./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4126672851
<...>
Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts.
execve("./syz-executor4126672851", ["./syz-executor4126672851"], 0x7ffdc7ed1970 /* 10 vars */) = 0
brk(NULL) = 0x5555798a0000
brk(0x5555798a0d00) = 0x5555798a0d00
arch_prctl(ARCH_SET_FS, 0x5555798a0380) = 0
set_tid_address(0x5555798a0650) = 5828
set_robust_list(0x5555798a0660, 24) = 0
rseq(0x5555798a0ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4126672851", 4096) = 28
getrandom("\x5b\x27\xa2\xa7\xf1\x36\xc9\x5e", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555798a0d00
brk(0x5555798c1d00) = 0x5555798c1d00
brk(0x5555798c2000) = 0x5555798c2000
mprotect(0x7f7826712000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached
, child_tidptr=0x5555798a0650) = 5830
[pid 5830] set_robust_list(0x5555798a0660, 24) = 0
[pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5830] setpgid(0, 0) = 0
[pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5830] write(3, "1000", 4) = 4
[pid 5830] close(3) = 0
executing program
[pid 5830] write(1, "executing program\n", 18) = 18
[pid 5830] memfd_create("syzkaller", 0) = 3
[pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5830] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5830] munmap(0x7f781e200000, 138412032) = 0
[pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5830] close(3) = 0
[pid 5830] close(4) = 0
[pid 5830] mkdir("./file0", 0777) = 0
[ 70.393978][ T5830] loop0: detected capacity change from 0 to 4096
[pid 5830] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5830] ioctl(3, LOOP_CLR_FD) = 0
[ 70.439457][ T5830] ntfs3: Unknown parameter 'prea�'
[pid 5830] close(3) = 0
[pid 5830] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5830] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5830] chdir("./file0") = 0
[pid 5830] open(".", O_RDONLY) = 3
[pid 5830] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 70.517806][ T5830] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 70.528861][ T5830] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5830, name: syz-executor412
[ 70.538837][ T5830] preempt_count: 0, expected: 0
[ 70.543818][ T5830] RCU nest depth: 1, expected: 0
[ 70.548888][ T5830] 4 locks held by syz-executor412/5830:
[ 70.554540][ T5830] #0: ffff888033bd42b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[pid 5830] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5830] exit_group(0) = ?
[pid 5830] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
[ 70.563927][ T5830] #1: ffff888077f28cf8 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 70.575280][ T5830] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 70.585479][ T5830] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 70.596000][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor412 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 70.596021][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 70.596034][ T5830] Call Trace:
[ 70.596042][ T5830]
[ 70.596049][ T5830] dump_stack_lvl+0x241/0x360
[ 70.596073][ T5830] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.596099][ T5830] __might_resched+0x558/0x6c0
[ 70.596126][ T5830] ? __pfx___might_resched+0x10/0x10
[ 70.596154][ T5830] ? __kmalloc_noprof+0xb7/0x4d0
[ 70.596170][ T5830] __kmalloc_noprof+0xd0/0x4d0
[ 70.596183][ T5830] ? ovl_cache_entry_new+0x39/0x7b0
[ 70.596202][ T5830] ovl_cache_entry_new+0x39/0x7b0
[ 70.596219][ T5830] ? __pfx_idr_get_next+0x10/0x10
[ 70.596244][ T5830] ovl_fill_merge+0x416/0x830
[ 70.596264][ T5830] afs_dynroot_readdir+0x814/0xbe0
[ 70.596284][ T5830] ? afs_dynroot_readdir+0x466/0xbe0
[ 70.596303][ T5830] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 70.596323][ T5830] ? vfs_open+0x31/0x370
[ 70.596339][ T5830] iterate_dir+0x5a9/0x760
[ 70.596364][ T5830] ovl_dir_read+0xfe/0x570
[ 70.596391][ T5830] ? ovl_path_next+0x23e/0x470
[ 70.596413][ T5830] ovl_dir_read_merged+0x315/0x5e0
[ 70.596433][ T5830] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 70.596450][ T5830] ? __pfx_ovl_fill_merge+0x10/0x10
[ 70.596473][ T5830] ? __kmalloc_cache_noprof+0x236/0x370
[ 70.596486][ T5830] ? ovl_iterate+0x10d6/0x21c0
[ 70.596503][ T5830] ovl_iterate+0x1196/0x21c0
[ 70.596523][ T5830] ? validate_chain+0x8a7/0x24e0
[ 70.596550][ T5830] ? __pfx_ovl_iterate+0x10/0x10
[ 70.596574][ T5830] ? __lock_acquire+0xad5/0xd80
[ 70.596607][ T5830] ? down_write+0x18d/0x220
[ 70.596629][ T5830] ? __pfx_down_write+0x10/0x10
[ 70.596652][ T5830] ? wrap_directory_iterator+0x52/0xd0
[ 70.596674][ T5830] ? __pfx_ovl_iterate+0x10/0x10
[ 70.596690][ T5830] wrap_directory_iterator+0x91/0xd0
[ 70.596712][ T5830] iterate_dir+0x5a9/0x760
[ 70.596735][ T5830] __se_sys_getdents+0x1ff/0x4e0
[ 70.596761][ T5830] ? __pfx___se_sys_getdents+0x10/0x10
[ 70.596781][ T5830] ? __pfx_filldir+0x10/0x10
[ 70.596810][ T5830] do_syscall_64+0xf3/0x230
[ 70.596832][ T5830] ? clear_bhb_loop+0x45/0xa0
[ 70.596849][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.596864][ T5830] RIP: 0033:0x7f782667fba9
[ 70.596882][ T5830] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.596894][ T5830] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 70.596910][ T5830] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached
, child_tidptr=0x5555798a0650) = 5832
[pid 5832] set_robust_list(0x5555798a0660, 24) = 0
[pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5832] setpgid(0, 0) = 0
[pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5832] write(3, "1000", 4) = 4
[pid 5832] close(3) = 0
executing program
[pid 5832] write(1, "executing program\n", 18) = 18
[pid 5832] memfd_create("syzkaller", 0) = 3
[pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5832] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5832] munmap(0x7f781e200000, 138412032) = 0
[pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.596921][ T5830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 70.596930][ T5830] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 70.596940][ T5830] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 70.596950][ T5830] R13: 00007ffc840946f8 R14: 431bde82d7b634db R15: 00007f78266c803b
[ 70.596969][ T5830]
[pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5832] close(3) = 0
[pid 5832] close(4) = 0
[pid 5832] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5832] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5832] ioctl(3, LOOP_CLR_FD) = 0
[pid 5832] close(3) = 0
[pid 5832] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5832] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5832] chdir("./file0") = 0
[pid 5832] open(".", O_RDONLY) = 3
[pid 5832] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5832] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5832] exit_group(0) = ?
[pid 5832] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} ---
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5833
./strace-static-x86_64: Process 5833 attached
[pid 5833] set_robust_list(0x5555798a0660, 24) = 0
[pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5833] setpgid(0, 0) = 0
[pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5833] write(3, "1000", 4) = 4
[pid 5833] close(3) = 0
executing program
[pid 5833] write(1, "executing program\n", 18) = 18
[pid 5833] memfd_create("syzkaller", 0) = 3
[ 70.945455][ T5832] loop0: detected capacity change from 0 to 4096
[ 70.955331][ T5832] ntfs3: Unknown parameter 'prea�'
[pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5833] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5833] munmap(0x7f781e200000, 138412032) = 0
[pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5833] close(3) = 0
[pid 5833] close(4) = 0
[pid 5833] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5833] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5833] ioctl(3, LOOP_CLR_FD) = 0
[pid 5833] close(3) = 0
[pid 5833] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5833] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5833] chdir("./file0") = 0
[pid 5833] open(".", O_RDONLY) = 3
[pid 5833] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5833] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5833] exit_group(0) = ?
[pid 5833] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[ 71.051443][ T5833] loop0: detected capacity change from 0 to 4096
[ 71.071332][ T5833] ntfs3: Unknown parameter 'prea�'
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5834
./strace-static-x86_64: Process 5834 attached
[pid 5834] set_robust_list(0x5555798a0660, 24) = 0
[pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5834] setpgid(0, 0) = 0
[pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5834] write(3, "1000", 4) = 4
[pid 5834] close(3) = 0
[pid 5834] write(1, "executing program\n", 18executing program
) = 18
[pid 5834] memfd_create("syzkaller", 0) = 3
[pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5834] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5834] munmap(0x7f781e200000, 138412032) = 0
[pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5834] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5834] close(3) = 0
[pid 5834] close(4) = 0
[pid 5834] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5834] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5834] ioctl(3, LOOP_CLR_FD) = 0
[pid 5834] close(3) = 0
[pid 5834] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5834] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5834] chdir("./file0") = 0
[pid 5834] open(".", O_RDONLY) = 3
[pid 5834] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5834] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5834] exit_group(0) = ?
[pid 5834] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 71.181703][ T5834] loop0: detected capacity change from 0 to 4096
[ 71.192783][ T5834] ntfs3: Unknown parameter 'prea�'
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached
, child_tidptr=0x5555798a0650) = 5835
[pid 5835] set_robust_list(0x5555798a0660, 24) = 0
[pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5835] setpgid(0, 0) = 0
[pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5835] write(3, "1000", 4) = 4
[pid 5835] close(3) = 0
[pid 5835] write(1, "executing program\n", 18executing program
) = 18
[pid 5835] memfd_create("syzkaller", 0) = 3
[pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5835] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5835] munmap(0x7f781e200000, 138412032) = 0
[pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5835] close(3) = 0
[pid 5835] close(4) = 0
[pid 5835] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5835] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5835] ioctl(3, LOOP_CLR_FD) = 0
[pid 5835] close(3) = 0
[pid 5835] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[ 71.334686][ T5835] loop0: detected capacity change from 0 to 4096
[ 71.349605][ T5835] ntfs3: Unknown parameter 'prea�'
[pid 5835] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5835] chdir("./file0") = 0
[pid 5835] open(".", O_RDONLY) = 3
[pid 5835] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5835] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5835] exit_group(0) = ?
