setpgid(0, 0) = 0 [pid 7142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7142] write(3, "1000", 4) = 4 [pid 7142] close(3) = 0 [pid 7142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7142] memfd_create("syzkaller", 0) = 3 [pid 7142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7142] munmap(0x7f1b58076000, 16777216) = 0 [pid 7142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7142] close(3) = 0 [pid 7142] mkdir("./bus", 0777) = 0 [ 101.591602][ T7142] loop0: detected capacity change from 0 to 32768 [ 101.602287][ T7142] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7142) [ 101.619021][ T7142] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.628044][ T7142] BTRFS info (device loop0): doing ref verification [pid 7142] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7142] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7142] chdir("./bus") = 0 [pid 7142] ioctl(4, LOOP_CLR_FD) = 0 [pid 7142] close(4) = 0 [pid 7142] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7142] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7142] exit_group(0) = ? [ 101.634842][ T7142] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 101.646021][ T7142] BTRFS info (device loop0): force zlib compression, level 3 [ 101.653726][ T7142] BTRFS info (device loop0): allowing degraded mounts [ 101.660689][ T7142] BTRFS info (device loop0): using free space tree [ 101.678217][ T7142] BTRFS info (device loop0): auto enabling async discard [pid 7142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7142, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7160 ./strace-static-x86_64: Process 7160 attached [pid 7160] chdir("./114") = 0 [pid 7160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7160] setpgid(0, 0) = 0 [pid 7160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7160] write(3, "1000", 4) = 4 [pid 7160] close(3) = 0 [pid 7160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7160] memfd_create("syzkaller", 0) = 3 [pid 7160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7160] munmap(0x7f1b58076000, 16777216) = 0 [pid 7160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7160] close(3) = 0 [pid 7160] mkdir("./bus", 0777) = 0 [ 102.032654][ T7160] loop0: detected capacity change from 0 to 32768 [ 102.042935][ T7160] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7160) [ 102.057723][ T7160] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.066713][ T7160] BTRFS info (device loop0): doing ref verification [pid 7160] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7160] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7160] chdir("./bus") = 0 [pid 7160] ioctl(4, LOOP_CLR_FD) = 0 [pid 7160] close(4) = 0 [pid 7160] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7160] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7160] exit_group(0) = ? [pid 7160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7160, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 [ 102.073853][ T7160] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 102.084959][ T7160] BTRFS info (device loop0): force zlib compression, level 3 [ 102.092491][ T7160] BTRFS info (device loop0): allowing degraded mounts [ 102.099588][ T7160] BTRFS info (device loop0): using free space tree [ 102.116826][ T7160] BTRFS info (device loop0): auto enabling async discard umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7178 ./strace-static-x86_64: Process 7178 attached [pid 7178] chdir("./115") = 0 [pid 7178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7178] setpgid(0, 0) = 0 [pid 7178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7178] write(3, "1000", 4) = 4 [pid 7178] close(3) = 0 [pid 7178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7178] memfd_create("syzkaller", 0) = 3 [pid 7178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7178] munmap(0x7f1b58076000, 16777216) = 0 [pid 7178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7178] close(3) = 0 [pid 7178] mkdir("./bus", 0777) = 0 [ 102.485132][ T7178] loop0: detected capacity change from 0 to 32768 [ 102.494220][ T7178] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7178) [ 102.510572][ T7178] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.519325][ T7178] BTRFS info (device loop0): doing ref verification [pid 7178] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7178] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7178] chdir("./bus") = 0 [pid 7178] ioctl(4, LOOP_CLR_FD) = 0 [pid 7178] close(4) = 0 [pid 7178] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7178] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7178] exit_group(0) = ? [pid 7178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7178, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 [ 102.526059][ T7178] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 102.537123][ T7178] BTRFS info (device loop0): force zlib compression, level 3 [ 102.544720][ T7178] BTRFS info (device loop0): allowing degraded mounts [ 102.551551][ T7178] BTRFS info (device loop0): using free space tree [ 102.568433][ T7178] BTRFS info (device loop0): auto enabling async discard umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7196 ./strace-static-x86_64: Process 7196 attached [pid 7196] chdir("./116") = 0 [pid 7196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7196] setpgid(0, 0) = 0 [pid 7196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7196] write(3, "1000", 4) = 4 [pid 7196] close(3) = 0 [pid 7196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7196] memfd_create("syzkaller", 0) = 3 [pid 7196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7196] munmap(0x7f1b58076000, 16777216) = 0 [pid 7196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7196] close(3) = 0 [pid 7196] mkdir("./bus", 0777) = 0 [ 102.903206][ T7196] loop0: detected capacity change from 0 to 32768 [ 102.913073][ T7196] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7196) [ 102.933203][ T7196] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.942154][ T7196] BTRFS info (device loop0): doing ref verification [pid 7196] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7196] chdir("./bus") = 0 [pid 7196] ioctl(4, LOOP_CLR_FD) = 0 [pid 7196] close(4) = 0 [pid 7196] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7196] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7196] exit_group(0) = ? [pid 7196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7196, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 102.948820][ T7196] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 102.960015][ T7196] BTRFS info (device loop0): force zlib compression, level 3 [ 102.967433][ T7196] BTRFS info (device loop0): allowing degraded mounts [ 102.974336][ T7196] BTRFS info (device loop0): using free space tree [ 102.990990][ T7196] BTRFS info (device loop0): auto enabling async discard fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7214 ./strace-static-x86_64: Process 7214 attached [pid 7214] chdir("./117") = 0 [pid 7214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7214] setpgid(0, 0) = 0 [pid 7214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7214] write(3, "1000", 4) = 4 [pid 7214] close(3) = 0 [pid 7214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7214] memfd_create("syzkaller", 0) = 3 [pid 7214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7214] munmap(0x7f1b58076000, 16777216) = 0 [pid 7214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7214] close(3) = 0 [pid 7214] mkdir("./bus", 0777) = 0 [ 103.333120][ T7214] loop0: detected capacity change from 0 to 32768 [ 103.342099][ T7214] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7214) [ 103.359014][ T7214] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.368159][ T7214] BTRFS info (device loop0): doing ref verification [pid 7214] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7214] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7214] chdir("./bus") = 0 [pid 7214] ioctl(4, LOOP_CLR_FD) = 0 [pid 7214] close(4) = 0 [pid 7214] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7214] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7214] exit_group(0) = ? [pid 7214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7214, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 [ 103.375197][ T7214] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 103.386496][ T7214] BTRFS info (device loop0): force zlib compression, level 3 [ 103.394155][ T7214] BTRFS info (device loop0): allowing degraded mounts [ 103.401160][ T7214] BTRFS info (device loop0): using free space tree [ 103.419496][ T7214] BTRFS info (device loop0): auto enabling async discard umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7232 ./strace-static-x86_64: Process 7232 attached [pid 7232] chdir("./118") = 0 [pid 7232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7232] setpgid(0, 0) = 0 [pid 7232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7232] write(3, "1000", 4) = 4 [pid 7232] close(3) = 0 [pid 7232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7232] memfd_create("syzkaller", 0) = 3 [pid 7232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7232] munmap(0x7f1b58076000, 16777216) = 0 [pid 7232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7232] close(3) = 0 [pid 7232] mkdir("./bus", 0777) = 0 [ 103.751735][ T7232] loop0: detected capacity change from 0 to 32768 [ 103.760897][ T7232] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7232) [ 103.777543][ T7232] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.786388][ T7232] BTRFS info (device loop0): doing ref verification [pid 7232] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7232] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7232] chdir("./bus") = 0 [pid 7232] ioctl(4, LOOP_CLR_FD) = 0 [pid 7232] close(4) = 0 [pid 7232] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7232] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7232] exit_group(0) = ? [pid 7232] +++ exited with 0 +++ [ 103.793031][ T7232] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 103.804026][ T7232] BTRFS info (device loop0): force zlib compression, level 3 [ 103.811507][ T7232] BTRFS info (device loop0): allowing degraded mounts [ 103.818296][ T7232] BTRFS info (device loop0): using free space tree [ 103.836463][ T7232] BTRFS info (device loop0): auto enabling async discard --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7232, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7250 ./strace-static-x86_64: Process 7250 attached [pid 7250] chdir("./119") = 0 [pid 7250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7250] setpgid(0, 0) = 0 [pid 7250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7250] write(3, "1000", 4) = 4 [pid 7250] close(3) = 0 [pid 7250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7250] memfd_create("syzkaller", 0) = 3 [pid 7250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7250] munmap(0x7f1b58076000, 16777216) = 0 [pid 7250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7250] close(3) = 0 [pid 7250] mkdir("./bus", 0777) = 0 [ 104.180858][ T7250] loop0: detected capacity change from 0 to 32768 [ 104.190280][ T7250] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7250) [ 104.206043][ T7250] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.214928][ T7250] BTRFS info (device loop0): doing ref verification [pid 7250] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7250] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7250] chdir("./bus") = 0 [pid 7250] ioctl(4, LOOP_CLR_FD) = 0 [pid 7250] close(4) = 0 [pid 7250] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7250] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7250] exit_group(0) = ? [pid 7250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7250, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 [ 104.221582][ T7250] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 104.232817][ T7250] BTRFS info (device loop0): force zlib compression, level 3 [ 104.240298][ T7250] BTRFS info (device loop0): allowing degraded mounts [ 104.247086][ T7250] BTRFS info (device loop0): using free space tree [ 104.265448][ T7250] BTRFS info (device loop0): auto enabling async discard umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7268 ./strace-static-x86_64: Process 7268 attached [pid 7268] chdir("./120") = 0 [pid 7268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7268] setpgid(0, 0) = 0 [pid 7268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7268] write(3, "1000", 4) = 4 [pid 7268] close(3) = 0 [pid 7268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7268] memfd_create("syzkaller", 0) = 3 [pid 