./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3146595609
<...>
Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts.
execve("./syz-executor3146595609", ["./syz-executor3146595609"], 0x7fff28f77b20 /* 10 vars */) = 0
brk(NULL) = 0x555556a41000
brk(0x555556a41d00) = 0x555556a41d00
arch_prctl(ARCH_SET_FS, 0x555556a41380) = 0
set_tid_address(0x555556a41650) = 5028
set_robust_list(0x555556a41660, 24) = 0
rseq(0x555556a41ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3146595609", 4096) = 28
getrandom("\x66\x59\x19\xda\x17\x7e\x55\x46", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556a41d00
brk(0x555556a62d00) = 0x555556a62d00
brk(0x555556a63000) = 0x555556a63000
mprotect(0x7f019436e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.PkBd1p", 0700) = 0
chmod("./syzkaller.PkBd1p", 0777) = 0
chdir("./syzkaller.PkBd1p") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5029 attached
, child_tidptr=0x555556a41650) = 5029
[pid 5029] set_robust_list(0x555556a41660, 24) = 0
[pid 5029] chdir("./0") = 0
[pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5029] setpgid(0, 0) = 0
[pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5029] write(3, "1000", 4) = 4
[pid 5029] close(3) = 0
[pid 5029] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5029] memfd_create("syzkaller", 0) = 3
[pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
syzkaller login: [ 50.212744][ T5029] syz-executor314[5029]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5029] munmap(0x7f018beb6000, 16777216) = 0
[pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5029] close(3) = 0
[pid 5029] mkdir("./bus", 0777) = 0
[ 50.338813][ T5029] loop0: detected capacity change from 0 to 32768
[ 50.348245][ T5029] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5029)
[ 50.364773][ T5029] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 50.373568][ T5029] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 50.384766][ T5029] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 50.395593][ T5029] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 50.406460][ T5029] BTRFS info (device loop0): trying to use backup root at mount time
[ 50.414753][ T5029] BTRFS info (device loop0): use zlib compression, level 3
[ 50.421978][ T5029] BTRFS info (device loop0): enabling ssd optimizations
[ 50.429202][ T5029] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5029] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5029] chdir("./bus") = 0
[pid 5029] ioctl(4, LOOP_CLR_FD) = 0
[pid 5029] close(4) = 0
[pid 5029] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5029] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5029] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5029] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5029] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5029] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5029] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5029] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5029] open("./bus", O_RDONLY) = 6
[pid 5029] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5029] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5029] creat("./bus", 000) = 7
[pid 5029] exit_group(0) = ?
[ 50.437028][ T5029] BTRFS info (device loop0): using free space tree
[ 50.453571][ T5029] BTRFS info (device loop0): auto enabling async discard
[pid 5029] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 50.478670][ T28] audit: type=1804 audit(1693868448.680:2): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/0/bus/bus" dev="loop0" ino=263 res=1 errno=0
[ 50.502313][ T28] audit: type=1804 audit(1693868448.680:3): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/0/bus/bus" dev="loop0" ino=263 res=1 errno=0
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a41650) = 5048
./strace-static-x86_64: Process 5048 attached
[pid 5048] set_robust_list(0x555556a41660, 24) = 0
[pid 5048] chdir("./1") = 0
[pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5048] setpgid(0, 0) = 0
[pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5048] write(3, "1000", 4) = 4
[pid 5048] close(3) = 0
[pid 5048] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5048] memfd_create("syzkaller", 0) = 3
[pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 50.596228][ T5048] syz-executor314[5048]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5048] munmap(0x7f018beb6000, 16777216) = 0
[pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5048] close(3) = 0
[pid 5048] mkdir("./bus", 0777) = 0
[ 50.793665][ T5048] loop0: detected capacity change from 0 to 32768
[ 50.802936][ T5048] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5048)
[ 50.819503][ T5048] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 50.828312][ T5048] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 50.839293][ T5048] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 50.850129][ T5048] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 50.860861][ T5048] BTRFS info (device loop0): trying to use backup root at mount time
[ 50.869161][ T5048] BTRFS info (device loop0): use zlib compression, level 3
[ 50.876398][ T5048] BTRFS info (device loop0): enabling ssd optimizations
[ 50.883407][ T5048] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5048] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5048] chdir("./bus") = 0
[pid 5048] ioctl(4, LOOP_CLR_FD) = 0
[pid 5048] close(4) = 0
[pid 5048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5048] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5048] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5048] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5048] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5048] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5048] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5048] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5048] open("./bus", O_RDONLY) = 6
[ 50.891054][ T5048] BTRFS info (device loop0): using free space tree
[ 50.908472][ T5048] BTRFS info (device loop0): auto enabling async discard
[pid 5048] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5048] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5048] creat("./bus", 000) = 7
[pid 5048] exit_group(0) = ?