[pid 5835] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached
[pid 5836] set_robust_list(0x5555798a0660, 24) = 0
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5836
[pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5836] setpgid(0, 0) = 0
[pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5836] write(3, "1000", 4) = 4
[pid 5836] close(3) = 0
executing program
[pid 5836] write(1, "executing program\n", 18) = 18
[pid 5836] memfd_create("syzkaller", 0) = 3
[pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5836] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5836] munmap(0x7f781e200000, 138412032) = 0
[pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5836] close(3) = 0
[pid 5836] close(4) = 0
[pid 5836] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5836] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5836] ioctl(3, LOOP_CLR_FD) = 0
[pid 5836] close(3) = 0
[ 71.550817][ T5836] loop0: detected capacity change from 0 to 4096
[ 71.571835][ T5836] ntfs3: Unknown parameter 'prea�'
[pid 5836] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5836] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5836] chdir("./file0") = 0
[pid 5836] open(".", O_RDONLY) = 3
[pid 5836] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 71.649499][ T5836] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 71.659801][ T5836] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5836, name: syz-executor412
[ 71.669485][ T5836] preempt_count: 0, expected: 0
[ 71.674388][ T5836] RCU nest depth: 1, expected: 0
[ 71.679732][ T5836] 4 locks held by syz-executor412/5836:
[ 71.685436][ T5836] #0: ffff88803205b7b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[ 71.694656][ T5836] #1: ffff888077f2e3b0 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 71.706234][ T5836] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 71.716661][ T5836] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 71.726640][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 71.726673][ T5836] Tainted: [W]=WARN
[ 71.726681][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 71.726695][ T5836] Call Trace:
[ 71.726701][ T5836]
[ 71.726708][ T5836] dump_stack_lvl+0x241/0x360
[ 71.726732][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.726758][ T5836] __might_resched+0x558/0x6c0
[ 71.726782][ T5836] ? is_module_text_address+0x1a/0x140
[ 71.726801][ T5836] ? __pfx___might_resched+0x10/0x10
[ 71.726830][ T5836] ? __kmalloc_noprof+0xb7/0x4d0
[ 71.726845][ T5836] __kmalloc_noprof+0xd0/0x4d0
[ 71.726858][ T5836] ? ovl_cache_entry_new+0x39/0x7b0
[ 71.726877][ T5836] ovl_cache_entry_new+0x39/0x7b0
[ 71.726895][ T5836] ? __pfx_idr_get_next+0x10/0x10
[ 71.726918][ T5836] ovl_fill_merge+0x416/0x830
[ 71.726938][ T5836] afs_dynroot_readdir+0x814/0xbe0
[ 71.726957][ T5836] ? afs_dynroot_readdir+0x466/0xbe0
[ 71.726976][ T5836] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 71.726997][ T5836] ? vfs_open+0x31/0x370
[ 71.727012][ T5836] iterate_dir+0x5a9/0x760
[ 71.727036][ T5836] ovl_dir_read+0xfe/0x570
[ 71.727052][ T5836] ? ovl_path_next+0x23e/0x470
[ 71.727074][ T5836] ovl_dir_read_merged+0x315/0x5e0
[ 71.727094][ T5836] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 71.727111][ T5836] ? __pfx_ovl_fill_merge+0x10/0x10
[ 71.727134][ T5836] ? __kmalloc_cache_noprof+0x236/0x370
[ 71.727147][ T5836] ? ovl_iterate+0x10d6/0x21c0
[ 71.727165][ T5836] ovl_iterate+0x1196/0x21c0
[ 71.727185][ T5836] ? look_up_lock_class+0x7b/0x170
[ 71.727209][ T5836] ? __pfx_ovl_iterate+0x10/0x10
[ 71.727225][ T5836] ? __lock_acquire+0xad5/0xd80
[ 71.727252][ T5836] ? __lock_acquire+0xad5/0xd80
[ 71.727290][ T5836] ? down_write+0x18d/0x220
[ 71.727311][ T5836] ? __pfx_down_write+0x10/0x10
[ 71.727335][ T5836] ? wrap_directory_iterator+0x52/0xd0
[ 71.727358][ T5836] ? __pfx_ovl_iterate+0x10/0x10
[ 71.727373][ T5836] wrap_directory_iterator+0x91/0xd0
[ 71.727395][ T5836] iterate_dir+0x5a9/0x760
[ 71.727417][ T5836] __se_sys_getdents+0x1ff/0x4e0
[ 71.727443][ T5836] ? __pfx___se_sys_getdents+0x10/0x10
[ 71.727463][ T5836] ? __pfx_filldir+0x10/0x10
[ 71.727493][ T5836] do_syscall_64+0xf3/0x230
[ 71.727514][ T5836] ? clear_bhb_loop+0x45/0xa0
[ 71.727531][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.727546][ T5836] RIP: 0033:0x7f782667fba9
[ 71.727559][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.727572][ T5836] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[pid 5836] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5836] exit_group(0) = ?
[pid 5836] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 71.727588][ T5836] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 71.727599][ T5836] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 71.727608][ T5836] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 71.727618][ T5836] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 71.727628][ T5836] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 71.727647][ T5836]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached
, child_tidptr=0x5555798a0650) = 5837
[pid 5837] set_robust_list(0x5555798a0660, 24) = 0
[pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5837] setpgid(0, 0) = 0
[pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5837] write(3, "1000", 4) = 4
[pid 5837] close(3) = 0
[pid 5837] write(1, "executing program\n", 18executing program
) = 18
[pid 5837] memfd_create("syzkaller", 0) = 3
[pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5837] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5837] munmap(0x7f781e200000, 138412032) = 0
[pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5837] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5837] close(3) = 0
[pid 5837] close(4) = 0
[pid 5837] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5837] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5837] ioctl(3, LOOP_CLR_FD) = 0
[pid 5837] close(3) = 0
[pid 5837] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5837] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5837] chdir("./file0") = 0
[pid 5837] open(".", O_RDONLY) = 3
[pid 5837] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5837] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5837] exit_group(0) = ?
[pid 5837] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached
, child_tidptr=0x5555798a0650) = 5838
[pid 5838] set_robust_list(0x5555798a0660, 24) = 0
[pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5838] setpgid(0, 0) = 0
[pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 72.172139][ T5837] loop0: detected capacity change from 0 to 4096
[ 72.180987][ T5837] ntfs3: Unknown parameter 'prea�'
[pid 5838] write(3, "1000", 4) = 4
[pid 5838] close(3) = 0
[pid 5838] write(1, "executing program\n", 18executing program
) = 18
[pid 5838] memfd_create("syzkaller", 0) = 3
[pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5838] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5838] munmap(0x7f781e200000, 138412032) = 0
[pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5838] close(3) = 0
[pid 5838] close(4) = 0
[pid 5838] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5838] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5838] ioctl(3, LOOP_CLR_FD) = 0
[pid 5838] close(3) = 0
[pid 5838] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5838] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5838] chdir("./file0") = 0
[pid 5838] open(".", O_RDONLY) = 3
[pid 5838] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5838] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5838] exit_group(0) = ?
[pid 5838] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5839
./strace-static-x86_64: Process 5839 attached
[pid 5839] set_robust_list(0x5555798a0660, 24) = 0
[pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5839] setpgid(0, 0) = 0
[pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5839] write(3, "1000", 4) = 4
[pid 5839] close(3) = 0
[pid 5839] write(1, "executing program\n", 18executing program
) = 18
[pid 5839] memfd_create("syzkaller", 0) = 3
[pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[ 72.289952][ T5838] loop0: detected capacity change from 0 to 4096
[ 72.311336][ T5838] ntfs3: Unknown parameter 'prea�'
[pid 5839] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5839] munmap(0x7f781e200000, 138412032) = 0
[pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5839] close(3) = 0
[pid 5839] close(4) = 0
[pid 5839] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5839] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5839] ioctl(3, LOOP_CLR_FD) = 0
[pid 5839] close(3) = 0
[pid 5839] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5839] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[ 72.402935][ T5839] loop0: detected capacity change from 0 to 4096
[ 72.420996][ T5839] ntfs3: Unknown parameter 'prea�'
[pid 5839] chdir("./file0") = 0
[pid 5839] open(".", O_RDONLY) = 3
[pid 5839] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5839] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5839] exit_group(0) = ?
[pid 5839] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached
, child_tidptr=0x5555798a0650) = 5840
[pid 5840] set_robust_list(0x5555798a0660, 24) = 0
[pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5840] setpgid(0, 0) = 0
[pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5840] write(3, "1000", 4) = 4
[pid 5840] close(3) = 0
executing program
[pid 5840] write(1, "executing program\n", 18) = 18
[pid 5840] memfd_create("syzkaller", 0) = 3
[pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5840] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5840] munmap(0x7f781e200000, 138412032) = 0
[pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5840] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5840] close(3) = 0
[pid 5840] close(4) = 0
[pid 5840] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5840] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5840] ioctl(3, LOOP_CLR_FD) = 0
[pid 5840] close(3) = 0
[pid 5840] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5840] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5840] chdir("./file0") = 0
[pid 5840] open(".", O_RDONLY) = 3
[pid 5840] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 72.609884][ T5840] loop0: detected capacity change from 0 to 4096
[ 72.640485][ T5840] ntfs3: Unknown parameter 'prea�'
[pid 5840] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5840] exit_group(0) = ?