7268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7268] munmap(0x7f1b58076000, 16777216) = 0 [pid 7268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7268] close(3) = 0 [pid 7268] mkdir("./bus", 0777) = 0 [ 104.603449][ T7268] loop0: detected capacity change from 0 to 32768 [ 104.612523][ T7268] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7268) [ 104.629109][ T7268] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.637914][ T7268] BTRFS info (device loop0): doing ref verification [pid 7268] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7268] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7268] chdir("./bus") = 0 [pid 7268] ioctl(4, LOOP_CLR_FD) = 0 [pid 7268] close(4) = 0 [pid 7268] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7268] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7268] exit_group(0) = ? [pid 7268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7268, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 [ 104.644590][ T7268] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 104.655432][ T7268] BTRFS info (device loop0): force zlib compression, level 3 [ 104.662877][ T7268] BTRFS info (device loop0): allowing degraded mounts [ 104.669675][ T7268] BTRFS info (device loop0): using free space tree [ 104.686545][ T7268] BTRFS info (device loop0): auto enabling async discard umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7286 ./strace-static-x86_64: Process 7286 attached [pid 7286] chdir("./121") = 0 [pid 7286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7286] setpgid(0, 0) = 0 [pid 7286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7286] write(3, "1000", 4) = 4 [pid 7286] close(3) = 0 [pid 7286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7286] memfd_create("syzkaller", 0) = 3 [pid 7286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7286] munmap(0x7f1b58076000, 16777216) = 0 [pid 7286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7286] close(3) = 0 [pid 7286] mkdir("./bus", 0777) = 0 [ 105.005229][ T7286] loop0: detected capacity change from 0 to 32768 [ 105.015681][ T7286] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7286) [ 105.032120][ T7286] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.040989][ T7286] BTRFS info (device loop0): doing ref verification [pid 7286] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7286] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7286] chdir("./bus") = 0 [pid 7286] ioctl(4, LOOP_CLR_FD) = 0 [pid 7286] close(4) = 0 [pid 7286] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7286] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7286] exit_group(0) = ? [pid 7286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7286, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 [ 105.047654][ T7286] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 105.058546][ T7286] BTRFS info (device loop0): force zlib compression, level 3 [ 105.066097][ T7286] BTRFS info (device loop0): allowing degraded mounts [ 105.072933][ T7286] BTRFS info (device loop0): using free space tree [ 105.089307][ T7286] BTRFS info (device loop0): auto enabling async discard umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7304 ./strace-static-x86_64: Process 7304 attached [pid 7304] chdir("./122") = 0 [pid 7304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7304] setpgid(0, 0) = 0 [pid 7304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7304] write(3, "1000", 4) = 4 [pid 7304] close(3) = 0 [pid 7304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7304] memfd_create("syzkaller", 0) = 3 [pid 7304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7304] munmap(0x7f1b58076000, 16777216) = 0 [pid 7304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7304] close(3) = 0 [pid 7304] mkdir("./bus", 0777) = 0 [ 105.409003][ T7304] loop0: detected capacity change from 0 to 32768 [ 105.420055][ T7304] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7304) [ 105.436985][ T7304] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.446132][ T7304] BTRFS info (device loop0): doing ref verification [pid 7304] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7304] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7304] chdir("./bus") = 0 [pid 7304] ioctl(4, LOOP_CLR_FD) = 0 [pid 7304] close(4) = 0 [pid 7304] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7304] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7304] exit_group(0) = ? [pid 7304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7304, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.452984][ T7304] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 105.464046][ T7304] BTRFS info (device loop0): force zlib compression, level 3 [ 105.471793][ T7304] BTRFS info (device loop0): allowing degraded mounts [ 105.478669][ T7304] BTRFS info (device loop0): using free space tree [ 105.494953][ T7304] BTRFS info (device loop0): auto enabling async discard lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7322 ./strace-static-x86_64: Process 7322 attached [pid 7322] chdir("./123") = 0 [pid 7322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7322] setpgid(0, 0) = 0 [pid 7322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7322] write(3, "1000", 4) = 4 [pid 7322] close(3) = 0 [pid 7322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7322] memfd_create("syzkaller", 0) = 3 [pid 7322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7322] munmap(0x7f1b58076000, 16777216) = 0 [pid 7322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7322] close(3) = 0 [pid 7322] mkdir("./bus", 0777) = 0 [ 105.821501][ T7322] loop0: detected capacity change from 0 to 32768 [ 105.831909][ T7322] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7322) [ 105.848547][ T7322] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.858244][ T7322] BTRFS info (device loop0): doing ref verification [pid 7322] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7322] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7322] chdir("./bus") = 0 [pid 7322] ioctl(4, LOOP_CLR_FD) = 0 [pid 7322] close(4) = 0 [pid 7322] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7322] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7322] exit_group(0) = ? [pid 7322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7322, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 [ 105.865247][ T7322] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 105.877017][ T7322] BTRFS info (device loop0): force zlib compression, level 3 [ 105.884904][ T7322] BTRFS info (device loop0): allowing degraded mounts [ 105.892135][ T7322] BTRFS info (device loop0): using free space tree [ 105.909910][ T7322] BTRFS info (device loop0): auto enabling async discard umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7340 ./strace-static-x86_64: Process 7340 attached [pid 7340] chdir("./124") = 0 [pid 7340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7340] setpgid(0, 0) = 0 [pid 7340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7340] write(3, "1000", 4) = 4 [pid 7340] close(3) = 0 [pid 7340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7340] memfd_create("syzkaller", 0) = 3 [pid 7340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7340] munmap(0x7f1b58076000, 16777216) = 0 [pid 7340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7340] close(3) = 0 [pid 7340] mkdir("./bus", 0777) = 0 [ 106.230379][ T7340] loop0: detected capacity change from 0 to 32768 [ 106.240204][ T7340] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7340) [ 106.256612][ T7340] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.265505][ T7340] BTRFS info (device loop0): doing ref verification [pid 7340] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7340] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7340] chdir("./bus") = 0 [pid 7340] ioctl(4, LOOP_CLR_FD) = 0 [pid 7340] close(4) = 0 [pid 7340] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7340] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7340] exit_group(0) = ? [pid 7340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7340, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 [ 106.272177][ T7340] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 106.283025][ T7340] BTRFS info (device loop0): force zlib compression, level 3 [ 106.290473][ T7340] BTRFS info (device loop0): allowing degraded mounts [ 106.297252][ T7340] BTRFS info (device loop0): using free space tree [ 106.314729][ T7340] BTRFS info (device loop0): auto enabling async discard umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7358 ./strace-static-x86_64: Process 7358 attached [pid 7358] chdir("./125") = 0 [pid 7358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7358] setpgid(0, 0) = 0 [pid 7358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7358] write(3, "1000", 4) = 4 [pid 7358] close(3) = 0 [pid 7358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7358] memfd_create("syzkaller", 0) = 3 [pid 7358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7358] munmap(0x7f1b58076000, 16777216) = 0 [pid 7358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7358] close(3) = 0 [pid 7358] mkdir("./bus", 0777) = 0 [ 106.642874][ T7358] loop0: detected capacity change from 0 to 32768 [ 106.653848][ T7358] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7358) [ 106.669996][ T7358] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.678719][ T7358] BTRFS info (device loop0): doing ref verification [pid 7358] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7358] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7358] chdir("./bus") = 0 [pid 7358] ioctl(4, LOOP_CLR_FD) = 0 [pid 7358] close(4) = 0 [pid 7358] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7358] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7358] exit_group(0) = ? [pid 7358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7358, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 [ 106.685854][ T7358] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 106.697001][ T7358] BTRFS info (device loop0): force zlib compression, level 3 [ 106.704687][ T7358] BTRFS info (device loop0): allowing degraded mounts [ 106.711680][ T7358] BTRFS info (device loop0): using free space tree [ 106.728910][ T7358] BTRFS info (device loop0): auto enabling async discard umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7376 ./strace-static-x86_64: Process 7376 attached [pid 7376] chdir("./126") = 0 [pid 7376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7376] setpgid(0, 0) = 0 [pid 7376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7376] write(3, "1000", 4) = 4 [pid 7376] close(3) = 0 [pid 7376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7376] memfd_create("syzkaller", 0) = 3 [pid 7376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7376] munmap(0x7f1b58076000, 16777216) = 0 [pid 7376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7376] close(3) = 0 [pid 7376] mkdir("./bus", 0777) = 0 [ 107.054948][ T7376] loop0: detected capacity change from 0 to 32768 [ 107.063892][ T7376] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7376) [ 107.080659][ T7376] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.089683][ T7376] BTRFS info (device loop0): doing ref verification [pid 7376] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7376] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7376] chdir("./bus") = 0 [pid 7376] ioctl(4, LOOP_CLR_FD) = 0 [pid 7376] close(4) = 0 [pid 7376] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7376] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7376] exit_group(0) = ? [pid 7376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7376, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 [ 107.096670][ T7376] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 107.107812][ T7376] BTRFS info (device loop0): force zlib compression, level 3 [ 107.115459][ T7376] BTRFS info (device loop0): allowing degraded mounts [ 107.122450][ T7376] BTRFS info (device loop0): using free space tree [ 107.140478][ T7376] BTRFS info (device loop0): auto enabling async discard umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7394 ./strace-static-x86_64: Process 7394 attached [pid 7394] chdir("./127") = 0 [pid 7394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7394] setpgid(0, 0) = 0 [pid 7394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7394] write(3, "1000", 4) = 4 [pid 7394] close(3) = 0 [pid 7394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7394] memfd_create("syzkaller", 0) = 3 [pid 7394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7394] munmap(0x7f1b58076000, 16777216) = 0 [pid 7394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7394] close(3) = 0 [pid 