[pid 5048] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=20 /* 0.20 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 50.932173][ T28] audit: type=1804 audit(1693868449.130:4): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/1/bus/bus" dev="loop0" ino=263 res=1 errno=0
[ 50.956154][ T28] audit: type=1804 audit(1693868449.160:5): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/1/bus/bus" dev="loop0" ino=263 res=1 errno=0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached
, child_tidptr=0x555556a41650) = 5065
[pid 5065] set_robust_list(0x555556a41660, 24) = 0
[pid 5065] chdir("./2") = 0
[pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5065] setpgid(0, 0) = 0
[pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5065] write(3, "1000", 4) = 4
[pid 5065] close(3) = 0
[pid 5065] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5065] memfd_create("syzkaller", 0) = 3
[pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 51.041761][ T5065] syz-executor314[5065]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5065] munmap(0x7f018beb6000, 16777216) = 0
[pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5065] close(3) = 0
[pid 5065] mkdir("./bus", 0777) = 0
[ 51.234711][ T5065] loop0: detected capacity change from 0 to 32768
[ 51.244827][ T5065] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5065)
[ 51.261354][ T5065] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 51.270429][ T5065] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 51.281490][ T5065] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 51.292622][ T5065] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 51.303368][ T5065] BTRFS info (device loop0): trying to use backup root at mount time
[ 51.311426][ T5065] BTRFS info (device loop0): use zlib compression, level 3
[ 51.319439][ T5065] BTRFS info (device loop0): enabling ssd optimizations
[ 51.326513][ T5065] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5065] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5065] chdir("./bus") = 0
[pid 5065] ioctl(4, LOOP_CLR_FD) = 0
[pid 5065] close(4) = 0
[pid 5065] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5065] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5065] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5065] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5065] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5065] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5065] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5065] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5065] open("./bus", O_RDONLY) = 6
[ 51.334215][ T5065] BTRFS info (device loop0): using free space tree
[ 51.351652][ T5065] BTRFS info (device loop0): auto enabling async discard
[pid 5065] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5065] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5065] creat("./bus", 000) = 7
[pid 5065] exit_group(0) = ?
[pid 5065] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 51.379848][ T28] audit: type=1804 audit(1693868449.580:6): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/2/bus/bus" dev="loop0" ino=263 res=1 errno=0
[ 51.403820][ T28] audit: type=1804 audit(1693868449.610:7): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/2/bus/bus" dev="loop0" ino=263 res=1 errno=0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a41650) = 5082
./strace-static-x86_64: Process 5082 attached
[pid 5082] set_robust_list(0x555556a41660, 24) = 0
[pid 5082] chdir("./3") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 51.551379][ T5082] syz-executor314[5082]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5082] munmap(0x7f018beb6000, 16777216) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./bus", 0777) = 0
[ 51.682814][ T5082] loop0: detected capacity change from 0 to 32768
[ 51.691730][ T5082] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5082)
[ 51.707162][ T5082] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 51.716140][ T5082] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 51.727168][ T5082] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 51.738238][ T5082] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 51.748994][ T5082] BTRFS info (device loop0): trying to use backup root at mount time
[ 51.757320][ T5082] BTRFS info (device loop0): use zlib compression, level 3
[ 51.764557][ T5082] BTRFS info (device loop0): enabling ssd optimizations
[ 51.771485][ T5082] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5082] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./bus") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5082] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5082] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5082] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5082] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5082] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5082] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5082] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5082] open("./bus", O_RDONLY) = 6
[pid 5082] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5082] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5082] creat("./bus", 000) = 7
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 51.779202][ T5082] BTRFS info (device loop0): using free space tree
[ 51.794776][ T5082] BTRFS info (device loop0): auto enabling async discard
[ 51.811399][ T28] audit: type=1804 audit(1693868450.010:8): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/3/bus/bus" dev="loop0" ino=263 res=1 errno=0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached
, child_tidptr=0x555556a41650) = 5099
[pid 5099] set_robust_list(0x555556a41660, 24) = 0
[ 51.833752][ T28] audit: type=1804 audit(1693868450.010:9): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/3/bus/bus" dev="loop0" ino=263 res=1 errno=0
[pid 5099] chdir("./4") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 51.898221][ T5099] syz-executor314[5099]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5099] munmap(0x7f018beb6000, 16777216) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./bus", 0777) = 0
[ 52.109196][ T5099] loop0: detected capacity change from 0 to 32768
[ 52.117886][ T5099] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5099)
[ 52.132618][ T5099] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 52.141645][ T5099] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 52.152668][ T5099] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 52.163801][ T5099] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 52.174770][ T5099] BTRFS info (device loop0): trying to use backup root at mount time