[pid 5840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached
[pid 5841] set_robust_list(0x5555798a0660, 24) = 0
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5841
[pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5841] setpgid(0, 0) = 0
[pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5841] write(3, "1000", 4) = 4
[pid 5841] close(3) = 0
[pid 5841] write(1, "executing program\n", 18executing program
) = 18
[pid 5841] memfd_create("syzkaller", 0) = 3
[pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5841] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5841] munmap(0x7f781e200000, 138412032) = 0
[pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5841] close(3) = 0
[pid 5841] close(4) = 0
[pid 5841] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5841] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5841] ioctl(3, LOOP_CLR_FD) = 0
[pid 5841] close(3) = 0
[ 72.796313][ T5841] loop0: detected capacity change from 0 to 4096
[ 72.825178][ T5841] ntfs3: Unknown parameter 'prea�'
[pid 5841] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5841] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5841] chdir("./file0") = 0
[pid 5841] open(".", O_RDONLY) = 3
[pid 5841] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5841] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5841] exit_group(0) = ?
[pid 5841] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached
, child_tidptr=0x5555798a0650) = 5842
[pid 5842] set_robust_list(0x5555798a0660, 24) = 0
[pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5842] setpgid(0, 0) = 0
[pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5842] write(3, "1000", 4) = 4
[pid 5842] close(3) = 0
executing program
[pid 5842] write(1, "executing program\n", 18) = 18
[pid 5842] memfd_create("syzkaller", 0) = 3
[pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5842] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5842] munmap(0x7f781e200000, 138412032) = 0
[pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5842] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5842] close(3) = 0
[pid 5842] close(4) = 0
[pid 5842] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5842] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5842] ioctl(3, LOOP_CLR_FD) = 0
[pid 5842] close(3) = 0
[ 73.080758][ T5842] loop0: detected capacity change from 0 to 4096
[ 73.115875][ T5842] ntfs3: Unknown parameter 'prea�'
[pid 5842] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5842] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5842] chdir("./file0") = 0
[pid 5842] open(".", O_RDONLY) = 3
[pid 5842] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 73.170902][ T5842] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 73.181427][ T5842] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5842, name: syz-executor412
[ 73.190965][ T5842] preempt_count: 0, expected: 0
[ 73.196053][ T5842] RCU nest depth: 1, expected: 0
[ 73.201052][ T5842] 4 locks held by syz-executor412/5842:
[ 73.206738][ T5842] #0: ffff888032371278 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[pid 5842] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5842] exit_group(0) = ?
[ 73.215908][ T5842] #1: ffff888077fcbb38 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 73.227252][ T5842] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 73.237492][ T5842] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 73.247456][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 73.247488][ T5842] Tainted: [W]=WARN
[ 73.247494][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 73.247505][ T5842] Call Trace:
[ 73.247513][ T5842]
[ 73.247520][ T5842] dump_stack_lvl+0x241/0x360
[ 73.247549][ T5842] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.247584][ T5842] __might_resched+0x558/0x6c0
[ 73.247618][ T5842] ? is_module_text_address+0x1a/0x140
[ 73.247646][ T5842] ? __pfx___might_resched+0x10/0x10
[ 73.247686][ T5842] ? __kmalloc_noprof+0xb7/0x4d0
[ 73.247709][ T5842] __kmalloc_noprof+0xd0/0x4d0
[ 73.247728][ T5842] ? ovl_cache_entry_new+0x39/0x7b0
[ 73.247755][ T5842] ovl_cache_entry_new+0x39/0x7b0
[ 73.247779][ T5842] ? __pfx_idr_get_next+0x10/0x10
[ 73.247807][ T5842] ovl_fill_merge+0x416/0x830
[ 73.247833][ T5842] afs_dynroot_readdir+0x814/0xbe0
[ 73.247859][ T5842] ? afs_dynroot_readdir+0x466/0xbe0
[ 73.247886][ T5842] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 73.247914][ T5842] ? vfs_open+0x31/0x370
[ 73.247936][ T5842] iterate_dir+0x5a9/0x760
[ 73.247970][ T5842] ovl_dir_read+0xfe/0x570
[ 73.247992][ T5842] ? ovl_path_next+0x23e/0x470
[ 73.248024][ T5842] ovl_dir_read_merged+0x315/0x5e0
[ 73.248053][ T5842] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 73.248077][ T5842] ? __pfx_ovl_fill_merge+0x10/0x10
[ 73.248110][ T5842] ? __kmalloc_cache_noprof+0x236/0x370
[ 73.248138][ T5842] ? ovl_iterate+0x10d6/0x21c0
[ 73.248162][ T5842] ovl_iterate+0x1196/0x21c0
[ 73.248189][ T5842] ? look_up_lock_class+0x7b/0x170
[ 73.248219][ T5842] ? __pfx_ovl_iterate+0x10/0x10
[ 73.248239][ T5842] ? __lock_acquire+0xad5/0xd80
[ 73.248275][ T5842] ? __lock_acquire+0xad5/0xd80
[ 73.248321][ T5842] ? down_write+0x18d/0x220
[ 73.248351][ T5842] ? __pfx_down_write+0x10/0x10
[ 73.248383][ T5842] ? wrap_directory_iterator+0x52/0xd0
[ 73.248415][ T5842] ? __pfx_ovl_iterate+0x10/0x10
[ 73.248437][ T5842] wrap_directory_iterator+0x91/0xd0
[ 73.248469][ T5842] iterate_dir+0x5a9/0x760
[ 73.248502][ T5842] __se_sys_getdents+0x1ff/0x4e0
[ 73.248538][ T5842] ? __pfx___se_sys_getdents+0x10/0x10
[ 73.248567][ T5842] ? __pfx_filldir+0x10/0x10
[ 73.248608][ T5842] do_syscall_64+0xf3/0x230
[ 73.248638][ T5842] ? clear_bhb_loop+0x45/0xa0
[ 73.248662][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.248682][ T5842] RIP: 0033:0x7f782667fba9
[ 73.248701][ T5842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.248719][ T5842] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[pid 5842] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached
, child_tidptr=0x5555798a0650) = 5843
[pid 5843] set_robust_list(0x5555798a0660, 24) = 0
[ 73.248741][ T5842] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 73.248757][ T5842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 73.248769][ T5842] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 73.248783][ T5842] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 73.248797][ T5842] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 73.248825][ T5842]
[pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5843] setpgid(0, 0) = 0
[pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5843] write(3, "1000", 4) = 4
[pid 5843] close(3executing program
) = 0
[pid 5843] write(1, "executing program\n", 18) = 18
[pid 5843] memfd_create("syzkaller", 0) = 3
[pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5843] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5843] munmap(0x7f781e200000, 138412032) = 0
[pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5843] close(3) = 0
[pid 5843] close(4) = 0
[pid 5843] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5843] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5843] ioctl(3, LOOP_CLR_FD) = 0
[pid 5843] close(3) = 0
[pid 5843] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5843] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5843] chdir("./file0") = 0
[pid 5843] open(".", O_RDONLY) = 3
[pid 5843] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5843] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5843] exit_group(0) = ?
[pid 5843] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 73.669262][ T5843] loop0: detected capacity change from 0 to 4096
[ 73.678798][ T5843] ntfs3: Unknown parameter 'prea�'
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached
, child_tidptr=0x5555798a0650) = 5844
[pid 5844] set_robust_list(0x5555798a0660, 24) = 0
[pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5844] setpgid(0, 0) = 0
[pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5844] write(3, "1000", 4) = 4
[pid 5844] close(3) = 0
[pid 5844] write(1, "executing program\n", 18executing program
) = 18
[pid 5844] memfd_create("syzkaller", 0) = 3
[pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5844] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5844] munmap(0x7f781e200000, 138412032) = 0
[pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5844] close(3) = 0
[pid 5844] close(4) = 0
[pid 5844] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5844] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5844] ioctl(3, LOOP_CLR_FD) = 0
[pid 5844] close(3) = 0
[pid 5844] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5844] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5844] chdir("./file0") = 0
[pid 5844] open(".", O_RDONLY) = 3
[pid 5844] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5844] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5844] exit_group(0) = ?
[pid 5844] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 73.804395][ T5844] loop0: detected capacity change from 0 to 4096
[ 73.812550][ T5844] ntfs3: Unknown parameter 'prea�'
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached
, child_tidptr=0x5555798a0650) = 5845
[pid 5845] set_robust_list(0x5555798a0660, 24) = 0
[pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5845] setpgid(0, 0) = 0
[pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid 5845] write(3, "1000", 4) = 4
[pid 5845] close(3) = 0
[pid 5845] write(1, "executing program\n", 18) = 18
[pid 5845] memfd_create("syzkaller", 0) = 3
[pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5845] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5845] munmap(0x7f781e200000, 138412032) = 0
[pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5845] close(3) = 0
[pid 5845] close(4) = 0
[pid 5845] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5845] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5845] ioctl(3, LOOP_CLR_FD) = 0
[pid 5845] close(3) = 0
[pid 5845] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5845] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5845] chdir("./file0") = 0
[pid 5845] open(".", O_RDONLY) = 3
[pid 5845] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5845] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5845] exit_group(0) = ?