7394] mkdir("./bus", 0777) = 0 [ 107.468521][ T7394] loop0: detected capacity change from 0 to 32768 [ 107.478839][ T7394] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7394) [ 107.495510][ T7394] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.504295][ T7394] BTRFS info (device loop0): doing ref verification [pid 7394] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7394] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7394] chdir("./bus") = 0 [pid 7394] ioctl(4, LOOP_CLR_FD) = 0 [pid 7394] close(4) = 0 [pid 7394] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7394] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7394] exit_group(0) = ? [pid 7394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7394, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 [ 107.510952][ T7394] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 107.522642][ T7394] BTRFS info (device loop0): force zlib compression, level 3 [ 107.530097][ T7394] BTRFS info (device loop0): allowing degraded mounts [ 107.536860][ T7394] BTRFS info (device loop0): using free space tree [ 107.554562][ T7394] BTRFS info (device loop0): auto enabling async discard umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7412 ./strace-static-x86_64: Process 7412 attached [pid 7412] chdir("./128") = 0 [pid 7412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7412] setpgid(0, 0) = 0 [pid 7412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7412] write(3, "1000", 4) = 4 [pid 7412] close(3) = 0 [pid 7412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7412] memfd_create("syzkaller", 0) = 3 [pid 7412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7412] munmap(0x7f1b58076000, 16777216) = 0 [pid 7412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7412] close(3) = 0 [pid 7412] mkdir("./bus", 0777) = 0 [ 107.872537][ T7412] loop0: detected capacity change from 0 to 32768 [ 107.881920][ T7412] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7412) [ 107.898168][ T7412] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.907238][ T7412] BTRFS info (device loop0): doing ref verification [pid 7412] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7412] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7412] chdir("./bus") = 0 [pid 7412] ioctl(4, LOOP_CLR_FD) = 0 [pid 7412] close(4) = 0 [pid 7412] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7412] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7412] exit_group(0) = ? [pid 7412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7412, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 [ 107.914195][ T7412] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 107.925196][ T7412] BTRFS info (device loop0): force zlib compression, level 3 [ 107.933114][ T7412] BTRFS info (device loop0): allowing degraded mounts [ 107.940201][ T7412] BTRFS info (device loop0): using free space tree [ 107.957217][ T7412] BTRFS info (device loop0): auto enabling async discard umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7430 ./strace-static-x86_64: Process 7430 attached [pid 7430] chdir("./129") = 0 [pid 7430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7430] setpgid(0, 0) = 0 [pid 7430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7430] write(3, "1000", 4) = 4 [pid 7430] close(3) = 0 [pid 7430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7430] memfd_create("syzkaller", 0) = 3 [pid 7430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7430] munmap(0x7f1b58076000, 16777216) = 0 [pid 7430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7430] close(3) = 0 [pid 7430] mkdir("./bus", 0777) = 0 [ 108.297173][ T7430] loop0: detected capacity change from 0 to 32768 [ 108.306275][ T7430] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7430) [ 108.322692][ T7430] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.331522][ T7430] BTRFS info (device loop0): doing ref verification [pid 7430] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7430] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7430] chdir("./bus") = 0 [pid 7430] ioctl(4, LOOP_CLR_FD) = 0 [pid 7430] close(4) = 0 [pid 7430] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7430] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7430] exit_group(0) = ? [pid 7430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7430, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 [ 108.338176][ T7430] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 108.349042][ T7430] BTRFS info (device loop0): force zlib compression, level 3 [ 108.356522][ T7430] BTRFS info (device loop0): allowing degraded mounts [ 108.363523][ T7430] BTRFS info (device loop0): using free space tree [ 108.381101][ T7430] BTRFS info (device loop0): auto enabling async discard umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7448 attached , child_tidptr=0x5555563e75d0) = 7448 [pid 7448] chdir("./130") = 0 [pid 7448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7448] setpgid(0, 0) = 0 [pid 7448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7448] write(3, "1000", 4) = 4 [pid 7448] close(3) = 0 [pid 7448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7448] memfd_create("syzkaller", 0) = 3 [pid 7448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7448] munmap(0x7f1b58076000, 16777216) = 0 [pid 7448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7448] close(3) = 0 [pid 7448] mkdir("./bus", 0777) = 0 [ 108.717516][ T7448] loop0: detected capacity change from 0 to 32768 [ 108.727554][ T7448] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7448) [ 108.743922][ T7448] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.753401][ T7448] BTRFS info (device loop0): doing ref verification [pid 7448] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7448] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7448] chdir("./bus") = 0 [pid 7448] ioctl(4, LOOP_CLR_FD) = 0 [pid 7448] close(4) = 0 [pid 7448] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7448] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7448] exit_group(0) = ? [pid 7448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7448, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 [ 108.760340][ T7448] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 108.771556][ T7448] BTRFS info (device loop0): force zlib compression, level 3 [ 108.778968][ T7448] BTRFS info (device loop0): allowing degraded mounts [ 108.786023][ T7448] BTRFS info (device loop0): using free space tree [ 108.802212][ T7448] BTRFS info (device loop0): auto enabling async discard umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7466 ./strace-static-x86_64: Process 7466 attached [pid 7466] chdir("./131") = 0 [pid 7466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7466] setpgid(0, 0) = 0 [pid 7466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7466] write(3, "1000", 4) = 4 [pid 7466] close(3) = 0 [pid 7466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7466] memfd_create("syzkaller", 0) = 3 [pid 7466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7466] munmap(0x7f1b58076000, 16777216) = 0 [pid 7466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7466] close(3) = 0 [pid 7466] mkdir("./bus", 0777) = 0 [ 109.128542][ T7466] loop0: detected capacity change from 0 to 32768 [ 109.137585][ T7466] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7466) [ 109.154084][ T7466] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.162873][ T7466] BTRFS info (device loop0): doing ref verification [pid 7466] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7466] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7466] chdir("./bus") = 0 [pid 7466] ioctl(4, LOOP_CLR_FD) = 0 [pid 7466] close(4) = 0 [pid 7466] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7466] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7466] exit_group(0) = ? [pid 7466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7466, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 [ 109.169506][ T7466] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 109.180407][ T7466] BTRFS info (device loop0): force zlib compression, level 3 [ 109.187809][ T7466] BTRFS info (device loop0): allowing degraded mounts [ 109.194899][ T7466] BTRFS info (device loop0): using free space tree [ 109.212060][ T7466] BTRFS info (device loop0): auto enabling async discard umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7484 ./strace-static-x86_64: Process 7484 attached [pid 7484] chdir("./132") = 0 [pid 7484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7484] setpgid(0, 0) = 0 [pid 7484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7484] write(3, "1000", 4) = 4 [pid 7484] close(3) = 0 [pid 7484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7484] memfd_create("syzkaller", 0) = 3 [pid 7484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7484] munmap(0x7f1b58076000, 16777216) = 0 [pid 7484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7484] close(3) = 0 [pid 7484] mkdir("./bus", 0777) = 0 [ 109.550927][ T7484] loop0: detected capacity change from 0 to 32768 [ 109.560460][ T7484] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7484) [ 109.578182][ T7484] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.586997][ T7484] BTRFS info (device loop0): doing ref verification [pid 7484] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7484] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7484] chdir("./bus") = 0 [pid 7484] ioctl(4, LOOP_CLR_FD) = 0 [pid 7484] close(4) = 0 [pid 7484] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7484] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7484] exit_group(0) = ? [pid 7484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7484, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.593685][ T7484] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 109.604663][ T7484] BTRFS info (device loop0): force zlib compression, level 3 [ 109.612454][ T7484] BTRFS info (device loop0): allowing degraded mounts [ 109.619596][ T7484] BTRFS info (device loop0): using free space tree [ 109.637710][ T7484] BTRFS info (device loop0): auto enabling async discard lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7502 ./strace-static-x86_64: Process 7502 attached [pid 7502] chdir("./133") = 0 [pid 7502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7502] setpgid(0, 0) = 0 [pid 7502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7502] write(3, "1000", 4) = 4 [pid 7502] close(3) = 0 [pid 7502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7502] memfd_create("syzkaller", 0) = 3 [pid 7502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7502] munmap(0x7f1b58076000, 16777216) = 0 [pid 7502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7502] close(3) = 0 [pid 7502] mkdir("./bus", 0777) = 0 [ 109.980575][ T7502] loop0: detected capacity change from 0 to 32768 [ 109.990485][ T7502] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7502) [ 110.007543][ T7502] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.016733][ T7502] BTRFS info (device loop0): doing ref verification [pid 7502] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7502] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7502] chdir("./bus") = 0 [pid 7502] ioctl(4, LOOP_CLR_FD) = 0 [pid 7502] close(4) = 0 [pid 7502] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7502] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7502] exit_group(0) = ? [pid 7502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7502, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 [ 110.023765][ T7502] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 110.034921][ T7502] BTRFS info (device loop0): force zlib compression, level 3 [ 110.042605][ T7502] BTRFS info (device loop0): allowing degraded mounts [ 110.049391][ T7502] BTRFS info (device loop0): using free space tree [ 110.066359][ T7502] BTRFS info (device loop0): auto enabling async discard umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7520 ./strace-static-x86_64: Process 7520 attached [pid 7520] chdir("./134") = 0 [pid 7520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7520] setpgid(0, 0) = 0 [pid 7520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7520] write(3, "1000", 4) = 4 [pid 7520] close(3) = 0 [pid 7520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7520] memfd_create("syzkaller", 0) = 3 [pid 7520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7520] munmap(0x7f1b58076000, 16777216) = 0 [pid 7520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7520] close(3) = 0 [pid 7520] mkdir("./bus", 0777) = 0 [ 110.383431][ T7520] loop0: detected capacity change from 0 to 32768 [ 110.393841][ T7520] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7520) [ 110.410590][ T7520] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.419515][ T7520] BTRFS info (device loop0): doing ref verification [pid 7520] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7520] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7520] chdir("./bus") = 0 [pid 7520] ioctl(4, LOOP_CLR_FD) = 0 [pid 7520] close(4) = 0 [pid 7520] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7520] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7520] exit_group(0) = ? [pid 7520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7520, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 [ 110.426321][ T7520] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 110.437127][ T7520] BTRFS info (device loop0): force zlib compression, level 3 [ 110.444678][ T7520] BTRFS info (device loop0): allowing degraded mounts [ 110.451545][ T7520] BTRFS info (device loop0): using free space tree [ 110.468852][ T7520] BTRFS info (device loop0): auto enabling async discard umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7538 ./strace-static-x86_64: Process 7538 attached [pid 7538] chdir("./135") = 0 [pid 7538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7538] setpgid(0, 0) = 0 [pid 7538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7538] write(3, "1000", 4) = 4 [pid 7538] close(3) = 0 [pid 7538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7538] memfd_create("syzkaller", 0) = 3 [pid 7538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7538] munmap(0x7f1b58076000, 16777216) = 0 [pid 7538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7538] close(3) = 0 [pid 7538] mkdir("./bus", 0777) = 0 [ 110.794472][ T7538] loop0: detected capacity change from 0 to 32768 [ 110.805437][ T7538] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7538) [ 110.823151][ T7538] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.831986][ T7538] BTRFS info (device loop0): doing ref verification [pid 7538] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7538] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7538] chdir("./bus") = 0 [pid 7538] ioctl(4, LOOP_CLR_FD) = 0 [pid 7538] close(4) = 0 [pid 7538] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7538] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7538] exit_group(0) = ? [pid 7538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7538, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.838729][ T7538] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 110.849610][ T7538] BTRFS info (device loop0): force zlib compression, level 3 [ 110.857102][ T7538] BTRFS info (device loop0): allowing degraded mounts [ 110.863929][ T7538] BTRFS info (device loop0): using free space tree [ 110.882639][ T7538] BTRFS info (device loop0): auto enabling async discard lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7556 ./strace-static-x86_64: Process 7556 attached [pid 7556] chdir("./136") = 0 [pid 7556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7556] setpgid(0, 0) = 0 [pid 7556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7556] write(3, "1000", 4) = 4 [pid 7556] close(3) = 0 [pid 7556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7556] memfd_create("syzkaller", 0) = 3 [pid 7556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7556] munmap(0x7f1b58076000, 16777216) = 0 [pid 7556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7556] close(3) = 0 [pid 7556] mkdir("./bus", 0777) = 0 [ 111.219561][ T7556] loop0: detected capacity change from 0 to 32768 [ 111.229684][ T7556] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7556) [ 111.245982][ T7556] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.254796][ T7556] BTRFS info (device loop0): doing ref verification [pid 7556] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7556] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7556] chdir("./bus") = 0 [pid 7556] ioctl(4, LOOP_CLR_FD) = 0 [pid 7556] close(4) = 0 [pid 7556] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7556] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7556] exit_group(0) = ? [pid 7556] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7556, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 [ 111.261564][ T7556] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 111.272377][ T7556] BTRFS info (device loop0): force zlib compression, level 3 [ 111.279813][ T7556] BTRFS info (device loop0): allowing degraded mounts [ 111.286592][ T7556] BTRFS info (device loop0): using free space tree [ 111.304607][ T7556] BTRFS info (device loop0): auto enabling async discard umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7574 ./strace-static-x86_64: Process 7574 attached [pid 7574] chdir("./137") = 0 [pid 7574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7574] setpgid(0, 0) = 0 [pid 7574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7574] write(3, "1000", 4) = 4 [pid 7574] close(3) = 0 [pid 7574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7574] memfd_create("syzkaller", 0) = 3 [pid 7574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7574] munmap(0x7f1b58076000, 16777216) = 0 [pid 7574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7574] close(3) = 0 [pid 7574] mkdir("./bus", 0777) = 0 [ 111.653866][ T7574] loop0: detected capacity change from 0 to 32768 [ 111.664423][ T7574] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7574) [ 111.681772][ T7574] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.690532][ T7574] BTRFS info (device loop0): doing ref verification [pid 7574] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7574] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7574] chdir("./bus") = 0 [pid 7574] ioctl(4, LOOP_CLR_FD) = 0 [pid 7574] close(4) = 0 [pid 7574] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7574] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7574] exit_group(0) = ? [pid 7574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7574, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 [ 111.697359][ T7574] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 111.708373][ T7574] BTRFS info (device loop0): force zlib compression, level 3 [ 111.715841][ T7574] BTRFS info (device loop0): allowing degraded mounts [ 111.722695][ T7574] BTRFS info (device loop0): using free space tree [ 111.740361][ T7574] BTRFS info (device loop0): auto enabling async discard umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7592 ./strace-static-x86_64: Process 7592 attached [pid 7592] chdir("./138") = 0 [pid 7592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7592] setpgid(0, 0) = 0 [pid 7592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7592] write(3, "1000", 4) = 4 [pid 7592] close(3) = 0 [pid 7592] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7592] memfd_create("syzkaller", 0) = 3 [pid 7592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7592] munmap(0x7f1b58076000, 16777216) = 0 [pid 7592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7592] close(3) = 0 [pid 7592] mkdir("./bus", 0777) = 0 [ 112.060498][ T7592] loop0: detected capacity change from 0 to 32768 [ 112.069375][ T7592] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7592) [ 112.084644][ T7592] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.093435][ T7592] BTRFS info (device loop0): doing ref verification [ 112.100197][ T7592] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 7592] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7592] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7592] chdir("./bus") = 0 [pid 7592] ioctl(4, LOOP_CLR_FD) = 0 [pid 7592] close(4) = 0 [pid 7592] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7592] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7592] exit_group(0) = ? [pid 7592] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7592, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 [ 112.111027][ T7592] BTRFS info (device loop0): force zlib compression, level 3 [ 112.118425][ T7592] BTRFS info (device loop0): allowing degraded mounts [ 112.125270][ T7592] BTRFS info (device loop0): using free space tree [ 112.142380][ T7592] BTRFS info (device loop0): auto enabling async discard umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7610 ./strace-static-x86_64: Process 7610 attached [pid 7610] chdir("./139") = 0 [pid 7610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7610] setpgid(0, 0) = 0 [pid 7610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7610] write(3, "1000", 4) = 4 [pid 7610] close(3) = 0 [pid 7610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7610] memfd_create("syzkaller", 0) = 3 [pid 7610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7610] munmap(0x7f1b58076000, 16777216) = 0 [pid 7610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7610] close(3) = 0 [pid 7610] mkdir("./bus", 0777) = 0 [ 112.479557][ T7610] loop0: detected capacity change from 0 to 32768 [ 112.488830][ T7610] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7610) [ 112.504860][ T7610] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.513732][ T7610] BTRFS info (device loop0): doing ref verification [pid 7610] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7610] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7610] chdir("./bus") = 0 [pid 7610] ioctl(4, LOOP_CLR_FD) = 0 [pid 7610] close(4) = 0 [pid 7610] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7610] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7610] exit_group(0) = ? [pid 7610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7610, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 [ 112.520419][ T7610] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 112.531259][ T7610] BTRFS info (device loop0): force zlib compression, level 3 [ 112.538661][ T7610] BTRFS info (device loop0): allowing degraded mounts [ 112.545506][ T7610] BTRFS info (device loop0): using free space tree [ 112.563417][ T7610] BTRFS info (device loop0): auto enabling async discard umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7628 ./strace-static-x86_64: Process 7628 attached [pid 7628] chdir("./140") = 0 [pid 7628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7628] setpgid(0, 0) = 0 [pid 7628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7628] write(3, "1000", 4) = 4 [pid 7628] close(3) = 0 [pid 7628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7628] memfd_create("syzkaller", 0) = 3 [pid 7628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7628] munmap(0x7f1b58076000, 16777216) = 0 [pid 7628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7628] close(3) = 0 [pid 7628] mkdir("./bus", 0777) = 0 [ 112.904675][ T7628] loop0: detected capacity change from 0 to 32768 [ 112.914050][ T7628] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7628) [ 112.930027][ T7628] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.938782][ T7628] BTRFS info (device loop0): doing ref verification [pid 7628] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7628] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7628] chdir("./bus") = 0 [pid 7628] ioctl(4, LOOP_CLR_FD) = 0 [pid 7628] close(4) = 0 [pid 7628] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7628] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7628] exit_group(0) = ? [pid 7628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7628, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 [ 112.945475][ T7628] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 112.956436][ T7628] BTRFS info (device loop0): force zlib compression, level 3 [ 112.964068][ T7628] BTRFS info (device loop0): allowing degraded mounts [ 112.970953][ T7628] BTRFS info (device loop0): using free space tree [ 112.987368][ T7628] BTRFS info (device loop0): auto enabling async discard umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7646 ./strace-static-x86_64: Process 7646 attached [pid 7646] chdir("./141") = 0 [pid 7646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7646] setpgid(0, 0) = 0 [pid 7646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7646] write(3, "1000", 4) = 4 [pid 7646] close(3) = 0 [pid 7646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7646] memfd_create("syzkaller", 0) = 3 [pid 7646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7646] munmap(0x7f1b58076000, 16777216) = 0 [pid 7646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7646] close(3) = 0 [pid 7646] mkdir("./bus", 0777) = 0 [ 113.302003][ T7646] loop0: detected capacity change from 0 to 32768 [ 113.311046][ T7646] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7646) [ 113.326285][ T7646] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.335437][ T7646] BTRFS