[ 52.182856][ T5099] BTRFS info (device loop0): use zlib compression, level 3
[ 52.190235][ T5099] BTRFS info (device loop0): enabling ssd optimizations
[ 52.197395][ T5099] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5099] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./bus") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5099] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5099] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5099] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5099] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5099] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5099] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5099] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5099] open("./bus", O_RDONLY) = 6
[pid 5099] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5099] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5099] creat("./bus", 000) = 7
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 52.205097][ T5099] BTRFS info (device loop0): using free space tree
[ 52.221756][ T5099] BTRFS info (device loop0): auto enabling async discard
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached
, child_tidptr=0x555556a41650) = 5116
[pid 5116] set_robust_list(0x555556a41660, 24) = 0
[pid 5116] chdir("./5") = 0
[pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5116] setpgid(0, 0) = 0
[pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5116] write(3, "1000", 4) = 4
[pid 5116] close(3) = 0
[ 52.245781][ T28] audit: type=1804 audit(1693868450.450:10): pid=5099 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/4/bus/bus" dev="loop0" ino=263 res=1 errno=0
[ 52.268424][ T28] audit: type=1804 audit(1693868450.450:11): pid=5099 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/4/bus/bus" dev="loop0" ino=263 res=1 errno=0
[pid 5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5116] memfd_create("syzkaller", 0) = 3
[pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 52.342639][ T5116] syz-executor314[5116]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5116] munmap(0x7f018beb6000, 16777216) = 0
[pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5116] close(3) = 0
[pid 5116] mkdir("./bus", 0777) = 0
[ 52.551060][ T5116] loop0: detected capacity change from 0 to 32768
[ 52.560309][ T5116] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5116)
[ 52.575017][ T5116] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 52.583802][ T5116] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 52.594748][ T5116] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 52.610110][ T5116] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 52.621055][ T5116] BTRFS info (device loop0): trying to use backup root at mount time
[ 52.629388][ T5116] BTRFS info (device loop0): use zlib compression, level 3
[ 52.636730][ T5116] BTRFS info (device loop0): enabling ssd optimizations
[pid 5116] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5116] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5116] chdir("./bus") = 0
[pid 5116] ioctl(4, LOOP_CLR_FD) = 0
[pid 5116] close(4) = 0
[pid 5116] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5116] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5116] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5116] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5116] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5116] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5116] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5116] open("./bus", O_RDONLY) = 6
[pid 5116] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5116] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5116] creat("./bus", 000) = 7
[pid 5116] exit_group(0) = ?
[pid 5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=21 /* 0.21 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 52.644114][ T5116] BTRFS info (device loop0): using spread ssd allocation scheme
[ 52.653574][ T5116] BTRFS info (device loop0): using free space tree
[ 52.670557][ T5116] BTRFS info (device loop0): auto enabling async discard
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached
, child_tidptr=0x555556a41650) = 5133
[pid 5133] set_robust_list(0x555556a41660, 24) = 0
[pid 5133] chdir("./6") = 0
[pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5133] setpgid(0, 0) = 0
[pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5133] write(3, "1000", 4) = 4
[pid 5133] close(3) = 0
[pid 5133] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5133] memfd_create("syzkaller", 0) = 3
[pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 52.799762][ T5133] syz-executor314[5133]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5133] munmap(0x7f018beb6000, 16777216) = 0
[pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5133] close(3) = 0
[pid 5133] mkdir("./bus", 0777) = 0
[ 52.998758][ T5133] loop0: detected capacity change from 0 to 32768
[ 53.007604][ T5133] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5133)
[ 53.023492][ T5133] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 53.032311][ T5133] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 53.043505][ T5133] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 53.054368][ T5133] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 53.065057][ T5133] BTRFS info (device loop0): trying to use backup root at mount time
[ 53.073152][ T5133] BTRFS info (device loop0): use zlib compression, level 3
[ 53.080370][ T5133] BTRFS info (device loop0): enabling ssd optimizations
[ 53.087332][ T5133] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5133] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5133] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5133] chdir("./bus") = 0
[pid 5133] ioctl(4, LOOP_CLR_FD) = 0
[pid 5133] close(4) = 0
[pid 5133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5133] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5133] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5133] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5133] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5133] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5133] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5133] open("./bus", O_RDONLY) = 6
[pid 5133] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5133] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5133] creat("./bus", 000) = 7
[pid 5133] exit_group(0) = ?