[pid 5845] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
[ 73.910868][ T5845] loop0: detected capacity change from 0 to 4096
[ 73.931643][ T5845] ntfs3: Unknown parameter 'prea�'
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached
, child_tidptr=0x5555798a0650) = 5846
[pid 5846] set_robust_list(0x5555798a0660, 24) = 0
[pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5846] setpgid(0, 0) = 0
[pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5846] write(3, "1000", 4) = 4
[pid 5846] close(3) = 0
executing program
[pid 5846] write(1, "executing program\n", 18) = 18
[pid 5846] memfd_create("syzkaller", 0) = 3
[pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5846] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5846] munmap(0x7f781e200000, 138412032) = 0
[pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5846] close(3) = 0
[pid 5846] close(4) = 0
[pid 5846] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5846] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5846] ioctl(3, LOOP_CLR_FD) = 0
[ 74.093847][ T5846] loop0: detected capacity change from 0 to 4096
[ 74.119927][ T5846] ntfs3: Unknown parameter 'prea�'
[pid 5846] close(3) = 0
[pid 5846] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5846] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5846] chdir("./file0") = 0
[pid 5846] open(".", O_RDONLY) = 3
[pid 5846] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 74.208208][ T5846] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 74.219163][ T5846] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5846, name: syz-executor412
[ 74.229062][ T5846] preempt_count: 0, expected: 0
[ 74.233949][ T5846] RCU nest depth: 1, expected: 0
[ 74.239012][ T5846] 4 locks held by syz-executor412/5846:
[ 74.244690][ T5846] #0: ffff88807e6f37b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[ 74.253876][ T5846] #1: ffff888077f30168 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 74.265297][ T5846] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 74.275759][ T5846] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 74.286512][ T5846] CPU: 1 UID: 0 PID: 5846 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 74.286548][ T5846] Tainted: [W]=WARN
[ 74.286555][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 74.286569][ T5846] Call Trace:
[ 74.286577][ T5846]
[ 74.286586][ T5846] dump_stack_lvl+0x241/0x360
[ 74.286620][ T5846] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.286657][ T5846] __might_resched+0x558/0x6c0
[ 74.286691][ T5846] ? is_module_text_address+0x1a/0x140
[ 74.286718][ T5846] ? __pfx___might_resched+0x10/0x10
[ 74.286758][ T5846] ? __kmalloc_noprof+0xb7/0x4d0
[ 74.286781][ T5846] __kmalloc_noprof+0xd0/0x4d0
[ 74.286800][ T5846] ? ovl_cache_entry_new+0x39/0x7b0
[ 74.286827][ T5846] ovl_cache_entry_new+0x39/0x7b0
[ 74.286852][ T5846] ? __pfx_idr_get_next+0x10/0x10
[ 74.286883][ T5846] ovl_fill_merge+0x416/0x830
[ 74.286911][ T5846] afs_dynroot_readdir+0x814/0xbe0
[ 74.286939][ T5846] ? afs_dynroot_readdir+0x466/0xbe0
[ 74.286966][ T5846] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 74.286994][ T5846] ? vfs_open+0x31/0x370
[ 74.287017][ T5846] iterate_dir+0x5a9/0x760
[ 74.287050][ T5846] ovl_dir_read+0xfe/0x570
[ 74.287083][ T5846] ? ovl_path_next+0x23e/0x470
[ 74.287114][ T5846] ovl_dir_read_merged+0x315/0x5e0
[ 74.287142][ T5846] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 74.287165][ T5846] ? __pfx_ovl_fill_merge+0x10/0x10
[ 74.287196][ T5846] ? __kmalloc_cache_noprof+0x236/0x370
[ 74.287213][ T5846] ? ovl_iterate+0x10d6/0x21c0
[ 74.287235][ T5846] ovl_iterate+0x1196/0x21c0
[ 74.287260][ T5846] ? look_up_lock_class+0x7b/0x170
[ 74.287291][ T5846] ? __pfx_ovl_iterate+0x10/0x10
[ 74.287312][ T5846] ? __lock_acquire+0xad5/0xd80
[ 74.287346][ T5846] ? __lock_acquire+0xad5/0xd80
[ 74.287391][ T5846] ? down_write+0x18d/0x220
[ 74.287421][ T5846] ? __pfx_down_write+0x10/0x10
[ 74.287453][ T5846] ? wrap_directory_iterator+0x52/0xd0
[ 74.287486][ T5846] ? __pfx_ovl_iterate+0x10/0x10
[ 74.287508][ T5846] wrap_directory_iterator+0x91/0xd0
[ 74.287539][ T5846] iterate_dir+0x5a9/0x760
[ 74.287572][ T5846] __se_sys_getdents+0x1ff/0x4e0
[ 74.287609][ T5846] ? __pfx___se_sys_getdents+0x10/0x10
[ 74.287637][ T5846] ? __pfx_filldir+0x10/0x10
[ 74.287679][ T5846] do_syscall_64+0xf3/0x230
[ 74.287708][ T5846] ? clear_bhb_loop+0x45/0xa0
[ 74.287732][ T5846] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.287752][ T5846] RIP: 0033:0x7f782667fba9
[ 74.287771][ T5846] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5846] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5846] exit_group(0) = ?
[pid 5846] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 74.287788][ T5846] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 74.287810][ T5846] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 74.287825][ T5846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 74.287837][ T5846] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 74.287852][ T5846] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 74.287866][ T5846] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 74.287893][ T5846]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached
[pid 5847] set_robust_list(0x5555798a0660, 24) = 0
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5847
[pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5847] setpgid(0, 0) = 0
[pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5847] write(3, "1000", 4) = 4
[pid 5847] close(3) = 0
executing program
[pid 5847] write(1, "executing program\n", 18) = 18
[pid 5847] memfd_create("syzkaller", 0) = 3
[pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5847] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5847] munmap(0x7f781e200000, 138412032) = 0
[pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5847] close(3) = 0
[pid 5847] close(4) = 0
[pid 5847] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5847] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5847] ioctl(3, LOOP_CLR_FD) = 0
[ 74.689703][ T5847] loop0: detected capacity change from 0 to 4096
[ 74.703217][ T5847] ntfs3: Unknown parameter 'prea�'
[pid 5847] close(3) = 0
[pid 5847] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5847] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5847] chdir("./file0") = 0
[pid 5847] open(".", O_RDONLY) = 3
[pid 5847] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5847] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5847] exit_group(0) = ?
[pid 5847] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached
, child_tidptr=0x5555798a0650) = 5848
[pid 5848] set_robust_list(0x5555798a0660, 24) = 0
[pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5848] setpgid(0, 0) = 0
[pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5848] write(3, "1000", 4) = 4
[pid 5848] close(3executing program
) = 0
[pid 5848] write(1, "executing program\n", 18) = 18
[pid 5848] memfd_create("syzkaller", 0) = 3
[pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5848] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5848] munmap(0x7f781e200000, 138412032) = 0
[pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5848] close(3) = 0
[pid 5848] close(4) = 0
[pid 5848] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5848] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5848] ioctl(3, LOOP_CLR_FD) = 0
[pid 5848] close(3) = 0
[ 74.920901][ T5848] loop0: detected capacity change from 0 to 4096
[ 74.931583][ T5848] ntfs3: Unknown parameter 'prea�'
[pid 5848] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5848] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5848] chdir("./file0") = 0
[pid 5848] open(".", O_RDONLY) = 3
[pid 5848] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5848] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5848] exit_group(0) = ?
[pid 5848] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached
[pid 5849] set_robust_list(0x5555798a0660, 24
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5849
[pid 5849] <... set_robust_list resumed>) = 0
[pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5849] setpgid(0, 0) = 0
[pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5849] write(3, "1000", 4) = 4
[pid 5849] close(3) = 0
[pid 5849] write(1, "executing program\n", 18executing program
) = 18
[pid 5849] memfd_create("syzkaller", 0) = 3
[pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5849] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5849] munmap(0x7f781e200000, 138412032) = 0
[pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5849] close(3) = 0
[pid 5849] close(4) = 0
[pid 5849] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5849] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5849] ioctl(3, LOOP_CLR_FD) = 0
[pid 5849] close(3) = 0
[pid 5849] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5849] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5849] chdir("./file0") = 0
[pid 5849] open(".", O_RDONLY) = 3
[pid 5849] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 75.144521][ T5849] loop0: detected capacity change from 0 to 4096
[ 75.165438][ T5849] ntfs3: Unknown parameter 'prea�'
[ 75.214536][ T5849] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 75.225114][ T5849] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5849, name: syz-executor412
[ 75.235714][ T5849] preempt_count: 0, expected: 0
[ 75.240610][ T5849] RCU nest depth: 1, expected: 0
[ 75.245636][ T5849] 4 locks held by syz-executor412/5849:
[ 75.251372][ T5849] #0: ffff8880342e97b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[pid 5849] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5849] exit_group(0) = ?