info (device loop0): doing ref verification [pid 7646] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7646] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7646] chdir("./bus") = 0 [pid 7646] ioctl(4, LOOP_CLR_FD) = 0 [pid 7646] close(4) = 0 [pid 7646] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7646] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7646] exit_group(0) = ? [pid 7646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7646, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=17 /* 0.17 s */} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 [ 113.342153][ T7646] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 113.352971][ T7646] BTRFS info (device loop0): force zlib compression, level 3 [ 113.360509][ T7646] BTRFS info (device loop0): allowing degraded mounts [ 113.367327][ T7646] BTRFS info (device loop0): using free space tree [ 113.383505][ T7646] BTRFS info (device loop0): auto enabling async discard umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7664 ./strace-static-x86_64: Process 7664 attached [pid 7664] chdir("./142") = 0 [pid 7664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7664] setpgid(0, 0) = 0 [pid 7664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7664] write(3, "1000", 4) = 4 [pid 7664] close(3) = 0 [pid 7664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7664] memfd_create("syzkaller", 0) = 3 [pid 7664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7664] munmap(0x7f1b58076000, 16777216) = 0 [pid 7664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7664] close(3) = 0 [pid 7664] mkdir("./bus", 0777) = 0 [ 113.698322][ T7664] loop0: detected capacity change from 0 to 32768 [ 113.707667][ T7664] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7664) [ 113.722659][ T7664] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.731643][ T7664] BTRFS info (device loop0): doing ref verification [pid 7664] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7664] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7664] chdir("./bus") = 0 [pid 7664] ioctl(4, LOOP_CLR_FD) = 0 [pid 7664] close(4) = 0 [pid 7664] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7664] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7664] exit_group(0) = ? [pid 7664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7664, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 [ 113.738334][ T7664] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 113.749187][ T7664] BTRFS info (device loop0): force zlib compression, level 3 [ 113.756607][ T7664] BTRFS info (device loop0): allowing degraded mounts [ 113.763431][ T7664] BTRFS info (device loop0): using free space tree [ 113.780607][ T7664] BTRFS info (device loop0): auto enabling async discard umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7682 ./strace-static-x86_64: Process 7682 attached [pid 7682] chdir("./143") = 0 [pid 7682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7682] setpgid(0, 0) = 0 [pid 7682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7682] write(3, "1000", 4) = 4 [pid 7682] close(3) = 0 [pid 7682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7682] memfd_create("syzkaller", 0) = 3 [pid 7682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7682] munmap(0x7f1b58076000, 16777216) = 0 [pid 7682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7682] close(3) = 0 [pid 7682] mkdir("./bus", 0777) = 0 [ 114.094816][ T7682] loop0: detected capacity change from 0 to 32768 [ 114.104601][ T7682] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7682) [ 114.121266][ T7682] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.130077][ T7682] BTRFS info (device loop0): doing ref verification [pid 7682] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7682] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7682] chdir("./bus") = 0 [pid 7682] ioctl(4, LOOP_CLR_FD) = 0 [pid 7682] close(4) = 0 [pid 7682] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7682] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7682] exit_group(0) = ? [pid 7682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7682, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 [ 114.136686][ T7682] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 114.148018][ T7682] BTRFS info (device loop0): force zlib compression, level 3 [ 114.155858][ T7682] BTRFS info (device loop0): allowing degraded mounts [ 114.163012][ T7682] BTRFS info (device loop0): using free space tree [ 114.180333][ T7682] BTRFS info (device loop0): auto enabling async discard umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7700 ./strace-static-x86_64: Process 7700 attached [pid 7700] chdir("./144") = 0 [pid 7700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7700] setpgid(0, 0) = 0 [pid 7700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7700] write(3, "1000", 4) = 4 [pid 7700] close(3) = 0 [pid 7700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7700] memfd_create("syzkaller", 0) = 3 [pid 7700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7700] munmap(0x7f1b58076000, 16777216) = 0 [pid 7700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7700] close(3) = 0 [pid 7700] mkdir("./bus", 0777) = 0 [ 114.494626][ T7700] loop0: detected capacity change from 0 to 32768 [ 114.503943][ T7700] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7700) [ 114.521946][ T7700] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.530807][ T7700] BTRFS info (device loop0): doing ref verification [pid 7700] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7700] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7700] chdir("./bus") = 0 [pid 7700] ioctl(4, LOOP_CLR_FD) = 0 [pid 7700] close(4) = 0 [pid 7700] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7700] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7700] exit_group(0) = ? [pid 7700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7700, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 [ 114.537458][ T7700] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 114.548348][ T7700] BTRFS info (device loop0): force zlib compression, level 3 [ 114.555854][ T7700] BTRFS info (device loop0): allowing degraded mounts [ 114.562798][ T7700] BTRFS info (device loop0): using free space tree [ 114.579531][ T7700] BTRFS info (device loop0): auto enabling async discard umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7718 ./strace-static-x86_64: Process 7718 attached [pid 7718] chdir("./145") = 0 [pid 7718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7718] setpgid(0, 0) = 0 [pid 7718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7718] write(3, "1000", 4) = 4 [pid 7718] close(3) = 0 [pid 7718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7718] memfd_create("syzkaller", 0) = 3 [pid 7718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7718] munmap(0x7f1b58076000, 16777216) = 0 [pid 7718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7718] close(3) = 0 [pid 7718] mkdir("./bus", 0777) = 0 [ 114.912014][ T7718] loop0: detected capacity change from 0 to 32768 [ 114.923823][ T7718] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7718) [ 114.941055][ T7718] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.949940][ T7718] BTRFS info (device loop0): doing ref verification [pid 7718] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7718] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7718] chdir("./bus") = 0 [pid 7718] ioctl(4, LOOP_CLR_FD) = 0 [pid 7718] close(4) = 0 [pid 7718] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7718] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7718] exit_group(0) = ? [pid 7718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7718, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 [ 114.956554][ T7718] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 114.967760][ T7718] BTRFS info (device loop0): force zlib compression, level 3 [ 114.975538][ T7718] BTRFS info (device loop0): allowing degraded mounts [ 114.982580][ T7718] BTRFS info (device loop0): using free space tree [ 115.000353][ T7718] BTRFS info (device loop0): auto enabling async discard umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7736 ./strace-static-x86_64: Process 7736 attached [pid 7736] chdir("./146") = 0 [pid 7736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7736] setpgid(0, 0) = 0 [pid 7736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7736] write(3, "1000", 4) = 4 [pid 7736] close(3) = 0 [pid 7736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7736] memfd_create("syzkaller", 0) = 3 [pid 7736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7736] munmap(0x7f1b58076000, 16777216) = 0 [pid 7736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7736] close(3) = 0 [pid 7736] mkdir("./bus", 0777) = 0 [ 115.330707][ T7736] loop0: detected capacity change from 0 to 32768 [ 115.341341][ T7736] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7736) [ 115.358618][ T7736] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.367560][ T7736] BTRFS info (device loop0): doing ref verification [pid 7736] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7736] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7736] chdir("./bus") = 0 [pid 7736] ioctl(4, LOOP_CLR_FD) = 0 [pid 7736] close(4) = 0 [pid 7736] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7736] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7736] exit_group(0) = ? [pid 7736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7736, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 [ 115.374323][ T7736] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 115.385281][ T7736] BTRFS info (device loop0): force zlib compression, level 3 [ 115.392775][ T7736] BTRFS info (device loop0): allowing degraded mounts [ 115.399911][ T7736] BTRFS info (device loop0): using free space tree [ 115.418558][ T7736] BTRFS info (device loop0): auto enabling async discard umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7754 ./strace-static-x86_64: Process 7754 attached [pid 7754] chdir("./147") = 0 [pid 7754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7754] setpgid(0, 0) = 0 [pid 7754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7754] write(3, "1000", 4) = 4 [pid 7754] close(3) = 0 [pid 7754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7754] memfd_create("syzkaller", 0) = 3 [pid 7754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7754] munmap(0x7f1b58076000, 16777216) = 0 [pid 7754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7754] close(3) = 0 [pid 7754] mkdir("./bus", 0777) = 0 [ 115.753411][ T7754] loop0: detected capacity change from 0 to 32768 [ 115.762332][ T7754] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7754) [ 115.778283][ T7754] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.787118][ T7754] BTRFS info (device loop0): doing ref verification [pid 7754] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7754] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7754] chdir("./bus") = 0 [pid 7754] ioctl(4, LOOP_CLR_FD) = 0 [pid 7754] close(4) = 0 [pid 7754] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7754] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7754] exit_group(0) = ? [pid 7754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7754, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 115.793796][ T7754] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 115.804720][ T7754] BTRFS info (device loop0): force zlib compression, level 3 [ 115.812233][ T7754] BTRFS info (device loop0): allowing degraded mounts [ 115.819191][ T7754] BTRFS info (device loop0): using free space tree [ 115.836247][ T7754] BTRFS info (device loop0): auto enabling async discard unlink("./147/binderfs") = 0 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7772 ./strace-static-x86_64: Process 7772 attached [pid 7772] chdir("./148") = 0 [pid 7772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7772] setpgid(0, 0) = 0 [pid 7772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7772] write(3, "1000", 4) = 4 [pid 7772] close(3) = 0 [pid 7772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7772] memfd_create("syzkaller", 0) = 3 [pid 7772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7772] munmap(0x7f1b58076000, 16777216) = 0 [pid 7772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7772] close(3) = 0 [pid 7772] mkdir("./bus", 0777) = 0 [ 116.170097][ T7772] loop0: detected capacity change from 0 to 32768 [ 116.179896][ T7772] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7772) [ 116.197047][ T7772] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.205882][ T7772] BTRFS info (device loop0): doing ref verification [pid 7772] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7772] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7772] chdir("./bus") = 0 [pid 7772] ioctl(4, LOOP_CLR_FD) = 0 [pid 7772] close(4) = 0 [pid 7772] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7772] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7772] exit_group(0) = ? [pid 7772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7772, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 [ 116.213067][ T7772] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 116.224090][ T7772] BTRFS info (device loop0): force zlib compression, level 3 [ 116.231648][ T7772] BTRFS info (device loop0): allowing degraded mounts [ 116.238456][ T7772] BTRFS info (device loop0): using free space tree [ 116.255791][ T7772] BTRFS info (device loop0): auto enabling async discard umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7790 ./strace-static-x86_64: Process 7790 attached [pid 7790] chdir("./149") = 0 [pid 7790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7790] setpgid(0, 0) = 0 [pid 7790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7790] write(3, "1000", 4) = 4 [pid 7790] close(3) = 0 [pid 7790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7790] memfd_create("syzkaller", 0) = 3 [pid 7790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7790] munmap(0x7f1b58076000, 16777216) = 0 [pid 7790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7790] close(3) = 0 [pid 7790] mkdir("./bus", 0777) = 0 [ 116.594529][ T7790] loop0: detected capacity change from 0 to 32768 [ 116.605118][ T7790] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7790) [ 116.622095][ T7790] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.631250][ T7790] BTRFS info (device loop0): doing ref verification [pid 7790] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7790] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7790] chdir("./bus") = 0 [pid 7790] ioctl(4, LOOP_CLR_FD) = 0 [pid 7790] close(4) = 0 [pid 7790] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7790] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7790] exit_group(0) = ? [pid 7790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7790, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 [ 116.638281][ T7790] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 116.649431][ T7790] BTRFS info (device loop0): force zlib compression, level 3 [ 116.657035][ T7790] BTRFS info (device loop0): allowing degraded mounts [ 116.664013][ T7790] BTRFS info (device loop0): using free space tree [ 116.680105][ T7790] BTRFS info (device loop0): auto enabling async discard umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7808 ./strace-static-x86_64: Process 7808 attached [pid 7808] chdir("./150") = 0 [pid 7808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7808] setpgid(0, 0) = 0 [pid 7808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7808] write(3, "1000", 4) = 4 [pid 7808] close(3) = 0 [pid 7808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7808] memfd_create("syzkaller", 0) = 3 [pid 7808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7808] munmap(0x7f1b58076000, 16777216) = 0 [pid 7808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7808] close(3) = 0 [pid 7808] mkdir("./bus", 0777) = 0 [ 117.008116][ T7808] loop0: detected capacity change from 0 to 32768 [ 117.017527][ T7808] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7808) [ 117.034299][ T7808] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.043232][ T7808] BTRFS info (device loop0): doing ref verification [pid 7808] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7808] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7808] chdir("./bus") = 0 [pid 7808] ioctl(4, LOOP_CLR_FD) = 0 [pid 7808] close(4) = 0 [pid 7808] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 117.049972][ T7808] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 117.060994][ T7808] BTRFS info (device loop0): force zlib compression, level 3 [ 117.068496][ T7808] BTRFS info (device loop0): allowing degraded mounts [ 117.075470][ T7808] BTRFS info (device loop0): using free space tree [ 117.093446][ T7808] BTRFS info (device loop0): auto enabling async discard [pid 7808] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7808] exit_group(0) = ? [pid 7808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7808, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7826 ./strace-static-x86_64: Process 7826 attached [pid 7826] chdir("./151") = 0 [pid 7826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7826] setpgid(0, 0) = 0 [pid 7826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7826] write(3, "1000", 4) = 4 [pid 7826] close(3) = 0 [pid 7826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7826] memfd_create("syzkaller", 0) = 3 [pid 7826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7826] munmap(0x7f1b58076000, 16777216) = 0 [pid 7826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7826] close(3) = 0 [pid 7826] mkdir("./bus", 0777) = 0 [ 117.429627][ T7826] loop0: detected capacity change from 0 to 32768 [ 117.441769][ T7826] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7826) [ 117.457853][ T7826] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.466954][ T7826] BTRFS info (device loop0): doing ref verification [pid 7826] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7826] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7826] chdir("./bus") = 0 [pid 7826] ioctl(4, LOOP_CLR_FD) = 0 [pid 7826] close(4) = 0 [pid 7826] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7826] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7826] exit_group(0) = ? [ 117.473824][ T7826] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 117.484683][ T7826] BTRFS info (device loop0): force zlib compression, level 3 [ 117.492373][ T7826] BTRFS info (device loop0): allowing degraded mounts [ 117.499209][ T7826] BTRFS info (device loop0): using free space tree [ 117.517846][ T7826] BTRFS info (device loop0): auto enabling async discard [pid 7826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7826, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7844 ./strace-static-x86_64: Process 7844 attached [pid 7844] chdir("./152") = 0 [pid 7844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7844] setpgid(0, 0) = 0 [pid 7844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7844] write(3, "1000", 4) = 4 [pid 7844] close(3) = 0 [pid 7844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7844] memfd_create("syzkaller", 0) = 3 [pid 7844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7844] munmap(0x7f1b58076000, 16777216) = 0 [pid 7844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7844] close(3) = 0 [pid 7844] mkdir("./bus", 0777) = 0 [ 117.847563][ T7844] loop0: detected capacity change from 0 to 32768 [ 117.856867][ T7844] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7844) [ 117.872904][ T7844] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.881820][ T7844] BTRFS info (device loop0): doing ref verification [pid 7844] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7844] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7844] chdir("./bus") = 0 [pid 7844] ioctl(4, LOOP_CLR_FD) = 0 [pid 7844] close(4) = 0 [pid 7844] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7844] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7844] exit_group(0) = ? [pid 7844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7844, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 [ 117.888647][ T7844] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 117.899799][ T7844] BTRFS info (device loop0): force zlib compression, level 3 [ 117.907217][ T7844] BTRFS info (device loop0): allowing degraded mounts [ 117.914181][ T7844] BTRFS info (device loop0): using free space tree [ 117.931258][ T7844] BTRFS info (device loop0): auto enabling async discard umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7862 ./strace-static-x86_64: Process 7862 attached [pid 7862] chdir("./153") = 0 [pid 7862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7862] setpgid(0, 0) = 0 [pid 7862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7862] write(3, "1000", 4) = 4 [pid 7862] close(3) = 0 [pid 7862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7862] memfd_create("syzkaller", 0) = 3 [pid 7862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7862] munmap(0x7f1b58076000, 16777216) = 0 [pid 7862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7862] close(3) = 0 [pid 7862] mkdir("./bus", 0777) = 0 [ 118.246066][ T7862] loop0: detected capacity change from 0 to 32768 [ 118.255723][ T7862] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7862) [ 118.272592][ T7862] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.281488][ T7862] BTRFS info (device loop0): doing ref verification [pid 7862] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7862] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7862] chdir("./bus") = 0 [pid 7862] ioctl(4, LOOP_CLR_FD) = 0 [pid 7862] close(4) = 0 [pid 7862] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7862] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7862] exit_group(0) = ? [pid 7862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7862, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 [ 118.288105][ T7862] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 118.299025][ T7862] BTRFS info (device loop0): force zlib compression, level 3 [ 118.306487][ T7862] BTRFS info (device loop0): allowing degraded mounts [ 118.313599][ T7862] BTRFS info (device loop0): using free space tree [ 118.329568][ T7862] BTRFS info (device loop0): auto enabling async discard umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7880 ./strace-static-x86_64: Process 7880 attached [pid 7880] chdir("./154") = 0 [pid 7880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7880] setpgid(0, 0) = 0 [pid 7880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7880] write(3, "1000", 4) = 4 [pid 7880] close(3) = 0 [pid 7880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7880] memfd_create("syzkaller", 0) = 3 [pid 7880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7880] munmap(0x7f1b58076000, 16777216) = 0 [pid 7880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7880] close(3) = 0 [pid 7880] mkdir("./bus", 0777) = 0 [ 118.661082][ T7880] loop0: detected capacity change from 0 to 32768 [ 118.672173][ T7880] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7880) [ 118.689139][ T7880] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.698614][ T7880] BTRFS info (device loop0): doing ref verification [pid 7880] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7880] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7880] chdir("./bus") = 0 [pid 7880] ioctl(4, LOOP_CLR_FD) = 0 [pid 7880] close(4) = 0 [pid 7880] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7880] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7880] exit_group(0) = ? [ 118.705608][ T7880] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 118.716823][ T7880] BTRFS info (device loop0): force zlib compression, level 3 [ 118.724694][ T7880] BTRFS info (device loop0): allowing degraded mounts [ 118.731601][ T7880] BTRFS info (device loop0): using free space tree [ 118.751250][ T7880] BTRFS info (device loop0): auto enabling async discard [pid 7880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7880, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7898 ./strace-static-x86_64: Process 7898 attached [pid 7898] chdir("./155") = 0 [pid 7898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7898] setpgid(0, 0) = 0 [pid 7898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7898] write(3, "1000", 4) = 4 [pid 7898] close(3) = 0 [pid 7898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7898] memfd_create("syzkaller", 0) = 3 [pid 7898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7898] munmap(0x7f1b58076000, 16777216) = 0 [pid 7898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7898] close(3) = 0 [pid 7898] mkdir("./bus", 0777) = 0 [ 119.090298][ T7898] loop0: detected capacity change from 0 to 32768 [ 119.099831][ T7898] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7898) [ 119.116157][ T7898] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.125276][ T7898] BTRFS info (device loop0): doing ref verification [pid 7898] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7898] chdir("./bus") = 0 [pid 7898] ioctl(4, LOOP_CLR_FD) = 0 [pid 7898] close(4) = 0 [pid 7898] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7898] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7898] exit_group(0) = ? [pid 