[pid 5133] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 53.095103][ T5133] BTRFS info (device loop0): using free space tree
[ 53.111399][ T5133] BTRFS info (device loop0): auto enabling async discard
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/bus") = 0
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5150 attached
, child_tidptr=0x555556a41650) = 5150
[pid 5150] set_robust_list(0x555556a41660, 24) = 0
[pid 5150] chdir("./7") = 0
[pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5150] setpgid(0, 0) = 0
[pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5150] write(3, "1000", 4) = 4
[pid 5150] close(3) = 0
[pid 5150] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5150] memfd_create("syzkaller", 0) = 3
[pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 53.204645][ T5150] syz-executor314[5150]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5150] munmap(0x7f018beb6000, 16777216) = 0
[pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5150] close(3) = 0
[pid 5150] mkdir("./bus", 0777) = 0
[ 53.402075][ T5150] loop0: detected capacity change from 0 to 32768
[ 53.411662][ T5150] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5150)
[ 53.427830][ T5150] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 53.436791][ T5150] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 53.447773][ T5150] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 53.458568][ T5150] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 53.469468][ T5150] BTRFS info (device loop0): trying to use backup root at mount time
[ 53.477791][ T5150] BTRFS info (device loop0): use zlib compression, level 3
[ 53.485200][ T5150] BTRFS info (device loop0): enabling ssd optimizations
[ 53.492330][ T5150] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5150] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5150] chdir("./bus") = 0
[pid 5150] ioctl(4, LOOP_CLR_FD) = 0
[pid 5150] close(4) = 0
[pid 5150] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5150] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5150] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5150] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5150] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5150] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5150] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5150] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5150] open("./bus", O_RDONLY) = 6
[pid 5150] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5150] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5150] creat("./bus", 000) = 7
[pid 5150] exit_group(0) = ?
[pid 5150] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 53.500045][ T5150] BTRFS info (device loop0): using free space tree
[ 53.516185][ T5150] BTRFS info (device loop0): auto enabling async discard
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/bus") = 0
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a41650) = 5167
./strace-static-x86_64: Process 5167 attached
[pid 5167] set_robust_list(0x555556a41660, 24) = 0
[pid 5167] chdir("./8") = 0
[pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5167] setpgid(0, 0) = 0
[pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5167] write(3, "1000", 4) = 4
[pid 5167] close(3) = 0
[pid 5167] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5167] memfd_create("syzkaller", 0) = 3
[pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 53.592041][ T5167] syz-executor314[5167]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5167] munmap(0x7f018beb6000, 16777216) = 0
[pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5167] close(3) = 0
[pid 5167] mkdir("./bus", 0777) = 0
[ 53.809804][ T5167] loop0: detected capacity change from 0 to 32768
[ 53.819466][ T5167] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5167)
[ 53.835342][ T5167] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 53.844143][ T5167] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 53.855086][ T5167] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 53.865948][ T5167] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 53.876577][ T5167] BTRFS info (device loop0): trying to use backup root at mount time
[ 53.884808][ T5167] BTRFS info (device loop0): use zlib compression, level 3
[ 53.895644][ T5167] BTRFS info (device loop0): enabling ssd optimizations
[pid 5167] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5167] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5167] chdir("./bus") = 0
[pid 5167] ioctl(4, LOOP_CLR_FD) = 0
[pid 5167] close(4) = 0
[pid 5167] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5167] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5167] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5167] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5167] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5167] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5167] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5167] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5167] open("./bus", O_RDONLY) = 6
[pid 5167] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5167] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5167] creat("./bus", 000) = 7
[pid 5167] exit_group(0) = ?