[ 75.260606][ T5849] #1: ffff888077f33570 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 75.272131][ T5849] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 75.282497][ T5849] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 75.292492][ T5849] CPU: 0 UID: 0 PID: 5849 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 75.292524][ T5849] Tainted: [W]=WARN
[ 75.292530][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 75.292540][ T5849] Call Trace:
[ 75.292549][ T5849]
[ 75.292556][ T5849] dump_stack_lvl+0x241/0x360
[ 75.292583][ T5849] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.292613][ T5849] __might_resched+0x558/0x6c0
[ 75.292641][ T5849] ? is_module_text_address+0x1a/0x140
[ 75.292662][ T5849] ? __pfx___might_resched+0x10/0x10
[ 75.292694][ T5849] ? __kmalloc_noprof+0xb7/0x4d0
[ 75.292712][ T5849] __kmalloc_noprof+0xd0/0x4d0
[ 75.292727][ T5849] ? ovl_cache_entry_new+0x39/0x7b0
[ 75.292748][ T5849] ovl_cache_entry_new+0x39/0x7b0
[ 75.292768][ T5849] ? __pfx_idr_get_next+0x10/0x10
[ 75.292792][ T5849] ovl_fill_merge+0x416/0x830
[ 75.292814][ T5849] afs_dynroot_readdir+0x814/0xbe0
[ 75.292836][ T5849] ? afs_dynroot_readdir+0x466/0xbe0
[ 75.292857][ T5849] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 75.292880][ T5849] ? vfs_open+0x31/0x370
[ 75.292900][ T5849] iterate_dir+0x5a9/0x760
[ 75.292931][ T5849] ovl_dir_read+0xfe/0x570
[ 75.292949][ T5849] ? ovl_path_next+0x23e/0x470
[ 75.292974][ T5849] ovl_dir_read_merged+0x315/0x5e0
[ 75.293004][ T5849] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 75.293023][ T5849] ? __pfx_ovl_fill_merge+0x10/0x10
[ 75.293048][ T5849] ? __kmalloc_cache_noprof+0x236/0x370
[ 75.293063][ T5849] ? ovl_iterate+0x10d6/0x21c0
[ 75.293084][ T5849] ovl_iterate+0x1196/0x21c0
[ 75.293107][ T5849] ? look_up_lock_class+0x7b/0x170
[ 75.293133][ T5849] ? __pfx_ovl_iterate+0x10/0x10
[ 75.293151][ T5849] ? __lock_acquire+0xad5/0xd80
[ 75.293180][ T5849] ? __lock_acquire+0xad5/0xd80
[ 75.293215][ T5849] ? down_write+0x18d/0x220
[ 75.293241][ T5849] ? __pfx_down_write+0x10/0x10
[ 75.293267][ T5849] ? wrap_directory_iterator+0x52/0xd0
[ 75.293292][ T5849] ? __pfx_ovl_iterate+0x10/0x10
[ 75.293309][ T5849] wrap_directory_iterator+0x91/0xd0
[ 75.293334][ T5849] iterate_dir+0x5a9/0x760
[ 75.293359][ T5849] __se_sys_getdents+0x1ff/0x4e0
[ 75.293388][ T5849] ? __pfx___se_sys_getdents+0x10/0x10
[ 75.293410][ T5849] ? __pfx_filldir+0x10/0x10
[ 75.293442][ T5849] do_syscall_64+0xf3/0x230
[ 75.293466][ T5849] ? clear_bhb_loop+0x45/0xa0
[ 75.293485][ T5849] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.293502][ T5849] RIP: 0033:0x7f782667fba9
[ 75.293518][ T5849] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 75.293532][ T5849] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[pid 5849] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached
, child_tidptr=0x5555798a0650) = 5850
[pid 5850] set_robust_list(0x5555798a0660, 24) = 0
[pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5850] setpgid(0, 0) = 0
[pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 75.293550][ T5849] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 75.293563][ T5849] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 75.293572][ T5849] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 75.293584][ T5849] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 75.293595][ T5849] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 75.293617][ T5849]
[pid 5850] write(3, "1000", 4) = 4
[pid 5850] close(3) = 0
[pid 5850] write(1, "executing program\n", 18executing program
) = 18
[pid 5850] memfd_create("syzkaller", 0) = 3
[pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5850] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5850] munmap(0x7f781e200000, 138412032) = 0
[pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5850] close(3) = 0
[pid 5850] close(4) = 0
[pid 5850] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5850] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5850] ioctl(3, LOOP_CLR_FD) = 0
[pid 5850] close(3) = 0
[pid 5850] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5850] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5850] chdir("./file0") = 0
[pid 5850] open(".", O_RDONLY) = 3
[pid 5850] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5850] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5850] exit_group(0) = ?
[pid 5850] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[ 75.681111][ T5850] loop0: detected capacity change from 0 to 4096
[ 75.699184][ T5850] ntfs3: Unknown parameter 'prea�'
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5851
./strace-static-x86_64: Process 5851 attached
[pid 5851] set_robust_list(0x5555798a0660, 24) = 0
[pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5851] setpgid(0, 0) = 0
[pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5851] write(3, "1000", 4) = 4
[pid 5851] close(3) = 0
executing program
[pid 5851] write(1, "executing program\n", 18) = 18
[pid 5851] memfd_create("syzkaller", 0) = 3
[pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5851] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5851] munmap(0x7f781e200000, 138412032) = 0
[pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5851] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5851] close(3) = 0
[pid 5851] close(4) = 0
[pid 5851] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5851] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5851] ioctl(3, LOOP_CLR_FD) = 0
[pid 5851] close(3) = 0
[pid 5851] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5851] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5851] chdir("./file0") = 0
[pid 5851] open(".", O_RDONLY) = 3
[pid 5851] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 75.817007][ T5851] loop0: detected capacity change from 0 to 4096
[ 75.846655][ T5851] ntfs3: Unknown parameter 'prea�'
[pid 5851] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5851] exit_group(0) = ?
[pid 5851] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached
, child_tidptr=0x5555798a0650) = 5852
[pid 5852] set_robust_list(0x5555798a0660, 24) = 0
[pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5852] setpgid(0, 0) = 0
[pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5852] write(3, "1000", 4) = 4
[pid 5852] close(3) = 0
[pid 5852] write(1, "executing program\n", 18executing program
) = 18
[pid 5852] memfd_create("syzkaller", 0) = 3
[pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5852] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5852] munmap(0x7f781e200000, 138412032) = 0
[pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5852] close(3) = 0
[pid 5852] close(4) = 0
[pid 5852] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[ 75.992346][ T5852] loop0: detected capacity change from 0 to 4096
[pid 5852] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5852] ioctl(3, LOOP_CLR_FD) = 0
[pid 5852] close(3) = 0
[ 76.038200][ T5852] ntfs3: Unknown parameter 'prea�'
[pid 5852] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5852] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5852] chdir("./file0") = 0
[pid 5852] open(".", O_RDONLY) = 3
[pid 5852] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5852] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5852] exit_group(0) = ?
[pid 5852] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached
, child_tidptr=0x5555798a0650) = 5853
[pid 5853] set_robust_list(0x5555798a0660, 24) = 0
[pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5853] setpgid(0, 0) = 0
[pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5853] write(3, "1000", 4) = 4
[pid 5853] close(3) = 0
[pid 5853] write(1, "executing program\n", 18executing program
) = 18
[pid 5853] memfd_create("syzkaller", 0) = 3
[pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5853] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5853] munmap(0x7f781e200000, 138412032) = 0
[pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5853] close(3) = 0
[pid 5853] close(4) = 0
[pid 5853] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5853] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5853] ioctl(3, LOOP_CLR_FD) = 0
[ 76.299799][ T5853] loop0: detected capacity change from 0 to 4096
[ 76.320033][ T5853] ntfs3: Unknown parameter 'prea�'
[pid 5853] close(3) = 0
[pid 5853] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5853] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5853] chdir("./file0") = 0
[pid 5853] open(".", O_RDONLY) = 3
[pid 5853] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 76.378417][ T5853] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 76.389475][ T5853] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5853, name: syz-executor412
[ 76.399075][ T5853] preempt_count: 0, expected: 0
[ 76.403954][ T5853] RCU nest depth: 1, expected: 0
[ 76.408942][ T5853] 4 locks held by syz-executor412/5853:
[ 76.414510][ T5853] #0: ffff88802a3150b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[ 76.423648][ T5853] #1: ffff888077f36978 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 76.434969][ T5853] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 76.445179][ T5853] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 76.455206][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 76.455229][ T5853] Tainted: [W]=WARN
[ 76.455235][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 76.455244][ T5853] Call Trace:
[ 76.455250][ T5853]
[ 76.455257][ T5853] dump_stack_lvl+0x241/0x360
[ 76.455280][ T5853] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.455306][ T5853] __might_resched+0x558/0x6c0
[ 76.455330][ T5853] ? is_module_text_address+0x1a/0x140
[ 76.455349][ T5853] ? __pfx___might_resched+0x10/0x10
[ 76.455378][ T5853] ? __kmalloc_noprof+0xb7/0x4d0
[ 76.455394][ T5853] __kmalloc_noprof+0xd0/0x4d0
[ 76.455407][ T5853] ? ovl_cache_entry_new+0x39/0x7b0
[ 76.455426][ T5853] ovl_cache_entry_new+0x39/0x7b0
[ 76.455444][ T5853] ? __pfx_idr_get_next+0x10/0x10
[ 76.455466][ T5853] ovl_fill_merge+0x416/0x830
[ 76.455486][ T5853] afs_dynroot_readdir+0x814/0xbe0
[ 76.455514][ T5853] ? afs_dynroot_readdir+0x466/0xbe0
[ 76.455541][ T5853] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 76.455568][ T5853] ? vfs_open+0x31/0x370
[ 76.455589][ T5853] iterate_dir+0x5a9/0x760
[ 76.455623][ T5853] ovl_dir_read+0xfe/0x570
[ 76.455640][ T5853] ? ovl_path_next+0x23e/0x470
[ 76.455662][ T5853] ovl_dir_read_merged+0x315/0x5e0
[ 76.455683][ T5853] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 76.455700][ T5853] ? __pfx_ovl_fill_merge+0x10/0x10
[ 76.455723][ T5853] ? __kmalloc_cache_noprof+0x236/0x370
[ 76.455736][ T5853] ? ovl_iterate+0x10d6/0x21c0
[ 76.455754][ T5853] ovl_iterate+0x1196/0x21c0
[ 76.455773][ T5853] ? look_up_lock_class+0x7b/0x170
[ 76.455803][ T5853] ? __pfx_ovl_iterate+0x10/0x10
[ 76.455819][ T5853] ? __lock_acquire+0xad5/0xd80
[ 76.455846][ T5853] ? __lock_acquire+0xad5/0xd80
[ 76.455878][ T5853] ? down_write+0x18d/0x220
[ 76.455899][ T5853] ? __pfx_down_write+0x10/0x10
[ 76.455922][ T5853] ? wrap_directory_iterator+0x52/0xd0
[ 76.455944][ T5853] ? __pfx_ovl_iterate+0x10/0x10
[ 76.455959][ T5853] wrap_directory_iterator+0x91/0xd0
[ 76.455981][ T5853] iterate_dir+0x5a9/0x760
[ 76.456003][ T5853] __se_sys_getdents+0x1ff/0x4e0
[ 76.456028][ T5853] ? __pfx___se_sys_getdents+0x10/0x10
[ 76.456048][ T5853] ? __pfx_filldir+0x10/0x10
[ 76.456076][ T5853] do_syscall_64+0xf3/0x230
[ 76.456098][ T5853] ? clear_bhb_loop+0x45/0xa0
[ 76.456115][ T5853] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.456130][ T5853] RIP: 0033:0x7f782667fba9
[ 76.456144][ T5853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.456156][ T5853] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[pid 5853] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5853] exit_group(0) = ?