7898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7898, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 [ 119.132082][ T7898] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 119.142961][ T7898] BTRFS info (device loop0): force zlib compression, level 3 [ 119.150423][ T7898] BTRFS info (device loop0): allowing degraded mounts [ 119.157291][ T7898] BTRFS info (device loop0): using free space tree [ 119.173915][ T7898] BTRFS info (device loop0): auto enabling async discard umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7916 ./strace-static-x86_64: Process 7916 attached [pid 7916] chdir("./156") = 0 [pid 7916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7916] setpgid(0, 0) = 0 [pid 7916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7916] write(3, "1000", 4) = 4 [pid 7916] close(3) = 0 [pid 7916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7916] memfd_create("syzkaller", 0) = 3 [pid 7916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7916] munmap(0x7f1b58076000, 16777216) = 0 [pid 7916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7916] close(3) = 0 [pid 7916] mkdir("./bus", 0777) = 0 [ 119.504994][ T7916] loop0: detected capacity change from 0 to 32768 [ 119.514446][ T7916] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7916) [ 119.530346][ T7916] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.539166][ T7916] BTRFS info (device loop0): doing ref verification [pid 7916] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7916] chdir("./bus") = 0 [pid 7916] ioctl(4, LOOP_CLR_FD) = 0 [pid 7916] close(4) = 0 [pid 7916] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7916] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7916] exit_group(0) = ? [pid 7916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7916, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 [ 119.545882][ T7916] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 119.556709][ T7916] BTRFS info (device loop0): force zlib compression, level 3 [ 119.564569][ T7916] BTRFS info (device loop0): allowing degraded mounts [ 119.571545][ T7916] BTRFS info (device loop0): using free space tree [ 119.589654][ T7916] BTRFS info (device loop0): auto enabling async discard umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7934 ./strace-static-x86_64: Process 7934 attached [pid 7934] chdir("./157") = 0 [pid 7934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7934] setpgid(0, 0) = 0 [pid 7934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7934] write(3, "1000", 4) = 4 [pid 7934] close(3) = 0 [pid 7934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7934] memfd_create("syzkaller", 0) = 3 [pid 7934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7934] munmap(0x7f1b58076000, 16777216) = 0 [pid 7934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7934] close(3) = 0 [pid 7934] mkdir("./bus", 0777) = 0 [ 119.926958][ T7934] loop0: detected capacity change from 0 to 32768 [ 119.936269][ T7934] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7934) [ 119.952384][ T7934] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.961199][ T7934] BTRFS info (device loop0): doing ref verification [pid 7934] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7934] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7934] chdir("./bus") = 0 [pid 7934] ioctl(4, LOOP_CLR_FD) = 0 [pid 7934] close(4) = 0 [pid 7934] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7934] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7934] exit_group(0) = ? [pid 7934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7934, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./157/binderfs") = 0 [ 119.967816][ T7934] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 119.979526][ T7934] BTRFS info (device loop0): force zlib compression, level 3 [ 119.986989][ T7934] BTRFS info (device loop0): allowing degraded mounts [ 119.993807][ T7934] BTRFS info (device loop0): using free space tree [ 120.011815][ T7934] BTRFS info (device loop0): auto enabling async discard umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7952 ./strace-static-x86_64: Process 7952 attached [pid 7952] chdir("./158") = 0 [pid 7952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7952] setpgid(0, 0) = 0 [pid 7952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7952] write(3, "1000", 4) = 4 [pid 7952] close(3) = 0 [pid 7952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7952] memfd_create("syzkaller", 0) = 3 [pid 7952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7952] munmap(0x7f1b58076000, 16777216) = 0 [pid 7952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7952] close(3) = 0 [pid 7952] mkdir("./bus", 0777) = 0 [ 120.333084][ T7952] loop0: detected capacity change from 0 to 32768 [ 120.344248][ T7952] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7952) [ 120.360088][ T7952] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.368852][ T7952] BTRFS info (device loop0): doing ref verification [pid 7952] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7952] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7952] chdir("./bus") = 0 [pid 7952] ioctl(4, LOOP_CLR_FD) = 0 [pid 7952] close(4) = 0 [pid 7952] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7952] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7952] exit_group(0) = ? [pid 7952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7952, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 120.375908][ T7952] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 120.387102][ T7952] BTRFS info (device loop0): force zlib compression, level 3 [ 120.395167][ T7952] BTRFS info (device loop0): allowing degraded mounts [ 120.402108][ T7952] BTRFS info (device loop0): using free space tree [ 120.421555][ T7952] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7970 ./strace-static-x86_64: Process 7970 attached [pid 7970] chdir("./159") = 0 [pid 7970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7970] setpgid(0, 0) = 0 [pid 7970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7970] write(3, "1000", 4) = 4 [pid 7970] close(3) = 0 [pid 7970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7970] memfd_create("syzkaller", 0) = 3 [pid 7970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7970] munmap(0x7f1b58076000, 16777216) = 0 [pid 7970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7970] close(3) = 0 [pid 7970] mkdir("./bus", 0777) = 0 [ 120.758541][ T7970] loop0: detected capacity change from 0 to 32768 [ 120.767964][ T7970] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7970) [ 120.784325][ T7970] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.794347][ T7970] BTRFS info (device loop0): doing ref verification [pid 7970] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7970] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7970] chdir("./bus") = 0 [pid 7970] ioctl(4, LOOP_CLR_FD) = 0 [pid 7970] close(4) = 0 [pid 7970] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7970] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7970] exit_group(0) = ? [pid 7970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7970, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 [ 120.801385][ T7970] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 120.812514][ T7970] BTRFS info (device loop0): force zlib compression, level 3 [ 120.820148][ T7970] BTRFS info (device loop0): allowing degraded mounts [ 120.826927][ T7970] BTRFS info (device loop0): using free space tree [ 120.844859][ T7970] BTRFS info (device loop0): auto enabling async discard umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 7988 ./strace-static-x86_64: Process 7988 attached [pid 7988] chdir("./160") = 0 [pid 7988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7988] setpgid(0, 0) = 0 [pid 7988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7988] write(3, "1000", 4) = 4 [pid 7988] close(3) = 0 [pid 7988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7988] memfd_create("syzkaller", 0) = 3 [pid 7988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 7988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7988] munmap(0x7f1b58076000, 16777216) = 0 [pid 7988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7988] close(3) = 0 [pid 7988] mkdir("./bus", 0777) = 0 [ 121.171365][ T7988] loop0: detected capacity change from 0 to 32768 [ 121.180631][ T7988] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (7988) [ 121.195669][ T7988] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.204735][ T7988] BTRFS info (device loop0): doing ref verification [pid 7988] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7988] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7988] chdir("./bus") = 0 [pid 7988] ioctl(4, LOOP_CLR_FD) = 0 [pid 7988] close(4) = 0 [pid 7988] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7988] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 7988] exit_group(0) = ? [pid 7988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7988, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./160/binderfs") = 0 [ 121.211600][ T7988] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 121.222733][ T7988] BTRFS info (device loop0): force zlib compression, level 3 [ 121.230392][ T7988] BTRFS info (device loop0): allowing degraded mounts [ 121.237174][ T7988] BTRFS info (device loop0): using free space tree [ 121.254942][ T7988] BTRFS info (device loop0): auto enabling async discard umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 8006 ./strace-static-x86_64: Process 8006 attached [pid 8006] chdir("./161") = 0 [pid 8006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8006] setpgid(0, 0) = 0 [pid 8006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8006] write(3, "1000", 4) = 4 [pid 8006] close(3) = 0 [pid 8006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8006] memfd_create("syzkaller", 0) = 3 [pid 8006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 8006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8006] munmap(0x7f1b58076000, 16777216) = 0 [pid 8006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8006] close(3) = 0 [pid 8006] mkdir("./bus", 0777) = 0 [ 121.595007][ T8006] loop0: detected capacity change from 0 to 32768 [ 121.604380][ T8006] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (8006) [ 121.620889][ T8006] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.629781][ T8006] BTRFS info (device loop0): doing ref verification [pid 8006] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8006] chdir("./bus") = 0 [pid 8006] ioctl(4, LOOP_CLR_FD) = 0 [pid 8006] close(4) = 0 [pid 8006] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8006] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8006] exit_group(0) = ? [pid 8006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8006, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 [ 121.636406][ T8006] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 121.648295][ T8006] BTRFS info (device loop0): force zlib compression, level 3 [ 121.655969][ T8006] BTRFS info (device loop0): allowing degraded mounts [ 121.663056][ T8006] BTRFS info (device loop0): using free space tree [ 121.680816][ T8006] BTRFS info (device loop0): auto enabling async discard umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 8024 ./strace-static-x86_64: Process 8024 attached [pid 8024] chdir("./162") = 0 [pid 8024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8024] setpgid(0, 0) = 0 [pid 8024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8024] write(3, "1000", 4) = 4 [pid 8024] close(3) = 0 [pid 8024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8024] memfd_create("syzkaller", 0) = 3 [pid 8024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 8024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8024] munmap(0x7f1b58076000, 16777216) = 0 [pid 8024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8024] close(3) = 0 [pid 8024] mkdir("./bus", 0777) = 0 [ 122.020449][ T8024] loop0: detected capacity change from 0 to 32768 [ 122.030461][ T8024] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (8024) [ 122.047280][ T8024] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.056899][ T8024] BTRFS info (device loop0): doing ref verification [pid 8024] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8024] chdir("./bus") = 0 [pid 8024] ioctl(4, LOOP_CLR_FD) = 0 [pid 8024] close(4) = 0 [pid 8024] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8024] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8024] exit_group(0) = ? [pid 8024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8024, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 122.063586][ T8024] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 122.074433][ T8024] BTRFS info (device loop0): force zlib compression, level 3 [ 122.081912][ T8024] BTRFS info (device loop0): allowing degraded mounts [ 122.088713][ T8024] BTRFS info (device loop0): using free space tree [ 122.106520][ T8024] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 8042 ./strace-static-x86_64: Process 8042 attached [pid 8042] chdir("./163") = 0 [pid 8042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8042] setpgid(0, 0) = 0 [pid 8042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8042] write(3, "1000", 4) = 4 [pid 8042] close(3) = 0 [pid 8042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8042] memfd_create("syzkaller", 0) = 3 [pid 8042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 8042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8042] munmap(0x7f1b58076000, 16777216) = 0 [pid 8042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8042] close(3) = 0 [pid 8042] mkdir("./bus", 0777) = 0 [ 122.448697][ T8042] loop0: detected capacity change from 0 to 32768 [ 122.459439][ T8042] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (8042) [ 122.476394][ T8042] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.485459][ T8042] BTRFS info (device loop0): doing ref verification [pid 8042] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8042] chdir("./bus") = 0 [pid 8042] ioctl(4, LOOP_CLR_FD) = 0 [pid 8042] close(4) = 0 [pid 8042] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8042] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8042] exit_group(0) = ? [pid 8042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8042, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 [ 122.492161][ T8042] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 122.503056][ T8042] BTRFS info (device loop0): force zlib compression, level 3 [ 122.510535][ T8042] BTRFS info (device loop0): allowing degraded mounts [ 122.517345][ T8042] BTRFS info (device loop0): using free space tree [ 122.535047][ T8042] BTRFS info (device loop0): auto enabling async discard umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 8060 ./strace-static-x86_64: Process 8060 attached [pid 8060] chdir("./164") = 0 [pid 8060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8060] setpgid(0, 0) = 0 [pid 8060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8060] write(3, "1000", 4) = 4 [pid 8060] close(3) = 0 [pid 8060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8060] memfd_create("syzkaller", 0) = 3 [pid 8060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 8060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8060] munmap(0x7f1b58076000, 16777216) = 0 [pid 8060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8060] close(3) = 0 [pid 8060] mkdir("./bus", 0777) = 0 [ 122.858174][ T8060] loop0: detected capacity change from 0 to 32768 [ 122.868618][ T8060] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (8060) [ 122.886651][ T8060] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.895764][ T8060] BTRFS info (device loop0): doing ref verification [pid 8060] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8060] chdir("./bus") = 0 [pid 8060] ioctl(4, LOOP_CLR_FD) = 0 [pid 8060] close(4) = 0 [pid 8060] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8060] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8060] exit_group(0) = ? [pid 8060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8060, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 [ 122.902566][ T8060] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 122.913564][ T8060] BTRFS info (device loop0): force zlib compression, level 3 [ 122.921217][ T8060] BTRFS info (device loop0): allowing degraded mounts [ 122.928030][ T8060] BTRFS info (device loop0): using free space tree [ 122.946711][ T8060] BTRFS info (device loop0): auto enabling async discard umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 8078 ./strace-static-x86_64: Process 8078 attached [pid 8078] chdir("./165") = 0 [pid 8078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8078] setpgid(0, 0) = 0 [pid 8078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8078] write(3, "1000", 4) = 4 [pid 8078] close(3) = 0 [pid 8078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8078] memfd_create("syzkaller", 0) = 3 [pid 8078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 8078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8078] munmap(0x7f1b58076000, 16777216) = 0 [pid 8078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8078] close(3) = 0 [pid 8078] mkdir("./bus", 0777) = 0 [ 123.275051][ T8078] loop0: detected capacity change from 0 to 32768 [ 123.295396][ T8078] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (8078) [ 123.310748][ T8078] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.319791][ T8078] BTRFS info (device loop0): doing ref verification [ 123.326418][ T8078] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 123.337307][ T8078] BTRFS info (device loop0): force zlib compression, level 3 [ 123.345117][ T8078] BTRFS info (device loop0): allowing degraded mounts [ 123.352338][ T8078] BTRFS info (device loop0): using free space tree [pid 8078] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8078] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8078] chdir("./bus") = 0 [pid 8078] ioctl(4, LOOP_CLR_FD) = 0 [pid 8078] close(4) = 0 [pid 8078] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8078] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8078] exit_group(0) = ? [pid 8078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8078, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 123.369420][ T8078] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555563f0660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563f0660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/bus") = 0 getdents64(3, 0x5555563e8620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563e75d0) = 8096 ./strace-static-x86_64: Process 8096 attached [pid 8096] chdir("./166") = 0 [pid 8096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8096] setpgid(0, 0) = 0 [pid 8096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8096] write(3, "1000", 4) = 4 [pid 8096] close(3) = 0 [pid 8096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8096] memfd_create("syzkaller", 0) = 3 [pid 8096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b58076000 [pid 8096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8096] munmap(0x7f1b58076000, 16777216) = 0 [pid 8096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8096] close(3) = 0 [pid 8096] mkdir("./bus", 0777) = 0 [ 123.727537][ T8096] loop0: detected capacity change from 0 to 32768 [ 123.736716][ T8096] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor267 (8096) [ 123.753762][ T8096] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.762826][ T8096] BTRFS info (device loop0): doing ref verification [pid 8096] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 8096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 8096] chdir("./bus") = 0 [pid 8096] ioctl(4, LOOP_CLR_FD) = 0 [pid 8096] close(4) = 0 [pid 8096] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8096] write(4, "\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x2c\x73\x70\x61\x63\x65\x5f\x63\x61\x63\x68\x65\x3d\x76\x32\x2c\x64\x65\x67\x72\x61\x64\x65\x64\x2c\x6e\x6f\x61\x63\x6c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 8096] exit_group(0) = ? [pid 8096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8096, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555563e8620 /* 4 entries */, 32768) = 104 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 [ 123.769566][ T8096] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 123.780691][ T8096] BTRFS info (device loop0): force zlib compression, level 3 [ 123.788106][ T8096] BTRFS info (device loop0): allowing degraded mounts [ 123.795309][ T8096] BTRFS info (device loop0): using free space tree [ 123.813289][ T8096] BTRFS info (device loop0): auto enabling async discard [ 123.912962][ T5073] VFS: Busy inodes after unmount of loop0 (btrfs) [ 123.913162][ T5073] ------------[ cut here ]------------ [ 123.925605][ T5073] kernel BUG at fs/super.c:504! [ 123.932495][ T5073] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 123.938608][ T5073] CPU: 0 PID: 5073 Comm: syz-executor267 Not tainted 6.3.0-rc4-syzkaller-00051-g8bb95a1662f8 #0 [ 123.949047][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 123.959121][ T5073] RIP: 0010:generic_shutdown_super+0x33d/0x340 [ 123.965319][ T5073] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 55 25 f0 ff 48 8b 13 48 c7 c7 20 ca f6 8a 4c 89 fe e8 d3 9a ae 08 <0f> 0b 90 66 0f 1f 00 41 57 41 56 53 49 89 fe 49 bf 00 00 00 00 00 [ 123.984945][ T5073] RSP: 0018:ffffc90003cffc28 EFLAGS: 00010246 [ 123.991124][ T5073] RAX: 000000000000002f RBX: ffffffff8d42a420 RCX: 880f86aee6218000 [ 123.999112][ T5073] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 124.007100][ T5073] RBP: 1ffff1100f4da8fb R08: ffffffff816de46c R09: fffff5200079ff3d [ 124.015133][ T5073] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 124.023130][ T5073] R13: dffffc0000000000 R14: ffffffff8b292958 R15: ffff88807a6d46a8 [ 124.031116][ T5073] FS: 00005555563e7300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 124.040138][ T5073] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.046716][ T5073] CR2: 00007ffd1fd759e8 CR3: 00000000296ea000 CR4: 00000000003506f0 [ 124.054678][ T5073] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.062651][ T5073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.070651][ T5073] Call Trace: [ 124.073934][ T5073] [ 124.076888][ T5073] kill_anon_super+0x3b/0x60 [ 124.081484][ T5073] btrfs_kill_super+0x41/0x50 [ 124.086155][ T5073] deactivate_locked_super+0xa4/0x110 [ 124.091532][ T5073] cleanup_mnt+0x426/0x4c0 [ 124.095940][ T5073] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.101156][ T5073] task_work_run+0x24a/0x300 [ 124.105748][ T5073] ? dput+0x3a1/0x420 [ 124.109735][ T5073] ? task_work_cancel+0x2b0/0x2b0 [ 124.114758][ T5073] ? __x64_sys_umount+0x126/0x170 [ 124.119859][ T5073] ptrace_notify+0x2cd/0x380 [ 124.124439][ T5073] ? do_notify_parent+0xf50/0xf50 [ 124.130230][ T5073] ? user_path_at_empty+0x12f/0x180 [ 124.135421][ T5073] ? __x64_sys_umount+0x126/0x170 [ 124.140433][ T5073] ? path_umount+0xea0/0xea0 [ 124.145007][ T5073] ? syscall_enter_from_user_mode+0x32/0x230 [ 124.150973][ T5073] syscall_exit_to_user_mode+0x157/0x280 [ 124.156595][ T5073] do_syscall_64+0x4d/0xc0 [ 124.161021][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.166945][ T5073] RIP: 0033:0x7f1b604c4da7 [ 124.171357][ T5073] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 124.191084][ T5073] RSP: 002b:00007ffd3c5fd4a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 124.199487][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f1b604c4da7 [ 124.207443][ T5073] RDX: 00007ffd3c5fd569 RSI: 000000000000000a RDI: 00007ffd3c5fd560 [ 124.215399][ T5073] RBP: 00007ffd3c5fd560 R08: 00000000ffffffff R09: 00007ffd3c5fd340 [ 124.223358][ T5073] R10: 00005555563e8683 R11: 0000000000000202 R12: 00007ffd3c5fe5d0 [ 124.231317][ T5073] R13: 00005555563e85f0 R14: 00007ffd3c5fd4d0 R15: 00000000000000a7 [ 124.239377][ T5073] [ 124.242389][ T5073] Modules linked in: [ 124.247030][ T5073] ---[ end trace 0000000000000000 ]--- [ 124.252711][ T5073] RIP: 0010:generic_shutdown_super+0x33d/0x340 [ 124.258993][ T5073] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 55 25 f0 ff 48 8b 13 48 c7 c7 20 ca f6 8a 4c 89 fe e8 d3 9a ae 08 <0f> 0b 90 66 0f 1f 00 41 57 41 56 53 49 89 fe 49 bf 00 00 00 00 00 [ 124.280284][ T5073] RSP: 0018:ffffc90003cffc28 EFLAGS: 00010246 [ 124.286563][ T5073] RAX: 000000000000002f RBX: ffffffff8d42a420 RCX: 880f86aee6218000 [ 124.296081][ T5073] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 124.304139][ T5073] RBP: 1ffff1100f4da8fb R08: ffffffff816de46c R09: fffff5200079ff3d [ 124.312144][ T5073] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 124.320156][ T5073] R13: dffffc0000000000 R14: ffffffff8b292958 R15: ffff88807a6d46a8 [ 124.328223][ T5073] FS: 00005555563e7300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 124.337185][ T5073] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.343800][ T5073] CR2: 00007ffd1fd70508 CR3: 00000000296ea000 CR4: 00000000003506e0 [ 124.351805][ T5073] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.359835][ T5073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.367818][ T5073] Kernel panic - not syncing: Fatal exception [ 124.374140][ T5073] Kernel Offset: disabled [ 124.378489][ T5073] Rebooting in 86400 seconds..