[pid 5167] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 53.902679][ T5167] BTRFS info (device loop0): using spread ssd allocation scheme
[ 53.910769][ T5167] BTRFS info (device loop0): using free space tree
[ 53.926896][ T5167] BTRFS info (device loop0): auto enabling async discard
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/bus") = 0
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached
, child_tidptr=0x555556a41650) = 5184
[pid 5184] set_robust_list(0x555556a41660, 24) = 0
[pid 5184] chdir("./9") = 0
[pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5184] setpgid(0, 0) = 0
[pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5184] write(3, "1000", 4) = 4
[pid 5184] close(3) = 0
[pid 5184] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5184] memfd_create("syzkaller", 0) = 3
[pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 54.001348][ T5184] syz-executor314[5184]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5184] munmap(0x7f018beb6000, 16777216) = 0
[pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5184] close(3) = 0
[pid 5184] mkdir("./bus", 0777) = 0
[ 54.208844][ T5184] loop0: detected capacity change from 0 to 32768
[ 54.217694][ T5184] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5184)
[ 54.234311][ T5184] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 54.243165][ T5184] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 54.254119][ T5184] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 54.265102][ T5184] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 54.275853][ T5184] BTRFS info (device loop0): trying to use backup root at mount time
[ 54.283957][ T5184] BTRFS info (device loop0): use zlib compression, level 3
[ 54.291239][ T5184] BTRFS info (device loop0): enabling ssd optimizations
[ 54.298248][ T5184] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5184] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5184] chdir("./bus") = 0
[pid 5184] ioctl(4, LOOP_CLR_FD) = 0
[pid 5184] close(4) = 0
[pid 5184] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5184] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5184] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5184] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5184] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5184] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5184] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5184] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5184] open("./bus", O_RDONLY) = 6
[pid 5184] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5184] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5184] creat("./bus", 000) = 7
[pid 5184] exit_group(0) = ?
[pid 5184] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=22 /* 0.22 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 54.306065][ T5184] BTRFS info (device loop0): using free space tree
[ 54.321467][ T5184] BTRFS info (device loop0): auto enabling async discard
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/bus") = 0
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached
, child_tidptr=0x555556a41650) = 5201
[pid 5201] set_robust_list(0x555556a41660, 24) = 0
[pid 5201] chdir("./10") = 0
[pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5201] setpgid(0, 0) = 0
[pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5201] write(3, "1000", 4) = 4
[pid 5201] close(3) = 0
[pid 5201] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5201] memfd_create("syzkaller", 0) = 3
[pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5201] munmap(0x7f018beb6000, 16777216) = 0
[pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5201] close(3) = 0
[pid 5201] mkdir("./bus", 0777) = 0
[ 54.599431][ T5201] loop0: detected capacity change from 0 to 32768
[ 54.609024][ T5201] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5201)
[ 54.625200][ T5201] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 54.634087][ T5201] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 54.645071][ T5201] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 54.656007][ T5201] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 54.666643][ T5201] BTRFS info (device loop0): trying to use backup root at mount time
[ 54.674825][ T5201] BTRFS info (device loop0): use zlib compression, level 3
[ 54.682123][ T5201] BTRFS info (device loop0): enabling ssd optimizations
[ 54.689194][ T5201] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5201] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5201] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5201] chdir("./bus") = 0
[pid 5201] ioctl(4, LOOP_CLR_FD) = 0
[pid 5201] close(4) = 0
[pid 5201] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5201] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5201] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5201] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5201] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5201] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5201] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5201] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5201] open("./bus", O_RDONLY) = 6
[pid 5201] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5201] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5201] creat("./bus", 000) = 7
[pid 5201] exit_group(0) = ?