[pid 5853] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached
[pid 5854] set_robust_list(0x5555798a0660, 24
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5854
[pid 5854] <... set_robust_list resumed>) = 0
[pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 76.456172][ T5853] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 76.456183][ T5853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 76.456192][ T5853] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 76.456202][ T5853] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 76.456212][ T5853] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 76.456230][ T5853]
[pid 5854] setpgid(0, 0) = 0
[pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5854] write(3, "1000", 4) = 4
[pid 5854] close(3) = 0
executing program
[pid 5854] write(1, "executing program\n", 18) = 18
[pid 5854] memfd_create("syzkaller", 0) = 3
[pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5854] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5854] munmap(0x7f781e200000, 138412032) = 0
[pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5854] close(3) = 0
[pid 5854] close(4) = 0
[pid 5854] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5854] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5854] ioctl(3, LOOP_CLR_FD) = 0
[pid 5854] close(3) = 0
[pid 5854] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5854] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5854] chdir("./file0") = 0
[pid 5854] open(".", O_RDONLY) = 3
[pid 5854] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5854] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5854] exit_group(0) = ?
[pid 5854] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5855
./strace-static-x86_64: Process 5855 attached
[pid 5855] set_robust_list(0x5555798a0660, 24) = 0
[pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 76.916239][ T5854] loop0: detected capacity change from 0 to 4096
[ 76.947234][ T5854] ntfs3: Unknown parameter 'prea�'
[pid 5855] setpgid(0, 0) = 0
[pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5855] write(3, "1000", 4) = 4
[pid 5855] close(3) = 0
[pid 5855] write(1, "executing program\n", 18executing program
) = 18
[pid 5855] memfd_create("syzkaller", 0) = 3
[pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5855] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5855] munmap(0x7f781e200000, 138412032) = 0
[pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5855] close(3) = 0
[pid 5855] close(4) = 0
[pid 5855] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5855] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5855] ioctl(3, LOOP_CLR_FD) = 0
[pid 5855] close(3) = 0
[ 77.035435][ T5855] loop0: detected capacity change from 0 to 4096
[ 77.049469][ T5855] ntfs3: Unknown parameter 'prea�'
[pid 5855] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5855] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5855] chdir("./file0") = 0
[pid 5855] open(".", O_RDONLY) = 3
[pid 5855] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5855] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5855] exit_group(0) = ?
[pid 5855] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached
[pid 5856] set_robust_list(0x5555798a0660, 24
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5856
[pid 5856] <... set_robust_list resumed>) = 0
[pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5856] setpgid(0, 0) = 0
[pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5856] write(3, "1000", 4) = 4
[pid 5856] close(3) = 0
executing program
[pid 5856] write(1, "executing program\n", 18) = 18
[pid 5856] memfd_create("syzkaller", 0) = 3
[pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5856] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5856] munmap(0x7f781e200000, 138412032) = 0
[pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5856] close(3) = 0
[pid 5856] close(4) = 0
[pid 5856] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5856] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5856] ioctl(3, LOOP_CLR_FD) = 0
[pid 5856] close(3) = 0
[pid 5856] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5856] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5856] chdir("./file0") = 0
[pid 5856] open(".", O_RDONLY) = 3
[ 77.236039][ T5856] loop0: detected capacity change from 0 to 4096
[ 77.256002][ T5856] ntfs3: Unknown parameter 'prea�'
[pid 5856] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5856] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5856] exit_group(0) = ?
[pid 5856] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5857
./strace-static-x86_64: Process 5857 attached
[pid 5857] set_robust_list(0x5555798a0660, 24) = 0
[pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5857] setpgid(0, 0) = 0
[pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5857] write(3, "1000", 4) = 4
[pid 5857] close(3) = 0
executing program
[pid 5857] write(1, "executing program\n", 18) = 18
[pid 5857] memfd_create("syzkaller", 0) = 3
[pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5857] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5857] munmap(0x7f781e200000, 138412032) = 0
[pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5857] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5857] close(3) = 0
[pid 5857] close(4) = 0
[pid 5857] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5857] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5857] ioctl(3, LOOP_CLR_FD) = 0
[pid 5857] close(3) = 0
[pid 5857] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5857] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5857] chdir("./file0") = 0
[pid 5857] open(".", O_RDONLY) = 3
[pid 5857] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 77.396911][ T5857] loop0: detected capacity change from 0 to 4096
[ 77.408502][ T5857] ntfs3: Unknown parameter 'prea�'
[ 77.434248][ T5857] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 77.444621][ T5857] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5857, name: syz-executor412
[ 77.455283][ T5857] preempt_count: 0, expected: 0
[ 77.460561][ T5857] RCU nest depth: 1, expected: 0
[ 77.467118][ T5857] 4 locks held by syz-executor412/5857:
[ 77.473260][ T5857] #0: ffff8880299cf0b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[ 77.482755][ T5857] #1: ffff888077f24100 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 77.494695][ T5857] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 77.505012][ T5857] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 77.514987][ T5857] CPU: 0 UID: 0 PID: 5857 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 77.515019][ T5857] Tainted: [W]=WARN
[ 77.515027][ T5857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 77.515038][ T5857] Call Trace:
[ 77.515047][ T5857]
[ 77.515058][ T5857] dump_stack_lvl+0x241/0x360
[ 77.515082][ T5857] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.515108][ T5857] __might_resched+0x558/0x6c0
[ 77.515133][ T5857] ? is_module_text_address+0x1a/0x140
[ 77.515152][ T5857] ? __pfx___might_resched+0x10/0x10
[ 77.515181][ T5857] ? __kmalloc_noprof+0xb7/0x4d0
[ 77.515196][ T5857] __kmalloc_noprof+0xd0/0x4d0
[ 77.515209][ T5857] ? ovl_cache_entry_new+0x39/0x7b0
[ 77.515228][ T5857] ovl_cache_entry_new+0x39/0x7b0
[ 77.515246][ T5857] ? __pfx_idr_get_next+0x10/0x10
[ 77.515267][ T5857] ovl_fill_merge+0x416/0x830
[ 77.515287][ T5857] afs_dynroot_readdir+0x814/0xbe0
[ 77.515307][ T5857] ? afs_dynroot_readdir+0x466/0xbe0
[ 77.515326][ T5857] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 77.515346][ T5857] ? vfs_open+0x31/0x370
[ 77.515362][ T5857] iterate_dir+0x5a9/0x760
[ 77.515386][ T5857] ovl_dir_read+0xfe/0x570
[ 77.515402][ T5857] ? ovl_path_next+0x23e/0x470
[ 77.515424][ T5857] ovl_dir_read_merged+0x315/0x5e0
[ 77.515445][ T5857] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 77.515462][ T5857] ? __pfx_ovl_fill_merge+0x10/0x10
[ 77.515485][ T5857] ? __kmalloc_cache_noprof+0x236/0x370
[ 77.515498][ T5857] ? ovl_iterate+0x10d6/0x21c0
[ 77.515530][ T5857] ovl_iterate+0x1196/0x21c0
[ 77.515558][ T5857] ? look_up_lock_class+0x7b/0x170
[ 77.515589][ T5857] ? __pfx_ovl_iterate+0x10/0x10
[ 77.515611][ T5857] ? __lock_acquire+0xad5/0xd80
[ 77.515638][ T5857] ? __lock_acquire+0xad5/0xd80
[ 77.515669][ T5857] ? down_write+0x18d/0x220
[ 77.515690][ T5857] ? __pfx_down_write+0x10/0x10
[ 77.515714][ T5857] ? wrap_directory_iterator+0x52/0xd0
[ 77.515736][ T5857] ? __pfx_ovl_iterate+0x10/0x10
[ 77.515751][ T5857] wrap_directory_iterator+0x91/0xd0
[ 77.515787][ T5857] iterate_dir+0x5a9/0x760
[ 77.515819][ T5857] __se_sys_getdents+0x1ff/0x4e0
[ 77.515853][ T5857] ? __pfx___se_sys_getdents+0x10/0x10
[ 77.515881][ T5857] ? __pfx_filldir+0x10/0x10
[ 77.515922][ T5857] do_syscall_64+0xf3/0x230
[ 77.515951][ T5857] ? clear_bhb_loop+0x45/0xa0
[ 77.515975][ T5857] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.515997][ T5857] RIP: 0033:0x7f782667fba9
[ 77.516012][ T5857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.516024][ T5857] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 77.516042][ T5857] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 77.516053][ T5857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[pid 5857] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5857] exit_group(0) = ?
[pid 5857] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
[ 77.516061][ T5857] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 77.516072][ T5857] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 77.516081][ T5857] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 77.516100][ T5857]
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached
[pid 5859] set_robust_list(0x5555798a0660, 24) = 0
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5859
[pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5859] setpgid(0, 0) = 0
[pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5859] write(3, "1000", 4) = 4
[pid 5859] close(3) = 0
[pid 5859] write(1, "executing program\n", 18executing program
) = 18
[pid 5859] memfd_create("syzkaller", 0) = 3
[pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5859] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5859] munmap(0x7f781e200000, 138412032) = 0
[pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5859] close(3) = 0
[pid 5859] close(4) = 0
[pid 5859] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5859] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5859] ioctl(3, LOOP_CLR_FD) = 0
[pid 5859] close(3) = 0
[pid 5859] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5859] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5859] chdir("./file0") = 0
[pid 5859] open(".", O_RDONLY) = 3
[pid 5859] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5859] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5859] exit_group(0) = ?