[pid 5201] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=18 /* 0.18 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 54.696886][ T5201] BTRFS info (device loop0): using free space tree
[ 54.712790][ T5201] BTRFS info (device loop0): auto enabling async discard
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/bus") = 0
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached
, child_tidptr=0x555556a41650) = 5218
[pid 5218] set_robust_list(0x555556a41660, 24) = 0
[pid 5218] chdir("./11") = 0
[pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5218] setpgid(0, 0) = 0
[pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5218] write(3, "1000", 4) = 4
[pid 5218] close(3) = 0
[pid 5218] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5218] memfd_create("syzkaller", 0) = 3
[pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5218] munmap(0x7f018beb6000, 16777216) = 0
[pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5218] close(3) = 0
[pid 5218] mkdir("./bus", 0777) = 0
[ 54.997449][ T5218] loop0: detected capacity change from 0 to 32768
[ 55.006516][ T5218] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5218)
[ 55.021610][ T5218] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 55.030660][ T5218] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.041504][ T5218] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.052669][ T5218] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 55.063297][ T5218] BTRFS info (device loop0): trying to use backup root at mount time
[ 55.071369][ T5218] BTRFS info (device loop0): use zlib compression, level 3
[ 55.078608][ T5218] BTRFS info (device loop0): enabling ssd optimizations
[ 55.085806][ T5218] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5218] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5218] chdir("./bus") = 0
[pid 5218] ioctl(4, LOOP_CLR_FD) = 0
[pid 5218] close(4) = 0
[pid 5218] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5218] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5218] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5218] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5218] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5218] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5218] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5218] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5218] open("./bus", O_RDONLY) = 6
[pid 5218] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5218] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5218] creat("./bus", 000) = 7
[pid 5218] exit_group(0) = ?
[pid 5218] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 55.093504][ T5218] BTRFS info (device loop0): using free space tree
[ 55.109603][ T5218] BTRFS info (device loop0): auto enabling async discard
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/bus") = 0
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached
, child_tidptr=0x555556a41650) = 5235
[pid 5235] set_robust_list(0x555556a41660, 24) = 0
[pid 5235] chdir("./12") = 0
[pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5235] setpgid(0, 0) = 0
[pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5235] write(3, "1000", 4) = 4
[pid 5235] close(3) = 0
[pid 5235] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5235] memfd_create("syzkaller", 0) = 3
[pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 55.264848][ T5235] __do_sys_memfd_create: 2 callbacks suppressed
[ 55.264864][ T5235] syz-executor314[5235]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5235] munmap(0x7f018beb6000, 16777216) = 0
[pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5235] close(3) = 0
[pid 5235] mkdir("./bus", 0777) = 0
[ 55.426949][ T5235] loop0: detected capacity change from 0 to 32768
[ 55.435421][ T5235] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5235)
[ 55.450606][ T5235] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 55.459514][ T5235] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.470574][ T5235] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.481381][ T5235] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 55.492029][ T5235] BTRFS info (device loop0): trying to use backup root at mount time
[ 55.500134][ T5235] BTRFS info (device loop0): use zlib compression, level 3
[ 55.507374][ T5235] BTRFS info (device loop0): enabling ssd optimizations
[ 55.514336][ T5235] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5235] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5235] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5235] chdir("./bus") = 0
[pid 5235] ioctl(4, LOOP_CLR_FD) = 0
[pid 5235] close(4) = 0
[pid 5235] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5235] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5235] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5235] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5235] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5235] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5235] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5235] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5235] open("./bus", O_RDONLY) = 6
[pid 5235] creat(NULL, 000) = -1 EFAULT (Bad address)
[ 55.521972][ T5235] BTRFS info (device loop0): using free space tree
[ 55.538164][ T5235] BTRFS info (device loop0): auto enabling async discard
[pid 5235] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5235] creat("./bus", 000) = 7
[pid 5235] exit_group(0) = ?
[pid 5235] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 55.577279][ T28] kauditd_printk_skb: 14 callbacks suppressed
[ 55.577294][ T28] audit: type=1804 audit(1693868453.780:26): pid=5235 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/12/bus/bus" dev="loop0" ino=263 res=1 errno=0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556a4a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556a4a730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 55.606973][ T28] audit: type=1804 audit(1693868453.780:27): pid=5235 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/12/bus/bus" dev="loop0" ino=263 res=1 errno=0
rmdir("./12/bus") = 0
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x555556a426f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached
, child_tidptr=0x555556a41650) = 5252
[pid 5252] set_robust_list(0x555556a41660, 24) = 0
[pid 5252] chdir("./13") = 0
[pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5252] setpgid(0, 0) = 0
[pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5252] write(3, "1000", 4) = 4
[pid 5252] close(3) = 0
[pid 5252] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5252] memfd_create("syzkaller", 0) = 3
[pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018beb6000
[ 55.692055][ T5252] syz-executor314[5252]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5252] munmap(0x7f018beb6000, 16777216) = 0
[pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5252] close(3) = 0
[pid 5252] mkdir("./bus", 0777) = 0
[ 55.867986][ T5252] loop0: detected capacity change from 0 to 32768
[ 55.877647][ T5252] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor314 (5252)
[ 55.893893][ T5252] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 55.902588][ T5252] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.913753][ T5252] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.924810][ T5252] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 55.935813][ T5252] BTRFS info (device loop0): trying to use backup root at mount time
[ 55.944083][ T5252] BTRFS info (device loop0): use zlib compression, level 3
[ 55.951286][ T5252] BTRFS info (device loop0): enabling ssd optimizations
[ 55.958570][ T5252] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5252] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5252] chdir("./bus") = 0
[pid 5252] ioctl(4, LOOP_CLR_FD) = 0
[pid 5252] close(4) = 0
[pid 5252] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5252] pwritev2(4, NULL, 0, 0, 0) = 0
[pid 5252] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5252] write(5, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 66572) = 66572
[pid 5252] ioctl(5, FS_IOC_SETVERSION, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 5252] open(NULL, O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = -1 EFAULT (Bad address)
[pid 5252] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5252] sendfile(4, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor)
[pid 5252] open("./bus", O_RDONLY) = 6
[ 55.966387][ T5252] BTRFS info (device loop0): using free space tree
[ 55.982054][ T5252] BTRFS info (device loop0): auto enabling async discard
[pid 5252] creat(NULL, 000) = -1 EFAULT (Bad address)
[pid 5252] ioctl(-1, FS_IOC_ENABLE_VERITY, 0) = -1 EBADF (Bad file descriptor)
[pid 5252] creat("./bus", 000) = 7
[pid 5252] exit_group(0) = ?
[pid 5252] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=20 /* 0.20 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556a426f0 /* 4 entries */, 32768) = 104
[ 56.009195][ T28] audit: type=1804 audit(1693868454.210:28): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor314" name="/root/syzkaller.PkBd1p/13/bus/bus" dev="loop0" ino=263 res=1 errno=0
[ 56.033304][ T28] audit: type=1804 audit(1693868454.230:29): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor314" name="/root/syzkaller.PkBd1p/13/bus/bus" dev="loop0" ino=263 res=1 errno=0
[ 56.092436][ T5028] VFS: Busy inodes after unmount of loop0 (btrfs)
[ 56.092621][ T5028] ------------[ cut here ]------------
[ 56.105166][ T5028] kernel BUG at fs/super.c:697!
[ 56.110651][ T5028] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 56.116745][ T5028] CPU: 1 PID: 5028 Comm: syz-executor314 Not tainted 6.5.0-syzkaller-11329-g708283abf896 #0