[pid 5859] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 78.012980][ T5859] loop0: detected capacity change from 0 to 4096
[ 78.024337][ T5859] ntfs3: Unknown parameter 'prea�'
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached
, child_tidptr=0x5555798a0650) = 5860
[pid 5860] set_robust_list(0x5555798a0660, 24) = 0
[pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5860] setpgid(0, 0) = 0
[pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5860] write(3, "1000", 4) = 4
[pid 5860] close(3) = 0
executing program
[pid 5860] write(1, "executing program\n", 18) = 18
[pid 5860] memfd_create("syzkaller", 0) = 3
[pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5860] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5860] munmap(0x7f781e200000, 138412032) = 0
[pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5860] close(3) = 0
[pid 5860] close(4) = 0
[pid 5860] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5860] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5860] ioctl(3, LOOP_CLR_FD) = 0
[pid 5860] close(3) = 0
[ 78.130136][ T5860] loop0: detected capacity change from 0 to 4096
[ 78.157059][ T5860] ntfs3: Unknown parameter 'prea�'
[pid 5860] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5860] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5860] chdir("./file0") = 0
[pid 5860] open(".", O_RDONLY) = 3
[pid 5860] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5860] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5860] exit_group(0) = ?
[pid 5860] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5861 attached
[pid 5861] set_robust_list(0x5555798a0660, 24
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5861
[pid 5861] <... set_robust_list resumed>) = 0
[pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5861] setpgid(0, 0) = 0
[pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5861] write(3, "1000", 4) = 4
[pid 5861] close(3) = 0
[pid 5861] write(1, "executing program\n", 18executing program
) = 18
[pid 5861] memfd_create("syzkaller", 0) = 3
[pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5861] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5861] munmap(0x7f781e200000, 138412032) = 0
[pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5861] close(3) = 0
[pid 5861] close(4) = 0
[pid 5861] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5861] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5861] ioctl(3, LOOP_CLR_FD) = 0
[pid 5861] close(3) = 0
[ 78.396524][ T5861] loop0: detected capacity change from 0 to 4096
[ 78.416732][ T5861] ntfs3: Unknown parameter 'prea�'
[pid 5861] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5861] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5861] chdir("./file0") = 0
[pid 5861] open(".", O_RDONLY) = 3
[pid 5861] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5861] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5861] exit_group(0) = ?
[pid 5861] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached
[pid 5862] set_robust_list(0x5555798a0660, 24
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5862
[pid 5862] <... set_robust_list resumed>) = 0
[pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5862] setpgid(0, 0) = 0
[pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5862] write(3, "1000", 4) = 4
[pid 5862] close(3) = 0
executing program
[pid 5862] write(1, "executing program\n", 18) = 18
[pid 5862] memfd_create("syzkaller", 0) = 3
[pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5862] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5862] munmap(0x7f781e200000, 138412032) = 0
[pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5862] close(3) = 0
[pid 5862] close(4) = 0
[pid 5862] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5862] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5862] ioctl(3, LOOP_CLR_FD) = 0
[pid 5862] close(3) = 0
[pid 5862] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5862] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5862] chdir("./file0") = 0
[pid 5862] open(".", O_RDONLY) = 3
[pid 5862] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 78.624777][ T5862] loop0: detected capacity change from 0 to 4096
[ 78.646106][ T5862] ntfs3: Unknown parameter 'prea�'
[ 78.686131][ T5862] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 78.696543][ T5862] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5862, name: syz-executor412
[ 78.706835][ T5862] preempt_count: 0, expected: 0
[ 78.711812][ T5862] RCU nest depth: 1, expected: 0
[ 78.717441][ T5862] 4 locks held by syz-executor412/5862:
[ 78.723472][ T5862] #0: ffff888079294b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[ 78.732752][ T5862] #1: ffff888077f263b0 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 78.744239][ T5862] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 78.754514][ T5862] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 78.764471][ T5862] CPU: 0 UID: 0 PID: 5862 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 78.764496][ T5862] Tainted: [W]=WARN
[ 78.764502][ T5862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 78.764511][ T5862] Call Trace:
[ 78.764518][ T5862]
[ 78.764525][ T5862] dump_stack_lvl+0x241/0x360
[ 78.764548][ T5862] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.764575][ T5862] __might_resched+0x558/0x6c0
[ 78.764599][ T5862] ? is_module_text_address+0x1a/0x140
[ 78.764618][ T5862] ? __pfx___might_resched+0x10/0x10
[ 78.764647][ T5862] ? __kmalloc_noprof+0xb7/0x4d0
[ 78.764663][ T5862] __kmalloc_noprof+0xd0/0x4d0
[ 78.764681][ T5862] ? ovl_cache_entry_new+0x39/0x7b0
[ 78.764701][ T5862] ovl_cache_entry_new+0x39/0x7b0
[ 78.764718][ T5862] ? __pfx_idr_get_next+0x10/0x10
[ 78.764739][ T5862] ovl_fill_merge+0x416/0x830
[ 78.764758][ T5862] afs_dynroot_readdir+0x814/0xbe0
[ 78.764778][ T5862] ? afs_dynroot_readdir+0x466/0xbe0
[ 78.764796][ T5862] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 78.764816][ T5862] ? vfs_open+0x31/0x370
[ 78.764832][ T5862] iterate_dir+0x5a9/0x760
[ 78.764855][ T5862] ovl_dir_read+0xfe/0x570
[ 78.764870][ T5862] ? ovl_path_next+0x23e/0x470
[ 78.764893][ T5862] ovl_dir_read_merged+0x315/0x5e0
[ 78.764913][ T5862] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 78.764930][ T5862] ? __pfx_ovl_fill_merge+0x10/0x10
[ 78.764953][ T5862] ? __kmalloc_cache_noprof+0x236/0x370
[ 78.764966][ T5862] ? ovl_iterate+0x10d6/0x21c0
[ 78.764983][ T5862] ovl_iterate+0x1196/0x21c0
[ 78.765003][ T5862] ? look_up_lock_class+0x7b/0x170
[ 78.765027][ T5862] ? __pfx_ovl_iterate+0x10/0x10
[ 78.765043][ T5862] ? __lock_acquire+0xad5/0xd80
[ 78.765069][ T5862] ? __lock_acquire+0xad5/0xd80
[ 78.765101][ T5862] ? down_write+0x18d/0x220
[ 78.765123][ T5862] ? __pfx_down_write+0x10/0x10
[ 78.765146][ T5862] ? wrap_directory_iterator+0x52/0xd0
[ 78.765168][ T5862] ? __pfx_ovl_iterate+0x10/0x10
[ 78.765184][ T5862] wrap_directory_iterator+0x91/0xd0
[ 78.765206][ T5862] iterate_dir+0x5a9/0x760
[ 78.765229][ T5862] __se_sys_getdents+0x1ff/0x4e0
[ 78.765255][ T5862] ? __pfx___se_sys_getdents+0x10/0x10
[ 78.765275][ T5862] ? __pfx_filldir+0x10/0x10
[ 78.765304][ T5862] do_syscall_64+0xf3/0x230
[ 78.765325][ T5862] ? clear_bhb_loop+0x45/0xa0
[ 78.765343][ T5862] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.765357][ T5862] RIP: 0033:0x7f782667fba9
[ 78.765371][ T5862] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.765383][ T5862] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[pid 5862] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5862] exit_group(0) = ?
[pid 5862] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 78.765398][ T5862] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 78.765409][ T5862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 78.765418][ T5862] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[ 78.765428][ T5862] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 78.765438][ T5862] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 78.765457][ T5862]
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached
, child_tidptr=0x5555798a0650) = 5863
[pid 5863] set_robust_list(0x5555798a0660, 24) = 0
[pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5863] setpgid(0, 0) = 0
[pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5863] write(3, "1000", 4) = 4
[pid 5863] close(3) = 0
[pid 5863] write(1, "executing program\n", 18executing program
) = 18
[pid 5863] memfd_create("syzkaller", 0) = 3
[pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5863] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5863] munmap(0x7f781e200000, 138412032) = 0
[pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5863] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5863] close(3) = 0
[pid 5863] close(4) = 0
[pid 5863] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5863] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5863] ioctl(3, LOOP_CLR_FD) = 0
[pid 5863] close(3) = 0
[pid 5863] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5863] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5863] chdir("./file0") = 0
[pid 5863] open(".", O_RDONLY) = 3
[pid 5863] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5863] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5863] exit_group(0) = ?
[pid 5863] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5864
./strace-static-x86_64: Process 5864 attached
[pid 5864] set_robust_list(0x5555798a0660, 24) = 0
[pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5864] setpgid(0, 0) = 0
[pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5864] write(3, "1000", 4) = 4
[ 79.211925][ T5863] loop0: detected capacity change from 0 to 4096
[ 79.233167][ T5863] ntfs3: Unknown parameter 'prea�'
[pid 5864] close(3) = 0
[pid 5864] write(1, "executing program\n", 18executing program
) = 18
[pid 5864] memfd_create("syzkaller", 0) = 3
[pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5864] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5864] munmap(0x7f781e200000, 138412032) = 0
[pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5864] close(3) = 0
[pid 5864] close(4) = 0
[pid 5864] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5864] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5864] ioctl(3, LOOP_CLR_FD) = 0
[pid 5864] close(3) = 0
[pid 5864] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5864] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5864] chdir("./file0") = 0
[pid 5864] open(".", O_RDONLY) = 3
[pid 5864] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5864] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5864] exit_group(0) = ?
[pid 5864] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 79.358432][ T5864] loop0: detected capacity change from 0 to 4096
[ 79.382601][ T5864] ntfs3: Unknown parameter 'prea�'
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached
[pid 5865] set_robust_list(0x5555798a0660, 24) = 0
[pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5865
[pid 5865] <... prctl resumed>) = 0
[pid 5865] setpgid(0, 0) = 0
[pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5865] write(3, "1000", 4) = 4
[pid 5865] close(3) = 0
[pid 5865] write(1, "executing program\n", 18executing program
) = 18
[pid 5865] memfd_create("syzkaller", 0) = 3
[pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5865] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5865] munmap(0x7f781e200000, 138412032) = 0
[pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5865] close(3) = 0
[pid 5865] close(4) = 0
[pid 5865] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5865] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5865] ioctl(3, LOOP_CLR_FD) = 0
[pid 5865] close(3) = 0
[pid 5865] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5865] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5865] chdir("./file0") = 0
[pid 5865] open(".", O_RDONLY) = 3
[pid 5865] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5865] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5865] exit_group(0) = ?