[ 56.126896][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 56.137138][ T5028] RIP: 0010:generic_shutdown_super+0x2bc/0x2c0
[ 56.143391][ T5028] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 16 b7 ef ff 48 8b 13 48 c7 c7 20 77 17 8b 4c 89 e6 e8 34 d3 cd 08 <0f> 0b 66 90 66 0f 1f 00 41 57 41 56 53 49 89 fe 49 bf 00 00 00 00
[ 56.163182][ T5028] RSP: 0018:ffffc90003df7c28 EFLAGS: 00010246
[ 56.169268][ T5028] RAX: 000000000000002f RBX: ffffffff8d847640 RCX: 8fbdece34c75d100
[ 56.177337][ T5028] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 56.185588][ T5028] RBP: 1ffff1100ed760f1 R08: ffffffff8170a5ec R09: 1ffff920007bef38
[ 56.193564][ T5028] R10: dffffc0000000000 R11: fffff520007bef39 R12: ffff888076bb0658
[ 56.201629][ T5028] R13: dffffc0000000000 R14: ffffffff8b4a57d8 R15: ffff888076bb0788
[ 56.209689][ T5028] FS: 0000555556a41380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 56.218627][ T5028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.225224][ T5028] CR2: 0000555556a4a6f8 CR3: 0000000020e02000 CR4: 00000000003506e0
[ 56.233189][ T5028] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.241149][ T5028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.249198][ T5028] Call Trace:
[ 56.252466][ T5028] <TASK>
[ 56.255394][ T5028] ? __die_body+0x8b/0xe0
[ 56.259721][ T5028] ? die+0xa1/0xd0
[ 56.263437][ T5028] ? do_trap+0x153/0x380
[ 56.267670][ T5028] ? generic_shutdown_super+0x2bc/0x2c0
[ 56.273290][ T5028] ? do_error_trap+0x1dc/0x2c0
[ 56.278045][ T5028] ? generic_shutdown_super+0x2bc/0x2c0
[ 56.283585][ T5028] ? do_int3+0x50/0x50
[ 56.287729][ T5028] ? report_bug+0x3e4/0x500
[ 56.292230][ T5028] ? handle_invalid_op+0x34/0x40
[ 56.297934][ T5028] ? generic_shutdown_super+0x2bc/0x2c0
[ 56.303570][ T5028] ? exc_invalid_op+0x33/0x50
[ 56.308238][ T5028] ? asm_exc_invalid_op+0x1a/0x20
[ 56.313284][ T5028] ? __wake_up_klogd+0xcc/0x100
[ 56.318146][ T5028] ? generic_shutdown_super+0x2bc/0x2c0
[ 56.323696][ T5028] ? generic_shutdown_super+0x2bc/0x2c0
[ 56.329350][ T5028] kill_anon_super+0x3b/0x70
[ 56.333944][ T5028] btrfs_kill_super+0x41/0x50
[ 56.338700][ T5028] deactivate_locked_super+0xa4/0x110
[ 56.344072][ T5028] cleanup_mnt+0x426/0x4c0
[ 56.348488][ T5028] task_work_run+0x24a/0x300
[ 56.353072][ T5028] ? dput+0x3a1/0x420
[ 56.357054][ T5028] ? task_work_cancel+0x2b0/0x2b0
[ 56.362251][ T5028] ? __x64_sys_umount+0x126/0x170
[ 56.367275][ T5028] ptrace_notify+0x2cd/0x380
[ 56.371858][ T5028] ? do_notify_parent+0xf50/0xf50
[ 56.376958][ T5028] ? user_path_at_empty+0x12f/0x180
[ 56.382331][ T5028] ? __x64_sys_umount+0x126/0x170
[ 56.387475][ T5028] ? path_umount+0xf40/0xf40
[ 56.392103][ T5028] ? rcu_is_watching+0x15/0xb0
[ 56.396870][ T5028] syscall_exit_to_user_mode+0x15c/0x280
[ 56.402505][ T5028] do_syscall_64+0x4d/0xc0
[ 56.406916][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.413152][ T5028] RIP: 0033:0x7f01942f6607
[ 56.417560][ T5028] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 56.437158][ T5028] RSP: 002b:00007ffdb004de98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 56.445651][ T5028] RAX: 0000000000000000 RBX: 000000000000d95c RCX: 00007f01942f6607
[ 56.453614][ T5028] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffdb004df50
[ 56.461576][ T5028] RBP: 00007ffdb004df50 R08: 0000000000000000 R09: 0000000000000000
[ 56.469555][ T5028] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffdb004efc0
[ 56.477535][ T5028] R13: 0000555556a426c0 R14: 431bde82d7b634db R15: 00007ffdb004efe0
[ 56.485597][ T5028] </TASK>
[ 56.488618][ T5028] Modules linked in:
[ 56.497711][ T5028] ---[ end trace 0000000000000000 ]---
[ 56.506814][ T5028] RIP: 0010:generic_shutdown_super+0x2bc/0x2c0
[ 56.513016][ T5028] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 16 b7 ef ff 48 8b 13 48 c7 c7 20 77 17 8b 4c 89 e6 e8 34 d3 cd 08 <0f> 0b 66 90 66 0f 1f 00 41 57 41 56 53 49 89 fe 49 bf 00 00 00 00
[ 56.533127][ T5028] RSP: 0018:ffffc90003df7c28 EFLAGS: 00010246
[ 56.539230][ T5028] RAX: 000000000000002f RBX: ffffffff8d847640 RCX: 8fbdece34c75d100
[ 56.547931][ T5028] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 56.556122][ T5028] RBP: 1ffff1100ed760f1 R08: ffffffff8170a5ec R09: 1ffff920007bef38
[ 56.564302][ T5028] R10: dffffc0000000000 R11: fffff520007bef39 R12: ffff888076bb0658
[ 56.572287][ T5028] R13: dffffc0000000000 R14: ffffffff8b4a57d8 R15: ffff888076bb0788
[ 56.580713][ T5028] FS: 0000555556a41380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 56.590027][ T5028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.596975][ T5028] CR2: 0000555556a4a6f8 CR3: 0000000020e02000 CR4: 00000000003506e0
[ 56.605275][ T5028] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.613287][ T5028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.621302][ T5028] Kernel panic - not syncing: Fatal exception
[ 56.627689][ T5028] Kernel Offset: disabled
[ 56.632260][ T5028] Rebooting in 86400 seconds..