[pid 5865] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[ 79.549891][ T5865] loop0: detected capacity change from 0 to 4096
[ 79.561102][ T5865] ntfs3: Unknown parameter 'prea�'
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached
[pid 5866] set_robust_list(0x5555798a0660, 24
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5866
[pid 5866] <... set_robust_list resumed>) = 0
[pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5866] setpgid(0, 0) = 0
[pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5866] write(3, "1000", 4) = 4
[pid 5866] close(3) = 0
executing program
[pid 5866] write(1, "executing program\n", 18) = 18
[pid 5866] memfd_create("syzkaller", 0) = 3
[pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5866] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5866] munmap(0x7f781e200000, 138412032) = 0
[pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5866] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5866] close(3) = 0
[pid 5866] close(4) = 0
[pid 5866] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5866] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5866] ioctl(3, LOOP_CLR_FD) = 0
[pid 5866] close(3) = 0
[pid 5866] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5866] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5866] chdir("./file0") = 0
[pid 5866] open(".", O_RDONLY) = 3
[pid 5866] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[ 79.692272][ T5866] loop0: detected capacity change from 0 to 4096
[ 79.703224][ T5866] ntfs3: Unknown parameter 'prea�'
[ 79.721576][ T5866] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[ 79.732371][ T5866] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5866, name: syz-executor412
[ 79.742098][ T5866] preempt_count: 0, expected: 0
[ 79.747470][ T5866] RCU nest depth: 1, expected: 0
[ 79.752462][ T5866] 4 locks held by syz-executor412/5866:
[ 79.758554][ T5866] #0: ffff8880787bdcf8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[ 79.767774][ T5866] #1: ffff888077ff7508 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0
[ 79.779659][ T5866] #2: ffff88807b2e0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[ 79.790238][ T5866] #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[ 79.800339][ T5866] CPU: 0 UID: 0 PID: 5866 Comm: syz-executor412 Tainted: G W 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full)
[ 79.800369][ T5866] Tainted: [W]=WARN
[ 79.800376][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 79.800387][ T5866] Call Trace:
[ 79.800394][ T5866]
[ 79.800402][ T5866] dump_stack_lvl+0x241/0x360
[ 79.800433][ T5866] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.800469][ T5866] __might_resched+0x558/0x6c0
[ 79.800501][ T5866] ? is_module_text_address+0x1a/0x140
[ 79.800525][ T5866] ? __pfx___might_resched+0x10/0x10
[ 79.800562][ T5866] ? __kmalloc_noprof+0xb7/0x4d0
[ 79.800583][ T5866] __kmalloc_noprof+0xd0/0x4d0
[ 79.800600][ T5866] ? ovl_cache_entry_new+0x39/0x7b0
[ 79.800626][ T5866] ovl_cache_entry_new+0x39/0x7b0
[ 79.800650][ T5866] ? __pfx_idr_get_next+0x10/0x10
[ 79.800681][ T5866] ovl_fill_merge+0x416/0x830
[ 79.800709][ T5866] afs_dynroot_readdir+0x814/0xbe0
[ 79.800738][ T5866] ? afs_dynroot_readdir+0x466/0xbe0
[ 79.800773][ T5866] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 79.800802][ T5866] ? vfs_open+0x31/0x370
[ 79.800825][ T5866] iterate_dir+0x5a9/0x760
[ 79.800858][ T5866] ovl_dir_read+0xfe/0x570
[ 79.800880][ T5866] ? ovl_path_next+0x23e/0x470
[ 79.800911][ T5866] ovl_dir_read_merged+0x315/0x5e0
[ 79.800940][ T5866] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 79.800964][ T5866] ? __pfx_ovl_fill_merge+0x10/0x10
[ 79.800997][ T5866] ? __kmalloc_cache_noprof+0x236/0x370
[ 79.801016][ T5866] ? ovl_iterate+0x10d6/0x21c0
[ 79.801041][ T5866] ovl_iterate+0x1196/0x21c0
[ 79.801070][ T5866] ? look_up_lock_class+0x7b/0x170
[ 79.801103][ T5866] ? __pfx_ovl_iterate+0x10/0x10
[ 79.801126][ T5866] ? __lock_acquire+0xad5/0xd80
[ 79.801163][ T5866] ? __lock_acquire+0xad5/0xd80
[ 79.801209][ T5866] ? down_write+0x18d/0x220
[ 79.801239][ T5866] ? __pfx_down_write+0x10/0x10
[ 79.801272][ T5866] ? wrap_directory_iterator+0x52/0xd0
[ 79.801303][ T5866] ? __pfx_ovl_iterate+0x10/0x10
[ 79.801325][ T5866] wrap_directory_iterator+0x91/0xd0
[ 79.801356][ T5866] iterate_dir+0x5a9/0x760
[ 79.801386][ T5866] __se_sys_getdents+0x1ff/0x4e0
[ 79.801418][ T5866] ? __pfx___se_sys_getdents+0x10/0x10
[ 79.801445][ T5866] ? __pfx_filldir+0x10/0x10
[ 79.801486][ T5866] do_syscall_64+0xf3/0x230
[ 79.801515][ T5866] ? clear_bhb_loop+0x45/0xa0
[ 79.801540][ T5866] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.801561][ T5866] RIP: 0033:0x7f782667fba9
[ 79.801581][ T5866] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.801598][ T5866] RSP: 002b:00007ffc840944a8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 79.801621][ T5866] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f782667fba9
[ 79.801636][ T5866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 79.801648][ T5866] RBP: 00002000000000c0 R08: 00005555798a14c0 R09: 00005555798a14c0
[pid 5866] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5866] exit_group(0) = ?
[pid 5866] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached
, child_tidptr=0x5555798a0650) = 5868
[pid 5868] set_robust_list(0x5555798a0660, 24) = 0
[pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5868] setpgid(0, 0) = 0
[pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5868] write(3, "1000", 4) = 4
[pid 5868] close(3) = 0
[pid 5868] write(1, "executing program\n", 18executing program
) = 18
[pid 5868] memfd_create("syzkaller", 0) = 3
[pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[ 79.801663][ T5866] R10: 00005555798a14c0 R11: 0000000000000246 R12: 00007ffc840944d0
[ 79.801677][ T5866] R13: 00007ffc840944bc R14: 431bde82d7b634db R15: 00007f78266c803b
[ 79.801702][ T5866]
[pid 5868] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5868] munmap(0x7f781e200000, 138412032) = 0
[pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5868] close(3) = 0
[pid 5868] close(4) = 0
[pid 5868] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5868] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5868] ioctl(3, LOOP_CLR_FD) = 0
[pid 5868] close(3) = 0
[pid 5868] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5868] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[pid 5868] chdir("./file0") = 0
[pid 5868] open(".", O_RDONLY) = 3
[pid 5868] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5868] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5868] exit_group(0) = ?
[pid 5868] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached
[pid 5869] set_robust_list(0x5555798a0660, 24) = 0
[ 80.202245][ T5868] loop0: detected capacity change from 0 to 4096
[ 80.211173][ T5868] ntfs3: Unknown parameter 'prea�'
[pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5828] <... clone resumed>, child_tidptr=0x5555798a0650) = 5869
[pid 5869] setpgid(0, 0) = 0
[pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5869] write(3, "1000", 4) = 4
[pid 5869] close(3) = 0
executing program
[pid 5869] write(1, "executing program\n", 18) = 18
[pid 5869] memfd_create("syzkaller", 0) = 3
[pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5869] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5869] munmap(0x7f781e200000, 138412032) = 0
[pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5869] close(3) = 0
[pid 5869] close(4) = 0
[pid 5869] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5869] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5869] ioctl(3, LOOP_CLR_FD) = 0
[pid 5869] close(3) = 0
[pid 5869] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0
[pid 5869] mount(NULL, "./file0", "overlay", 0, "lowerdir=./file0:/") = 0
[ 80.340880][ T5869] loop0: detected capacity change from 0 to 4096
[ 80.350295][ T5869] ntfs3: Unknown parameter 'prea�'
[pid 5869] chdir("./file0") = 0
[pid 5869] open(".", O_RDONLY) = 3
[pid 5869] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EREMOTE (Object is remote)
[pid 5869] getdents(3, NULL, 0) = -1 EINVAL (Invalid argument)
[pid 5869] exit_group(0) = ?
[pid 5869] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555798a0650) = 5870
./strace-static-x86_64: Process 5870 attached
[pid 5870] set_robust_list(0x5555798a0660, 24) = 0
[pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5870] setpgid(0, 0) = 0
[pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5870] write(3, "1000", 4) = 4
[pid 5870] close(3) = 0
executing program
[pid 5870] write(1, "executing program\n", 18) = 18
[pid 5870] memfd_create("syzkaller", 0) = 3
[pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f781e200000
[pid 5870] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5870] munmap(0x7f781e200000, 138412032) = 0
[pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5870] close(3) = 0
[pid 5870] close(4) = 0
[pid 5870] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5870] mount("/dev/loop0", "./file0", "ntfs3", MS_I_VERSION, "\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x68\x69\x64\x65\x5f\x64\x6f\x74\x5f\x66\x69\x6c\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x72\x6f\x6d\x61\x6e\x69\x61\x6e\x2c\x70\x72\x65\x61\x08") = -1 EINVAL (Invalid argument)
[pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid 5870] ioctl(3, LOOP_CLR_FD) = 0
[pid 5870] close(3) = 0
[pid 5870] mount(NULL, "./file0", "afs", MS_NOSYMFOLLOW|MS_NOATIME|0x200, "dyn,") = 0